Rails configuration policies

Rails config files tend to get a bit messy, but everywhere I worked they mostly follow a similar set of policies.

There are typically 2 kinds of settings in an app.

Business settings

These settings are businessy” in nature. Examples: support email, number of days before a user should be logged out, etc. The same setting often spans all environments.

Technical settings

Some config settings are controlled completely by engineers who write the code. These are split into 2 categories:

  1. Secret settings — encryption keys, api credentials, etc. We probably want to keep these in control of developers in development and test/CI environments. In production, these would typically come from ENV vars. Let’s call them creds.
  2. Plain settings — feature flags, hostnames, behavior changes between environments. These don’t necessarily need configurability via ENV vars, but they optionally can be.

Note: Who’s in charge of each of these?

Code snippets in this post are covered by MIT License.

March 31, 2024