11.5 Factor Apps
Anyone who works in the SaaS field knows about the famed 12 factor app. Except... does it still hold up? Let's see where configuration management fits in modern development.
Join the DZone community and get the full member experience.Join For Free
Each time someone talks about the 12 Factor Application a weird feeling overcomes me ... Because I like the concept, but it feels awkward. It feels as if someone with 0 operational experience wrote it. And this devil is in a really small detail.
And that is Part III. Config ... For me (and a lot of other folks I've talked to about this topic), using environment variables (as in real environment variables) are just one of the worst ideas ever. Environment variables are typically set manually, or from a script that is being executed and there's little or trace to see fast how a specific config is set.
Imagine I launch an app with an env variable X=foo, then your colleague stops that app, and launches it with X=bar. The system's integrity has not changed, no config or binaries have been changed, but the application behavior could have completely changed.
Sure I can go in to /proc/pid/environ to find the params it was launched with, but I want to know what state the system is supposed to be in and have tooling around that verified that the system indeed is in that state.
https://12factor.net/config claims that using config files that are not stored
in revision control are a huge step forward from hardcoded config in code, but they claim that config files now start ending up all over the place. This obviously feels written by someone who never experienced the power of modern configuration management. Templates which are dynamically populated, or configs that are even calculated on the spot depending on the environment an application lives in are the norm in modern infrastructure as code, yet people seem to think that managing an environment variable would be less painful.
I feel the idea of what they wanted to achieve was good, but the way they suggest the implementation was foobar. I don't ever want critical config of an application (like whether it is talking to the PROD or DEV database) to be set from an environment variable that can be modified. This has to come from an automated system.
This kind of config should be idempotent, one should be able to trace back where it came from and who modified it (version control), and every redeploy of the application should end up with the same result. It can even be dynamic (service discovery), but placing it in an Environment variable is the last place where a config deserves to live.
So please let's stop calling it the 12 Factor application, and call it the 11.5 Factor application.
Published at DZone with permission of Kris Buytaert, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.