Files
gps-denied-desktop/_docs/00_templates/environment_strategy.md
T
Oleksandr Bezdieniezhnykh fd75243a84 more detailed SDLC plan
2025-12-10 19:05:17 +02:00

3.1 KiB

Environment Strategy Template

Overview

Define the environment strategy for the project, including configuration, access, and deployment procedures for each environment.


Environments

Development (dev)

Purpose: Local development and feature testing

Aspect Configuration
Branch dev, feature branches
Database Local or shared dev instance
External Services Mock/sandbox endpoints
Logging Level DEBUG
Access All developers

Configuration:

# .env.development
ENV=development
DATABASE_URL=<dev_database_url>
API_TIMEOUT=30
LOG_LEVEL=DEBUG

Staging (stage)

Purpose: Pre-production testing, QA, UAT

Aspect Configuration
Branch stage
Database Staging instance (production-like)
External Services Sandbox/test endpoints
Logging Level INFO
Access Development team, QA

Configuration:

# .env.staging
ENV=staging
DATABASE_URL=<staging_database_url>
API_TIMEOUT=15
LOG_LEVEL=INFO

Deployment Trigger: Merge to stage branch

Production (prod)

Purpose: Live system serving end users

Aspect Configuration
Branch main
Database Production instance
External Services Production endpoints
Logging Level WARN
Access Restricted (ops team)

Configuration:

# .env.production
ENV=production
DATABASE_URL=<production_database_url>
API_TIMEOUT=10
LOG_LEVEL=WARN

Deployment Trigger: Manual approval after staging validation


Secrets Management

Secret Categories

  • Database credentials
  • API keys (internal and external)
  • Encryption keys
  • Service account credentials

Storage

Environment Secret Storage
Development .env.local (gitignored)
Staging CI/CD secrets / Vault
Production CI/CD secrets / Vault

Rotation Policy

  • Database passwords: Every 90 days
  • API keys: Every 180 days or on compromise
  • Encryption keys: Annually

Environment Parity

Required Parity

  • Same database engine and version
  • Same runtime version
  • Same dependency versions
  • Same configuration structure

Allowed Differences

  • Resource scaling (CPU, memory)
  • External service endpoints (sandbox vs production)
  • Logging verbosity
  • Feature flags

Access Control

Role Dev Staging Production
Developer Full Read + Deploy Read logs only
QA Read Full Read logs only
DevOps Full Full Full
Stakeholder None Read Read dashboards

Backup & Recovery

Environment Backup Frequency Retention RTO RPO
Development None N/A N/A N/A
Staging Daily 7 days 4 hours 24 hours
Production Hourly 30 days 1 hour 1 hour

Notes

  • Never copy production data to lower environments without anonymization
  • All environment-specific values must be externalized (no hardcoding)
  • Document any environment-specific behaviors in code comments