Description
The proxy is currently configured through a set of environment variables. While this has been a great way to get the project going, it is not ideal from a practical point of view (especially for users who choose to deploy the proxy without using our Ansible automation) and raises some security concerns (storing sensitive values in environment variables is generally not recommended and can be an issue for security-conscious users).
We should consider moving to file-based configuration for the proxy, which has the following advantages:
- Easier to configure and populate for users who wish to configure the proxy directly
- The configuration can be easily viewed in a structured way
- We can group logically related variables into buckets
- Access to the configuration can be restricted by setting OS permissions on the file appropriately
The configuration is currently parsed at proxy startup and does not subsequently change. Replacing the env var parsing logic with file-based parsing should not be particularly challenging.
The main effort will be:
- Choosing the right format for the configuration file, which should allow us to represent hierarchical groups without making the syntax complex or fiddly.
- Structuring the configuration in the right hierarchy (although a lot of this work has already been done with the config API overhaul for 2.0, in which we streamlined the config variables, renamed them in a more consistent way and organised them into groups).
┆Issue is synchronized with this Jira Task by Unito
┆Components: Proxy
┆Issue Number: ZDM-516