Currently, instance-specific configuration parameters are read from the environment, while the rest are read from a config file. While this is probably good practice for certain deployment systems that inject instance configuration at runtime, there's no good reason I can think of not to allow all configuration parameters to be read from the environment or a file. Many deployments will be simplified by using only a file to manage configuration. With regards to secrets, there's no difference in security between environment variables (which can only be read by the process owner) and a file that is only user-readable.
The order of precedence for configuration parameters should be:
Currently, instance-specific configuration parameters are read from the environment, while the rest are read from a config file. While this is probably good practice for certain deployment systems that inject instance configuration at runtime, there's no good reason I can think of not to allow all configuration parameters to be read from the environment or a file. Many deployments will be simplified by using only a file to manage configuration. With regards to secrets, there's no difference in security between environment variables (which can only be read by the process owner) and a file that is only user-readable.
The order of precedence for configuration parameters should be: