1)Command line arguments or argument options
2)use environment variable
3)specify production configuration file applicaiton-prod.conf
2)use environment variable
3)specify production configuration file applicaiton-prod.conf
application.conf.
One way of configuring the application secret on a production server is to pass it as a system property to your start script. For example:
/path/to/yourapp/bin/yourapp -Dplay.crypto.secret="QCY?tAnfk?aZ?iwrNwnxIlR6CTf:G3gf:90Latabg@5241AB`R5W:1uDFN];Ik@n"
This approach is very simple, and we will use this approach in the Play documentation on running your app in production mode as a reminder that the application secret needs to be set. In some environments however, placing secrets in command line arguments is not considered good practice. There are two ways to address this.
Environment variables
The first is to place the application secret in an environment variable. In this case, we recommend you place the following configuration in your
application.conf file:play.crypto.secret="changeme"
play.crypto.secret=${?APPLICATION_SECRET}
The second line in that configuration sets the secret to come from an environment variable called
APPLICATION_SECRET if such an environment variable is set, otherwise, it leaves the secret unchanged from the previous line.
This approach works particularly well for cloud based deployment scenarios, where the normal practice is to set passwords and other secrets via environment variables that can be configured through the API for that cloud provider.
Production configuration file
Another approach is to create a
production.conf file that lives on the server, and includes application.conf, but also overrides any sensitive configuration, such as the application secret and passwords.
For example:
include "application"
play.crypto.secret="QCY?tAnfk?aZ?iwrNwnxIlR6CTf:G3gf:90Latabg@5241AB`R5W:1uDFN];Ik@n"
Then you can start Play with:
/path/to/yourapp/bin/yourapp -Dconfig.file=/path/to/production.conf
No comments:
Post a Comment