Dev/Prod keys for OAUTH2

I have successfully implemented OAUTH2 in my Vaadin application.
I generated two separate keys,

  1. one for dev with homepage url pointing to http://localhost:8080/ and
  2. one for prod point to my prod server.

Every time I need to work on the code I need to comment out the non relevant keys in application.properties.
This is not much of a problem but a slight irritant.

What is the prescribed way to approach this?
Is there any way to figure out dev/prod mode programatically and load the keys accordingly? (Perhaps with a Config where the keys are declared in the code instead of picking from the application.properties)?

Note: The application.properties does not allow duplicates of spring.security.oauth2.client.registration.xxx.client-id and spring.security.oauth2.client.registration.xxx.client-secret

Thank you.

You can override those as environment variables.

So many options to choose from…

  • environment variables
  • different profiles and excluding dev from production builds
  • externalized application properties

Choose what’s best for your production deployment (commenting out is not)

1 Like

https://docs.spring.io/spring-boot/reference/features/external-config.html

Thanks guys! I will check out the environment variables.
Special thanks to @SimonMartinelli for the link. It definitely helped bring more clarity.

1 Like

Normally you want to use profiles and create one application.properties file for every profile:

application.properties
application-test.properties
application-local.properties
…

application.properties will be loaded everytime and the others depending on the active profiles. For example:

java -Dspring.profiles.active=local app.jar

Properties in -local will override the one in the default file.

https://docs.spring.io/spring-boot/reference/features/profiles.html

1 Like

Be careful with profiles because suddenly you may store passwords and other sensitive data in Git if you commit the property files

1 Like