Standing Up Backstage


Configuring for production

The Backstage app is set up and working well locally — You can log in, and import software metadata from GitHub. The repo permission for your integration is enough to start using some software templates as well.

One next thing to do, is setting up the main app-config.yaml that will be used when you would build and deploy this Backstage app in a production environment.

So far you’ve been adding configuration to app-config.local.yaml, and pasting in secrets directly to test locally. The app-config.yaml will be checked into source control. Secrets should not be included directly in this file. Instead, you'll use environment variable substitution so that the secrets can be provided securely at deployment time.

Modify your app-config.yaml to mirror the configuration from app-config.local.yaml, but with environment variable placeholders for the sensitive values:

  title: Rockit Engine

    client: pg
      host: ${POSTGRES_HOST}
      port: ${POSTGRES_PORT}
      user: ${POSTGRES_USER}
      password: ${POSTGRES_PASSWORD}
  environment: development
        clientId: ${GOOGLE_CLIENT_ID}
        clientSecret: ${GOOGLE_CLIENT_SECRET}
    - host:
      token: ${GITHUB_TOKEN}

Alternatively, you can also create an app-config.production.yaml that will be used when building the application.

These environment variables then need to be provided to the Backstage deployment at runtime, in whatever way you usually supply sensitive secrets to a backend application (e.g. Kubernetes secrets mounted to the environment).

Commit the Backstage app

That’s it! You’ve created a Backstage app and started configuring it for your environment. Now is a good time to commit the app to source control. As you further customize your Backstage app, you’ll make changes to this application — you won’t run @backstage/create-app again.