Reading constants from a secrets service

Constants are initialized via either a yaml config or env variables. Is it possible to change constants at runtime, or pass constants dynamically during startup from a source other than env vars or yaml?   My use case  is, I don’t want to leave secrets anywhere on a filesystem a hacker can use to exploit the app   I think that includes runtime args, as they are also “saved” on the filesystem in one’s shell history (~/.bash_history etc) or the process can be listed (“ps -ef | grep java”) and expose secrets.   Ideally I want to read app constants/config from a secrets service like HashiCorp’s Vault
2 answers

Hi Herman, 


With a Free App using Mendix Cloud  you can´t change Environment Constants or any tweaks

You can however, set up your Own Private Cloud ( Connected / Kubernete / Docker etc ) !





Best regards!





I asked the same question on Mendix Slack, and Knorrie van Kranenburg gave a few options as things stand now. Notably, to see if m2ee tools could be used as it has a method for passing configuration…


My challenge it would seem, is to customize the buildpack and m2ee tools for Cloud Foundry (VMWare Tanzu)