config files that may be in source control (may specify defaults)
config files that may not be in source control and may not exist
process.env variables
argv ?
similar to nconf, but pre-configured to just execute itself without user doing anything.
ability to fine tune ordering and files loaded
exposed application wide, easy to access
should things be editable? If so, some things would need to be locked. May also want a way to revert at any time.
should we ever be able to re-save? for a webserver, this feels like it can easily be avoided. Not sure the security implications of this. If it was an atom or phonegap app? I could somehow understand it.
how about client-side only config settings? shared config? server-side only that should absolutely never, ever, EVER be exposed to the client side (DB settings, API keys, so much things)