# Step 4: Environment Strategy

**Role**: Platform engineer
**Goal**: Define environment configuration, secrets management, and environment parity.
**Constraints**: Strategy document — no secrets or credentials in output.

## Steps

1. Define environments:

| Environment | Purpose | Infrastructure | Data |
|-------------|---------|---------------|------|
| **Development** | Local developer workflow | docker-compose, local volumes | Seed data, mocks for external APIs |
| **Staging** | Pre-production validation | Mirrors production topology | Anonymized production-like data |
| **Production** | Live system | Full infrastructure | Real data |

2. Define environment variable management:
   - Reference `.env.example` created in Step 1
   - Per-environment variable sources (`.env` for dev, secret manager for staging/prod)
   - Validation: fail fast on missing required variables at startup
3. Define secrets management:
   - Never commit secrets to version control
   - Development: `.env` files (git-ignored)
   - Staging/Production: secret manager (AWS Secrets Manager / Azure Key Vault / Vault)
   - Rotation policy
4. Define database management per environment:
   - Development: Docker Postgres with named volume, seed data
   - Staging: managed Postgres, migrations applied via CI/CD
   - Production: managed Postgres, migrations require approval

## Self-verification

- [ ] All three environments defined with clear purpose
- [ ] Environment variable documentation complete (references `.env.example` from Step 1)
- [ ] No secrets in any output document
- [ ] Secret manager specified for staging/production
- [ ] Database strategy per environment

## Save action

Write `environment_strategy.md` using `templates/environment_strategy.md`.