I have a web application that is designed to be deployed to a dedicated host for each of my customers. In order to manage secret keys, customer-specific credentials, etc. in a secure way, I've turned to environment variables.
Where should I define environment variables in production?
I am aware of several possibilities: /etc/profile
, ~/.bashrc
, and similar files load up when a terminal session is started; I haven't gone with these because I don't know if it is considered a best practice to do so. I've tried storing them in the systemd
config for my application, but this only makes them available for the main process, so migrating databases when code changes are deployed doesn't work so well. I'm aware of several tools that seem to "magically" handle environment variables for you, but let's assume I'm not using one of those; I want to handle these in my own install and deployment scripts manually. I'm also interested in keeping secret things secret, so the security of where environment variables are stored is also an issue for me.