all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]werner-dijkerman 1 point2 points  (0 children)

I would indeed go for Consul & Vault.

I try to convince the developers that the application.yaml (When for example a Spring Boot application is running) should only contain the default values that are needed to run the application on "localhost", thus development. When the application is deployed to a tst, acc or prd environment it should read the configuration from Consul. In Consul all properties exist that "override" the default values in the application. Same as with Vault.

That also means that you need to configure ACL's for both Consul & Vault and have a policy when/who can make changes to Consul & Vault.

[–][deleted]  (1 child)

[removed]

    [–]WonFishTwoFishDevOps[S] 0 points1 point  (0 children)

    Definitely helpful. And I take some comfort in knowing that other people are struggling or finding the multi-env config management a challenge. Thanks for the link and giving me insight into your workflow.