Configuration

App Configs

In the previous chapter we built our first and simple app. And we had to create an app.ini file to run it. So we can say that app configs play a central role in spinning up your apps and developing WebFluid projects.

The core concept

App configs are the CLI's entry point into your project. They replace .env files and tell the framework which app to run.

Primarily it is used to store secrets, potentially risky information (like database uris) and switches. Switches are another core concept of WebFluid. The framework uses them to enroll features and extensions on startup. Or in other words: They make the framework magic optioned.

Sections

App configs are parsed using Pythons configparser. Primarily, we are using sections to logically separate parts of your apps' configuration. A fully qualified example would look like this:

app_configs/[app].ini ini
[general]
SECRET_KEY = supersecret

[extensions]
EXT_SCHEDULING = 0
EXT_SQLALCHEMY = 1
EXT_BABEL = 1
EXT_SECURITY = 0
EXT_EVENTS = 1
EXT_CACHE = 0
EXT_MAIL = 1
EXT_JWT = 0

[features]
WF_THEMES = 1
WF_TAILWIND = 1
WF_PROCESSING = 1
WF_ADDITIVES = 1

[data]
DATABASE_URI = sqlite:///test.db
REDIS_URI = redis://localhost:6379

[security]
SECURITY_SECRET = another-secret

[mail]
MAIL_USERNAME = noreply@example.org
MAIL_PASSWORD = supersecret

[additives]
my_additive = 1
 

We used "general" for our logical defaults, but since it is just logical separation, you are not forced to stick with our defaults. This, of course, applies to all the sections shown above.

The [extensions] and [features] switches are the ones the framework reads on startup to enroll its magic. Everything else is just plain configuration that ends up in your apps' environment. The [additives] section toggles the Additives that are installed in your project (more on that in the Additives chapters), and [security] carries the SECURITY_SECRET that the security battery requires once you enable EXT_SECURITY.

Secrets from files

Storing raw secrets inside a config file is fine for development, but in production you usually mount them as files (think Docker or Kubernetes secrets). For every config key you can append a _FILE suffix and point it at a file instead. The CLI reads the file and exposes its content under the key without the suffix.

app_configs/[app].ini ini
[general]
SECRET_KEY_FILE = /run/secrets/secret_key

[security]
SECURITY_SECRET_FILE = /run/secrets/security_secret

In this example your app sees SECRET_KEY and SECURITY_SECRET with the contents of the referenced files. If the file does not exist, the raw value (the path) is kept as a fallback.

 

File backed values are only resolved by wf run. The migration environment (wf migrate) currently passes *_FILE keys through verbatim, so a migration may not see the real secret behind them.

The dev section

One section name is special: [dev]. Its values are only applied when you run your app in debug mode (the -d / --debug flag). This lets you keep development only overrides next to your production configuration without leaking them into a normal run.

app_configs/[app].ini ini
[general]
SECRET_KEY = supersecret

[dev]
DATABASE_URI = sqlite:///dev.db

Continue reading

From here you can continue straight with Config Classes.