惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Configuration in Go Should Be Typed: Introducing confkit
Glawk · 2026-05-18 · via DEV Community

Every Go application eventually needs configuration.

At the beginning, it is usually innocent:

port := os.Getenv("PORT")

Enter fullscreen mode Exit fullscreen mode

Then the application grows.

You add a database URL. Then a Redis address. Then timeouts. Then feature flags. Then a YAML file for local development. Then environment variables for production. Then CLI flags for internal tools. Then Kubernetes secrets. Then maybe Vault, AWS Secrets Manager, or another infrastructure-specific source.

At some point, configuration stops being a few environment variables.

It becomes part of your application architecture.

And if you are not careful, it becomes a pile of string parsing, default values, manual validation, unclear precedence rules, and startup errors that only make sense to the person who originally wrote the code.

That is the problem I wanted to solve with confkit.

confkit is a typed configuration loading library for Go. It lets you define application configuration as a regular Go struct, load it from multiple sources, apply defaults, validate fields, and safely redact secrets from logs and error messages.

The short version:

type Config struct {
    Port     int    `env:"PORT" default:"8080" validate:"min=1,max=65535"`
    Database string `env:"DATABASE_URL" validate:"required" secret:"true"`
}

cfg, err := confkit.Load[Config](
    confkit.FromEnv(),
    confkit.FromYAML("config.yaml"),
)
if err != nil {
    log.Fatal(confkit.Explain(err))
}

Enter fullscreen mode Exit fullscreen mode

No maps.

No manual parsing.

No hidden stringly-typed configuration layer.

No accidental secret leaks in startup logs.

Why configuration deserves more attention

Configuration code is rarely the most exciting part of a project.

Nobody starts a new backend service thinking:

I can't wait to write a robust configuration layer today.

Usually, we just want to get to the actual application logic.

But configuration is one of the first things your application touches when it starts. If it is wrong, everything else becomes unreliable.

Bad configuration handling can lead to:

  • services starting with empty required values
  • invalid ports, timeouts, or limits
  • production secrets accidentally printed to logs
  • unclear source priority between files, env vars, and flags
  • duplicated parsing logic across services
  • late runtime failures instead of fast startup failures
  • CI pipelines that cannot validate config before deployment

In Go, this often ends up as a mix of os.Getenv, helper functions, YAML unmarshalling, manual validation, and a few comments explaining which value overrides which.

That works for small projects. It gets painful when the project grows.

I wanted configuration to feel more like a contract:

This is the shape of the config.

These fields are required.

These defaults are safe.

These values are secrets.

These validation rules must pass before the application starts.

In confkit, that contract is a Go struct.

The struct is the contract

Here is a slightly more complete example:

package main

import (
    "log"
    "time"

    "github.com/MimoJanra/confkit"
)

type Config struct {
    Host    string        `env:"HOST" default:"localhost"`
    Port    int           `env:"PORT" default:"8080" validate:"min=1,max=65535"`
    Timeout time.Duration `env:"TIMEOUT" default:"30s"`

    DB struct {
        DSN      string `env:"DSN" validate:"required" secret:"true"`
        MaxConns int    `env:"MAX_CONNS" default:"10" validate:"min=1,max=100"`
    } `prefix:"DB_"`
}

func main() {
    cfg, err := confkit.Load[Config](
        confkit.FromFlags(nil),
        confkit.FromEnv(),
        confkit.FromYAML("config.yaml"),
    )
    if err != nil {
        log.Fatal(confkit.Explain(err))
    }

    log.Printf("listening on %s:%d", cfg.Host, cfg.Port)
}

Enter fullscreen mode Exit fullscreen mode

This struct describes quite a lot:

  • HOST has a default value
  • PORT has a default value and must be between 1 and 65535
  • TIMEOUT is parsed as time.Duration
  • DB_DSN is required
  • DB_DSN is also marked as secret
  • DB_MAX_CONNS has a default and a validation range
  • nested config fields can use a prefix

The application code receives a typed Config.

That means the rest of the app does not need to know where configuration came from. It does not care if a value came from YAML, an environment variable, a CLI flag, or a secret manager.

It just receives a normal Go value.

Explicit source priority

One thing I wanted to avoid is magical source precedence.

Configuration priority should be visible in code.

With confkit, sources are checked in the order you pass them:

cfg, err := confkit.Load[Config](
    confkit.FromFlags(nil),          // highest priority
    confkit.FromEnv(),               // overrides files
    confkit.FromYAML("config.yaml"), // fallback
)

Enter fullscreen mode Exit fullscreen mode

This makes the priority easy to reason about:

flags -> environment variables -> config.yaml -> defaults

Enter fullscreen mode Exit fullscreen mode

This is useful for common deployment patterns:

  • local development uses config.yaml
  • production overrides values through environment variables
  • CLI tools override specific values through flags
  • defaults keep non-critical fields simple

There is no need to hide this behavior in documentation or in a custom helper function. The order is visible where the config is loaded.

Clear validation errors

A configuration library should fail early.

If a required value is missing, the application should not start and then fail later when some database client, HTTP server, or queue consumer receives an empty string.

For example:

type Config struct {
    DatabaseURL string `env:"DATABASE_URL" validate:"required" secret:"true"`
}

Enter fullscreen mode Exit fullscreen mode

If DATABASE_URL is missing, confkit gives a readable error:

Invalid configuration:

  DatabaseURL
    error: field is required
    source: env (DATABASE_URL)

Enter fullscreen mode Exit fullscreen mode

That is the kind of error I want during startup.

It tells me:

  • which field failed
  • what went wrong
  • where the value was expected to come from

The goal is not just to return an error. The goal is to return an error that is useful when the service fails to start and someone needs to fix the deployment quickly.

Defaults without extra files

Defaults live next to the fields:

type Config struct {
    Host     string        `env:"HOST" default:"localhost"`
    Port     int           `env:"PORT" default:"8080" validate:"min=1,max=65535"`
    LogLevel string        `env:"LOG_LEVEL" default:"info" validate:"oneof=debug info warn error"`
    Timeout  time.Duration `env:"TIMEOUT" default:"30s"`
}

Enter fullscreen mode Exit fullscreen mode

For me, this is much easier to maintain than scattering defaults across startup code.

The struct tells the full story:

  • field name
  • environment variable name
  • default value
  • validation rule
  • secret status, if needed

This makes configuration review easier too. You can look at the struct and understand what the application expects.

Secret redaction by default

Configuration often contains sensitive values:

type Config struct {
    APIKey   string `env:"API_KEY" validate:"required" secret:"true"`
    Password string `env:"DB_PASSWORD" secret:"true"`
}

Enter fullscreen mode Exit fullscreen mode

If a field is marked with secret:"true", confkit redacts it in formatted errors and config dumps.

This matters because startup errors are often logged everywhere:

  • local terminal output
  • Docker logs
  • Kubernetes logs
  • CI/CD output
  • Slack alerts
  • monitoring systems
  • screenshots in support threads

A configuration library should make the safe behavior the easy behavior.

The developer should not have to remember to manually hide every token before logging an error.

Loading from files

confkit supports common file-based configuration formats:

cfg, err := confkit.Load[Config](
    confkit.FromYAML("config.yaml"),
)

Enter fullscreen mode Exit fullscreen mode

There are also JSON and TOML sources:

cfg, err := confkit.Load[Config](
    confkit.FromJSON("config.json"),
    confkit.FromTOML("config.toml"),
)

Enter fullscreen mode Exit fullscreen mode

A typical local config.yaml might look like this:

host: localhost
port: 8080
timeout: 30s

db:
  dsn: postgres://user:password@localhost:5432/app
  max_conns: 10

Enter fullscreen mode Exit fullscreen mode

And the Go struct can still be the main contract:

type Config struct {
    Host    string        `yaml:"host" env:"HOST" default:"localhost"`
    Port    int           `yaml:"port" env:"PORT" default:"8080" validate:"min=1,max=65535"`
    Timeout time.Duration `yaml:"timeout" env:"TIMEOUT" default:"30s"`

    DB struct {
        DSN      string `yaml:"dsn" env:"DSN" validate:"required" secret:"true"`
        MaxConns int    `yaml:"max_conns" env:"MAX_CONNS" default:"10"`
    } `yaml:"db" prefix:"DB_"`
}

Enter fullscreen mode Exit fullscreen mode

This gives you a nice local workflow without giving up production-friendly environment variable overrides.

Environment variables for production

Environment variables are still one of the most common ways to configure services in production.

confkit keeps this simple:

type Config struct {
    Host string `env:"HOST" default:"localhost"`
    Port int    `env:"PORT" default:"8080"`
}

Enter fullscreen mode Exit fullscreen mode

Then:

HOST=0.0.0.0 PORT=3000 ./app

Enter fullscreen mode Exit fullscreen mode

For nested structs, prefixes help avoid awkward names:

type Config struct {
    Database struct {
        Host string `env:"HOST" default:"localhost"`
        Port int    `env:"PORT" default:"5432"`
    } `prefix:"DB_"`
}

Enter fullscreen mode Exit fullscreen mode

This maps to:

DB_HOST
DB_PORT

Enter fullscreen mode Exit fullscreen mode

I like this pattern because nested structs are natural in Go, while environment variables are naturally flat. Prefixes connect the two without making the code weird.

CLI flags for tools

Configuration is not only for web services.

CLI tools often need a mix of files, environment variables, and flags.

Example:

type Config struct {
    Input   string `flag:"input" validate:"required"`
    Output  string `flag:"output" default:"out.json"`
    Verbose bool   `flag:"verbose" default:"false"`
}

cfg, err := confkit.Load[Config](
    confkit.FromFlags(nil),
    confkit.FromEnv(),
)
if err != nil {
    log.Fatal(confkit.Explain(err))
}

Enter fullscreen mode Exit fullscreen mode

Now the CLI can be configured through flags, while still allowing environment variable fallback if you want it.

That gives you one config model instead of separate parsing logic for each source.

Safe config dumps

Sometimes you need to see the final configuration after all sources, defaults, and overrides were applied.

This is useful for debugging:

log.Println(confkit.DumpString(cfg))

Enter fullscreen mode Exit fullscreen mode

If the config contains secret fields, they are redacted by default.

Example:

type Config struct {
    Host     string `env:"HOST" default:"localhost"`
    Password string `env:"PASSWORD" secret:"true"`
}

Enter fullscreen mode Exit fullscreen mode

A safe dump should not print the real password.

That sounds obvious, but it is very easy to get wrong when every service has its own custom config logging code.

confkit gives you dump helpers for JSON and YAML output, with secret redaction enabled by default.

Validate configuration in CI

One feature I find especially useful is ValidateOnly.

The idea is simple: run the full loading and validation pipeline without triggering side effects such as hooks, audit logging, or reload-related behavior.

That makes it useful for CI checks.

For example:

_, err := confkit.ValidateOnly[Config](
    context.Background(),
    confkit.WithSource(confkit.FromYAML("config.prod.yaml")),
)
if err != nil {
    log.Fatal(confkit.Explain(err))
}

Enter fullscreen mode Exit fullscreen mode

This lets you validate configuration before deployment.

A broken YAML file, missing required value, or invalid timeout should be caught before the application reaches production.

Optional infrastructure integrations

Not every application needs Vault.

Not every CLI tool needs AWS.

Not every small service should pull Kubernetes dependencies into the binary.

That is why confkit keeps the core package focused and provides optional integrations separately.

The core package covers common local/runtime sources such as:

  • environment variables
  • CLI flags
  • YAML
  • JSON
  • TOML

Optional integrations can be used when needed, including:

  • Kubernetes
  • Vault
  • Consul
  • etcd
  • AWS SSM / Secrets Manager

This keeps the basic library lightweight while still allowing production systems to load configuration from real infrastructure.

Install the core package:

go get github.com/MimoJanra/confkit@latest

Enter fullscreen mode Exit fullscreen mode

Install optional integrations only when you need them:

go get github.com/MimoJanra/confkit/vault@latest
go get github.com/MimoJanra/confkit/consul@latest
go get github.com/MimoJanra/confkit/etcd@latest
go get github.com/MimoJanra/confkit/aws@latest

Enter fullscreen mode Exit fullscreen mode

Hot reload

Some applications need to react to configuration changes without restarting.

confkit supports file watching:

cfg, watcher, err := confkit.LoadWithWatcher[Config](
    "config.yaml",
    confkit.FromYAML("config.yaml"),
    confkit.FromEnv(),
)
if err != nil {
    log.Fatal(confkit.Explain(err))
}

watcher.AddListener(func(oldCfg, newCfg any, err error) {
    if err != nil {
        log.Printf("config reload failed: %v", err)
        return
    }

    log.Println("config reloaded")
})

watcher.Start()
defer watcher.Stop()

_ = cfg

Enter fullscreen mode Exit fullscreen mode

This is useful for long-running services where some operational values can safely change at runtime.

Of course, not every config value should be hot-reloadable. Database credentials, server ports, and deeply structural settings often still require a restart.

But when you do need reload behavior, it is useful to have it integrated with the same configuration model.

Custom sources

Configuration backends are often company-specific.

Maybe your team has an internal configuration service. Maybe you load values from a platform API. Maybe secrets come from a custom encrypted file format.

confkit supports custom sources through a small interface:

type Source interface {
    Name() string
    Lookup(ctx context.Context, field *FieldInfo) (any, bool, error)
}

Enter fullscreen mode Exit fullscreen mode

That means the built-in sources are not a closed world.

You can keep the same typed struct, validation rules, defaults, and redaction behavior while adding your own configuration backend.

Schema and documentation generation

One useful side effect of treating configuration as a struct contract is that the same struct can be used to generate documentation.

confkit includes schema-related functionality for generating references from config structs.

That can be useful when you want to document:

  • supported environment variables
  • default values
  • required fields
  • validation constraints
  • CLI options
  • config file structure

In other words, the config struct can become the source of truth not only for the application, but also for the documentation around that application.

Why not just use another config library?

There are already good Go configuration libraries.

You might use:

  • envconfig for environment variables
  • koanf for modular configuration composition
  • Viper for a broad and established configuration system

confkit is not trying to pretend those projects do not exist.

The design is focused on a specific style:

Go struct + tags + typed loading + defaults + validation + safe diagnostics

Enter fullscreen mode Exit fullscreen mode

A rough rule of thumb:

Use envconfig if you only need environment variables.

Use koanf if you want a flexible toolkit and prefer composing behavior yourself.

Use Viper if you need a large, established configuration system with many built-in behaviors.

Use confkit if you want your configuration contract to be a Go struct, with validation and safe errors built in from the beginning.

API stability

Configuration loading sits very close to application startup.

If it breaks, the application may not start at all.

That is why API stability matters.

confkit has a v1 stability contract for the core public API. The intention is that v1.x releases can add functionality without breaking existing users, while breaking API changes require a future v2 release.

For a configuration library, this is important. The API should be boring in the best possible way: stable, predictable, and safe to update.

Complete minimal example

Here is a small working example:

package main

import (
    "log"

    "github.com/MimoJanra/confkit"
)

type Config struct {
    Host string `env:"HOST" default:"localhost"`
    Port int    `env:"PORT" default:"8080" validate:"min=1,max=65535"`

    DatabaseURL string `env:"DATABASE_URL" validate:"required" secret:"true"`
}

func main() {
    cfg, err := confkit.Load[Config](
        confkit.FromEnv(),
        confkit.FromYAML("config.yaml"),
    )
    if err != nil {
        log.Fatal(confkit.Explain(err))
    }

    log.Printf("starting server on %s:%d", cfg.Host, cfg.Port)
}

Enter fullscreen mode Exit fullscreen mode

Example config.yaml:

host: localhost
port: 8080

Enter fullscreen mode Exit fullscreen mode

Run with:

DATABASE_URL=postgres://user:pass@localhost:5432/app go run .

Enter fullscreen mode Exit fullscreen mode

The application gets a typed config struct, while secrets remain protected in logs and errors.

Final thoughts

Configuration is not glamorous.

But it is one of the most important startup paths in any service.

It decides whether your application starts safely, fails clearly, validates its assumptions, and protects sensitive values.

confkit is my attempt to make that layer simple and explicit:

  • define config as a Go struct
  • load it from multiple sources
  • apply defaults
  • validate before startup
  • redact secrets automatically
  • explain errors clearly
  • support real production sources when needed

One struct.

Multiple sources.

Typed values.

Readable errors.

Safe logs.

That is the whole idea.

You can find the project here:

github.com/MimoJanra/confkit