Reputation: 2306
What is right way to store and retrieve sensitive and non-sensitive constants?
My objective is to understand how to include sensitive constants/secrets (eg. api token) and non-sensitive constants (eg. api route) in my code.
Example for a sensitive constant:
val apiToken = "Hushhhh!"
Example for a non-sensitive constant:
val happyUsersEndpoint = "https://happy.foo.io/v1/users"
My questions are:
- In which part of my folder structure should I store non-sensitive constants?
- Is there a safe way to store sensitive constants in my code? If not, what is the right way to reference them from outside within my code?
To my understanding, there are ways to do that in Java-ish code, but I am mainly looking for ways that fit well into Scala code (if possible).
Upvotes: 1
Views: 150
Answers (1)
Reputation: 850
It should not be in the source code and in the VCS repo.
It should be a part of the deployment/operation process.
You can use some sort of a config or retrieve it from env variables. Which is better depends on your stack. Is it a docker? Is it a Play or something from typelevel stack?
For each situation, there are would be a different appropriate method. For example:
- For Play you can use just play config files in HOCON format.
- In typelevel you have pureconfig.
- For docker installation, it is better to use env.
- If you have a simple zero dependency console app - I suggest adding command line args with needed properties.
- For a simple app without play, cats and docker - just pick a lightweight simple library.
Upvotes: 4
Related Questions
- Best way to store and access a lot of constants
- Best practice for global constants in Scala Application
- Scala: List of constants with individual access
- Scala - avoid use mutable variables
- How to deal with mutable variable in scala
- How to store different value types in scala
- "Constant" values in case class
- Is there a way to treat scala value as constant from java
- Scala var/val local variable best practice
- Scala:Constant properties val or def