12-Factor App is a methodology for building SaaS applications that recommends storing configuration (including secrets) in environment variables separate from code.
12-Factor App
12-Factor App is a methodology for building SaaS applications that recommends storing configuration (including secrets) in environment variables separate from code.
Why It Matters
The 12-Factor methodology shaped how modern applications handle configuration. Factor III (Config) specifically recommends environment variables for secrets. While this is better than hardcoding, it doesn't address the problems of secret sprawl and revocation.
How It Works
The twelve factors cover the full application lifecycle from codebase management to disposability. Factor III states that config (including credentials) should be stored in the environment — not in code, not in config files checked into version control.
Best Practices
- Follow Factor III: store config in the environment
- Combine with a secrets manager for production deployments
- Use proxy-based credentials to decouple access from raw secrets
- Apply all twelve factors, not just the configuration factor
Common Mistakes
- Interpreting "store in environment" as ".env files are fine in production"
- Treating env vars as the final solution rather than one layer of defense
How ShieldKey Helps
ShieldKey is compatible with 12-Factor principles. Store a Shield Token in your environment variable instead of a raw API key — same pattern, dramatically better security.
Try ShieldKey FreeFAQ
What is the 12-Factor App methodology?
The 12-Factor App is a set of best practices for building SaaS. It recommends storing secrets in environment variables rather than code, but modern security goes further with secrets managers and proxy-based access.