Skip to content

Best practices

A guide for best practices to design, development, and operate a service on Runway.

Configuration

Configuration is seperate from application code and is used to specify application settings across environment deployments. Service owners have the following options for configuration:

  1. Environment Variables
  2. Secrets Management

Environment variables are checked into source control in your service project and secrets are securely injected during runtime.

Environment Variable ExamplesSecrets Example
PortsAPI Tokens
EndpointsPasswords
Public InformationSensitive Information

Container Security

Runway’s currently supported runtime of GCP Cloud Run supports sandboxes for execution environments. Runway deploys services using the default (i.e., first generation) execution environments. To further improve container security, run your container as a non-root user.

During production readiness review, AppSec requires containers to run with least privilege as a non-root user.