Managing environment variables with SecretsFoundry
I wrote about the different ways of managing environment variables earlier in my post here. To make it easy for us to deal with configuration in our startup at Truefoundry, we wrote a small tool called SecretsFoundry that has really made it quite seamless for all application teams to maintain their configurations in Git. We thought it might be useful for other developer teams and hence decided to open-source it.
Before I go into the details, it will be good to understand whats the problem SecretsFoundry solves. Every application has some non-sensitive and sensitive configuration variable which need to be provided to the application when its running. For the non-sensitive variables, people tend to put the variables in a file and then load the variables into the application using libraries like dotenv. For non-sensitive variables, people either store the values in some secret managers like AWS SecretManager, Hashicorp Vault and then write application code to pull the secrets from the store. The other approach is to have some external system infuse the variables from the secretstore into the application environment — in which case the domain of env variables becomes more of a devops responsibility and developers lose control of it — leading to more bugs and harder debugging when issues happen.
SecretsFoundry tries to solve the issues above by doing the following: