mirror of
https://github.com/azaion/gps-denied-desktop.git
synced 2026-04-22 22:36:36 +00:00
Oleksandr Bezdieniezhnykh
3.1 KiB
3.1 KiB
Environment Strategy Template
Overview
Define the environment strategy for the project, including configuration, access, and deployment procedures for each environment.
Environments
Development (dev)
Purpose: Local development and feature testing
| Aspect | Configuration |
|---|---|
| Branch | dev, feature branches |
| Database | Local or shared dev instance |
| External Services | Mock/sandbox endpoints |
| Logging Level | DEBUG |
| Access | All developers |
Configuration:
# .env.development
ENV=development
DATABASE_URL=<dev_database_url>
API_TIMEOUT=30
LOG_LEVEL=DEBUG
Staging (stage)
Purpose: Pre-production testing, QA, UAT
| Aspect | Configuration |
|---|---|
| Branch | stage |
| Database | Staging instance (production-like) |
| External Services | Sandbox/test endpoints |
| Logging Level | INFO |
| Access | Development team, QA |
Configuration:
# .env.staging
ENV=staging
DATABASE_URL=<staging_database_url>
API_TIMEOUT=15
LOG_LEVEL=INFO
Deployment Trigger: Merge to stage branch
Production (prod)
Purpose: Live system serving end users
| Aspect | Configuration |
|---|---|
| Branch | main |
| Database | Production instance |
| External Services | Production endpoints |
| Logging Level | WARN |
| Access | Restricted (ops team) |
Configuration:
# .env.production
ENV=production
DATABASE_URL=<production_database_url>
API_TIMEOUT=10
LOG_LEVEL=WARN
Deployment Trigger: Manual approval after staging validation
Secrets Management
Secret Categories
- Database credentials
- API keys (internal and external)
- Encryption keys
- Service account credentials
Storage
| Environment | Secret Storage |
|---|---|
| Development | .env.local (gitignored) |
| Staging | CI/CD secrets / Vault |
| Production | CI/CD secrets / Vault |
Rotation Policy
- Database passwords: Every 90 days
- API keys: Every 180 days or on compromise
- Encryption keys: Annually
Environment Parity
Required Parity
- Same database engine and version
- Same runtime version
- Same dependency versions
- Same configuration structure
Allowed Differences
- Resource scaling (CPU, memory)
- External service endpoints (sandbox vs production)
- Logging verbosity
- Feature flags
Access Control
| Role | Dev | Staging | Production |
|---|---|---|---|
| Developer | Full | Read + Deploy | Read logs only |
| QA | Read | Full | Read logs only |
| DevOps | Full | Full | Full |
| Stakeholder | None | Read | Read dashboards |
Backup & Recovery
| Environment | Backup Frequency | Retention | RTO | RPO |
|---|---|---|---|---|
| Development | None | N/A | N/A | N/A |
| Staging | Daily | 7 days | 4 hours | 24 hours |
| Production | Hourly | 30 days | 1 hour | 1 hour |
Notes
- Never copy production data to lower environments without anonymization
- All environment-specific values must be externalized (no hardcoding)
- Document any environment-specific behaviors in code comments