Config Inheritance

Config Inheritance allows you to share the secrets stored in one config with another config. Once this inheritance is setup, whenever secrets in the child config are fetched, they will include the secrets from the parent config it is inheriting. Likewise, any time you add, remove, or update secrets in the parent config, those changes will be reflected in all inheriting child configs. This can be used to easily share secrets that are re-used across multiple services (e.g., datastore credentials, third party service API keys, common configuration across applications, etc.).

📷

Requires an upgraded subscription

This feature is available with our Team and Enterprise plans. View our plans or book a demo for more details.

🚧

Dynamic Secrets are not yet supported by Config Inheritance. This means that you cannot inherit from or enable inheritance for a config that contains any Dynamic Secrets.

Enabling Inheritance

You can control usage of the Config Inheritance feature at the workplace level, project level, and config level. By default, the ability to use Config Inheritance is enabled for every workplace and project. You must enable inheritance in a config before it can be inherited.

Workplace

You can disable Inheritance workplace-wide from the workplace Settings page.

Project

📘

This will prevent any config in the project from being inherited by another config, but configs inside the project will still be able to inherit from other configs outside the project.

You can disable Inheritance for all configs in a project from the Config Inheritance settings page for a project. Click on the three dot menu on the top right of the page when viewing a project.

Next, choose whether Config Inheritance should be Enabled or Disabled for the entire project and then click Save.

Config

📘

This option is only available if Config Inheritance has not already been disabled at the Project or Workplace level. By default Config Inheritance is Enabled for new projects.

You can also disable Inheritance for a specific config from the Config Inheritance settings accessible from the config page itself. From a config page, scroll down to the Config Inheritance section below the config's secrets, click on the three dot menu for that section, and choose the Settings option.

From there you can choose to Enable or Disable inheritance for the config. This is disabled for all configs by default and must be enabled for a config to be inherited.

Identifying Configs with Inheritance Enabled

You can quickly tell if a specific config has Config Inheritance enabled by the small arrow icon next to the config name.

Adding Inheritance

Once you have enabled Config Inheritance on a config, you can then setup which configs inherit it. This is possible either from the child config's Inheritance settings or from the parent config's Inheritance settings.

From the Parent Config

From a config that has been configured as inheritable, you can add additional configs you would like to inherit it from the Config Inheritance settings section below the config secrets by clicking the Add Inheriting Configs link (if no configs are yet inheriting) or by clicking the three dot menu and choosing Edit.

This will display a drawer that allows you to choose which configs from which projects will inherit the config.

From the Child Config

From a config that you would like to inherit from another inheritable config, you can add configs you would like to inherit from by browsing to the Config Inheritance settings section below the config secrets. Click the Inherit other configs link (if no inheritances have been added) or choose the Edit option from the three dot menu.

This will display a modal window that allows you to choose a project and config to inherit. You can click the plus button below the selection to add another config you would like to inherit.

Secret Conflicts

If more than one config being inherited contain secrets with the same name, the topmost config will always take precedence. Secrets being overridden will have a strike through their name and have a warning icon in front of the value as pictured below for the DB_URL secret. You can control which inherited config wins out here by re-ordering them.

Secrets in the config that is inheriting will always have the highest level of precedence as seen in the screenshot below where DB_URL is added to the inheriting config's secrets.

Re-Ordering Inheritance

When more than one config is being inherited, the topmost config is also the one that wins when secret name conflicts arise between inherited configs. You can control this order from the Config Inheritance settings by choosing the Edit option from the three dot menu. In the modal settings window that appears, you can click and drag the widget to the left of each row to re-order them.