# Environment Strategy Template ## Overview Define the environment strategy for the project, including configuration, access, and deployment procedures for each environment. --- ## Environments ### Development (dev) **Purpose**: Local development and feature testing | Aspect | Configuration | |--------|---------------| | Branch | `dev`, feature branches | | Database | Local or shared dev instance | | External Services | Mock/sandbox endpoints | | Logging Level | DEBUG | | Access | All developers | **Configuration**: ``` # .env.development ENV=development DATABASE_URL= API_TIMEOUT=30 LOG_LEVEL=DEBUG ``` ### Staging (stage) **Purpose**: Pre-production testing, QA, UAT | Aspect | Configuration | |--------|---------------| | Branch | `stage` | | Database | Staging instance (production-like) | | External Services | Sandbox/test endpoints | | Logging Level | INFO | | Access | Development team, QA | **Configuration**: ``` # .env.staging ENV=staging DATABASE_URL= API_TIMEOUT=15 LOG_LEVEL=INFO ``` **Deployment Trigger**: Merge to `stage` branch ### Production (prod) **Purpose**: Live system serving end users | Aspect | Configuration | |--------|---------------| | Branch | `main` | | Database | Production instance | | External Services | Production endpoints | | Logging Level | WARN | | Access | Restricted (ops team) | **Configuration**: ``` # .env.production ENV=production DATABASE_URL= API_TIMEOUT=10 LOG_LEVEL=WARN ``` **Deployment Trigger**: Manual approval after staging validation --- ## Secrets Management ### Secret Categories - Database credentials - API keys (internal and external) - Encryption keys - Service account credentials ### Storage | Environment | Secret Storage | |-------------|----------------| | Development | .env.local (gitignored) | | Staging | CI/CD secrets / Vault | | Production | CI/CD secrets / Vault | ### Rotation Policy - Database passwords: Every 90 days - API keys: Every 180 days or on compromise - Encryption keys: Annually --- ## Environment Parity ### Required Parity - Same database engine and version - Same runtime version - Same dependency versions - Same configuration structure ### Allowed Differences - Resource scaling (CPU, memory) - External service endpoints (sandbox vs production) - Logging verbosity - Feature flags --- ## Access Control | Role | Dev | Staging | Production | |------|-----|---------|------------| | Developer | Full | Read + Deploy | Read logs only | | QA | Read | Full | Read logs only | | DevOps | Full | Full | Full | | Stakeholder | None | Read | Read dashboards | --- ## Backup & Recovery | Environment | Backup Frequency | Retention | RTO | RPO | |-------------|------------------|-----------|-----|-----| | Development | None | N/A | N/A | N/A | | Staging | Daily | 7 days | 4 hours | 24 hours | | Production | Hourly | 30 days | 1 hour | 1 hour | --- ## Notes - Never copy production data to lower environments without anonymization - All environment-specific values must be externalized (no hardcoding) - Document any environment-specific behaviors in code comments