Configuration files or APIs

Configuration files is something we have always been familiar with and with cloud services I think more and more configuration has started to move into code. But I was very intrigued by yet a different concept used by a team I worked with a while back; configuration APIs for temporary changes.

So the idea behind the configuration API is that you can change the behavior of a service temporarily by accessing it through a special REST API. The benefit is that it is very easy to change configuration values without restarting the service and without having to look for file changes on disk. You can even time limit the change very easily. 

However the configuration API approach has some serious problems in my opinion. Apart from the obvious potential security vulnerability, changing configuration through an API means we loose a simple way to trace configuration changes.

Sure we can log all changes and have an API that returns the current configuration. And we can make sure the API is 100% secure (or can we) and put proper auditing logs in place so we always know who changed what thorough the API. But even then I don't see a huge benefit compared to configuration in code (or files) since it means more code and two different ways to achieve the same thing.

So for simplicity reasons I would recommend sticking with the classical approaches for configuration. Even when it comes to temporary changes. What do you think?

No comments:

Post a Comment