Chapter 12. Configuration and Secrets

Best practice when developing applications is to keep the source code in a version control system such as Git. This ensures that you can roll back to a previous version of the source code. Although default configuration settings are best also kept under version control with your application source code, secret information such as database access credentials or SSH keys should be stored separately.

Such secret information, along with separate configuration settings that customize the application defaults, is not part of the application source code but needs to be available to the application when it is run within a container. To facilitate this, OpenShift can store configuration and secrets as resources within a project, with them being added to the container when the deployment occurs.

The simplest way of storing separate configuration is to add definitions of environment variables to be set within a container as part of a build or deployment configuration. Examples of setting environment variables in this way were demonstrated in previous chapters showing deployment of applications from a pre-existing image and source code.

In this chapter you will learn more about using environment variables, as well as the storage and use of secrets. This will include how using config maps enables configuration to be defined in one place and referenced in more than one build or deployment configuration to avoid duplication. In addition to consuming configuration ...