You might think what will this post be about? Well it is inspired by a tool I used called terraform . What happened was we configured it a specific way and then it still did not work in one environment but it did in another environment. Same config file but different environments? It must be doing something else under the hood. What did we do to help? Crank up the log level to the max of course.

Configuration should be higher priority

So turns out, the tool still read the environment variables first even though we explicitly configured another credentials provider. That is annoying to say the least.

Please remember people, whenever you write a tool or application with a configuration. The configuration takes precedence. If there is nothing in the configuration you are welcome to use so called sane defaults . This means you take the option that makes the most sense or is the best for the developer. Examples are that certain security features are on by default instead of off . Features like encryption, or good random entropy or password protected. Other features can be the need for an explicit parameter to not execute a so called dry run . In a dry run nothing happens but you see what would happen.

Issues

It seems the terraform tool has a lot of issues. I do not mean it does not work well and every other second we run into a problem. I mean their GitHub page has 1500+ issues reported (at the time of writing 1560240633 UTC ). If anyone of HashiCorp reads this, first thank you for reading this and your name reminds me of BlastCorps for the N64 somehow, and secondly please manage those issues. It is very difficult to find stuff that will be fixed, won't be fixed, is being fixed and any other state in between.

#devops