| Configuration environments allow centralized management of similar configurations. It is, for example, used to manage a configuration for multiple stages (test, acceptance, prod) or similar IAM instances. Environment-specific settings are defined at configuration time in the Config Editor. |
| Using configuration contexts, variants in the configuration can be chosen at runtime typically based on the properties of the HTTP request or session. It is used to model few and small differences within an IAM instance. Context-specific settings are defined at configuration time in the Config Editor. |
| Configuration variables allow outsourcing parts of the configuration to environment variables. Such variables can be used to model few and small differences of similar instances. The feature is used to account for values that are, for example, undefined until startup (e.g. container instantiation) or to keep differences between similar instances separate from the main IAM configuration. |
| Configuration automation features include the YAML file format, snippets, and command-line interfaces (CLIs). The features allow for automated configuration management outside Airlock IAM using scripts, config pipelines, or alike. The features may be used to support config as code and GitOps patterns to provision modern infrastructures. The snippet feature allows to modularize of the IAM configuration and may also be used with the Config Editor. |
| Storing sensitive configuration values in cryptographically protected files outside the main configuration. Use this feature to ensure that prod secrets are only on the prod environment. |
| The Config Editor is a web UI used to configure Airlock IAM. It provides strong guidance, configuration validation, and documentation. As IAM configurations are typically quite complex, it is recommended to put together the initial configuration and apply non-trivial modifications using the Config Editor. |
| Application parameters - also known as instance properties - are high-level settings that are not part of the main configuration. They are not addressed by the above-mentioned configuration management concepts. |