---
title: Do Not Hardcode Configuration
impact: HIGH
impactDescription: enables environment-specific deployments without code changes
tags: configuration, environment, deployment, quality, kotlin
---

## Do Not Hardcode Configuration

Configuration values that change between environments (Development, Staging, Production) should never be hardcoded in the source code. Hardcoding necessitates re-compilation and re-deployment for simple configuration changes and risks exposing production settings in lower environments.

**Incorrect (hardcoded config):**

```kotlin
const val API_URL = "https://api.production.sun-asterisk.vn"
const val TIMEOUT_MS = 5000
const val MAX_RETRIES = 3
```

**Correct (externalized configuration):**

```kotlin
// In Spring Boot: use application.yml/properties with placeholders
// api.url: ${API_URL:http://localhost:8080}

@ConfigurationProperties(prefix = "app")
data class AppConfig(
    val apiUrl: String,
    val timeoutMs: Int = 5000,
    val maxRetries: Int = 3
)

// In Ktor: use HOCON configuration (application.conf)
// storage {
//    bucket = ${?STORAGE_BUCKET}
// }

val bucket = environment.config.propertyOrNull("storage.bucket")?.getString() 
    ?: "default-dev-bucket"

// Manual Environment Access
val dbUrl = System.getenv("DATABASE_URL") ?: "jdbc:h2:mem:test"
```

**Best Practices:**
- Use environment variables for sensitive or environment-specific values.
- Provide sensible defaults for local development.
- Validate required configuration values at application startup (fail-fast).
- Avoid "magic strings" for configuration keys; use typesafe configuration classes.

**Tools:** Spring Boot `@ConfigurationProperties`, Ktor `HoconApplicationConfig`, `dotenv-kotlin`, Manual Review
