ad. 3: In playback mode, application.conf not available through any route or other type of path , so it cannot be considered "placed in webroot". Terry advises correctly in PHP, but is not suitable for Play (he warned that he did not know the framework, of course). It gives a sample PHP script, but believe me, the difference between accessing http://somdomain.tld/config.php and Play conf/application.conf is huge. They cannot be compared directly.
Saving credentials in application.conf is the safest (and fastest) way at the moment, I can’t imagine a way to decompile the file in the browser, even if the parser dies (which is impossible, since this is not PHP). If you decide to store credentials in some remote place, you will get a new risk, since you will need to additionally check if the client has permission to receive the configuration, the time required to launch the application, etc. Etc.
Update 1:
Using environment variables is not a safe way - as Marius pointed out, it will appear in the list of processes, so you will provide your credentials to each administrator, and I'm sure you do not want to do this with ie. Your e-mail address.
In Heroku, of course, this is a way to pass their DB connection URLs, but other credentials must be stored in the configuration file. Finally, remember that the length of the Procfile command is limited to 255 characters, so placing all the credentials in it will cause your application to not start for a single day.
Resolution in this case uses alernative configuration files , the script is quite simple
- in your
application.conf save the url in your production database. If this is Heroku, most likely db.default.user and db.default.password should be commented on, since the heroku common URL contains the credentials in it. - For your local version, create a file, that is:
conf/local_postgres.conf include application.conf at the beginning and override / add all the necessary configuration keys, such as credentials, to your local Postgres database. In addition, you can install other things there, change logging levels, enable smtp.mock , etc. Launch the application locally using this conf. (note that I had some problem with -Dconfig.resource , so I had to use the -Dconfig.file syntax, you need to find which method will work well on your system), i.e.
play -Dconfig.resource=local_postgres.conf "~run 9123"
Tip. Using a non-standard port is the easiest way to “demonstrate” that you are working with a local configuration. If you forget that you have an alternative configuration and start the application using the usual play ~run command, your application in the location http://localhost:9123 will be simply unavailable.
Create a bash script file run-local (or run-local.bat on Windows) and place the command from the previous point there. Ignore it in the .gitignore file.
Now you will launch the application for local development using the script from step 4. When you click on Heroku, it will deploy your application with the values from application.conf , since you do not install an alternative config in Procfile. With some other combinations, you can run locally your application using Heroku SQL to perform evolutions without pushing it to deploy, or do not check for the latest fix pack. Of course, you should always ensure that you develop a local version of the database, otherwise you run the risk of accidentally changing / destroying your life data.
Update 2:
Finally, using *.conf files is better than saving it in separate classes if you need to change the configuration for different locations (as already mentioned, the command works on the same code, dev / prod environments, etc.)
Of course, you can reduce it to:
import play.Configuration; import play.Play;