Our Thoughts on Modern Configuration and Secrets Management

Manage Multiple Environment Configurations | CloudTruth

Written by Matt Conway | Jan 31, 2022 10:50:53 PM

Environments as Hierarchies: A CloudTruth Approach

If you’re still managing multiple environment configurations with a copy/paste/edit file method it’s time to learn about a better approach with CloudTruth Environments

CloudTruth centralizes configuration information for your cloud infrastructure and applications, providing a visual interface to help you track and manage configurations across all environments, including dev, staging, and production. It’s easy to define all your environments along with their hierarchy, and manage the environment-specific parameters and secrets with defaults, inheritances, and overrides. This DRY approach to configuration management simplifies and organizes configuration data helping to avoid misconfigurations and making it easier to troubleshoot problems faster. 

Use CloudTruth to inject configuration data (parameters, secrets, and ENV variables) into build, deploy, and runtime pipelines and workflows. 

The Secret Sauce – CloudTruth Environment Hierarchy

A new CloudTruth account starts with a basic 4 tier multiple environment template:

  • default
    • — development
    • — staging
    • — production

(see Figure 1)

The default environment holds common settings that all child environments can inherit. Each child environment (in this example development, staging, production) can override the parent, and children of children can override their parent, all the way to the leaf node.

Figure 1: Each project contains its own environment.

If you need another environment, you can easily create one, but that environment must have a parent. In Figure 2, a new environment called dev-child has been created with a parent of development.

 Once you create a new environment, it automatically inherits the configuration items in all of its ancestor environments. You can create a quite complex hierarchical arrangement if necessary.

Figure 2: CloudTruth configuration with a hierarchy in which dev-child is a child of the development environment

While the dev-child environment will look mostly like its parent, development, there will be cases where it will need to differ.  CloudTruth allows you to define Environment Overrides to do just that, as shown in Figure 3.

Figure 3: Environment Overrides allow you to customize your configuration for the children of an environment.

The CloudTruth Environment Dashboard

One of the coolest features of CloudTruth is the CloudTruth Environment Dashboard for administrators, which saves hours of effort and simplifies the administrative work by viewing the environments and related components.

With the CloudTruth Dashboard, there is no need to remember the environments you create or tag. All the information is captured in the activity by the Environments screen (Figure 4) with the exact time and other details such as which environments were created or tagged.

Figure 4: You can view all the activity in your environments on one screen.

Comparing CloudTruth Environment Values

In the scenarios discussed so far, you just looked at various environments, added tags to environments, etc. But one of the best things on the CloudTruth Dashboard is the ability to compare the different values assigned to an environment parameter.

Since you most likely have many different parameters defined with different values across various environments, having a single screen to compare all of them comes in handy. By selecting the parameter name, as shown in Figure 5, you can compare the values for that parameter in each environment.

Figure 5: Displaying the different values for an environment parameter

CloudTruth Environment Tagging

Taking environments one step further, CloudTruth also integrates environment parameter version control. Perhaps you need to access a parameter that was defined in an environment in the past? Tags are the way to go.

Once you’ve tagged an environment, as shown in Figure 6, you can refer to that tag’s snapshot at any point in time. Once you refer to the tag, CloudTruth allows you to pull historical parameters and parameter values as necessary in your workflows (Figure 7).

Figure 6: Creating a tag for a snapshot of an environment Figure 7: You can add a description and timestamp to a tag.

Cleaning Up Environments

If you’ve created a temporary environment, removing it from CloudTruth is just as easy as creating one. Removing an environment removes all of its child objects: variables, parameters, tags, etc.

💡 Before removing an environment, be absolutely sure you don’t have any services in your workflows that depend on parameters in that environment! In the Environment dashboard, select the environment and click Delete Environment (Figure 8). After confirming the removal (Figure 9), you’ll find that the environment has been removed.

Figure 8: Deleting a CloudTruth Environment Figure 9: Because deleting an environment destroys related data, an extra confirmation step is required.

A Better Way to Manage Multiple Environment Configurations

CloudTruth solves the problem of managing multiple configurations with CloudTruth Environments. Built as a hierarchical structure with inheritance, you can design an efficient configuration organization system. No need to wonder where some configuration value is defined or waste time making changes to the same value across many different places. If you’re using any of our dozens of supported integrations, you’ll see just how much time and effort is saved by storing configuration items in CloudTruth environments.