import ballerina/config;
import ballerina/io;

public function main() {
    // Look up the configuration values. 
    string username = config:getAsString("app.auth.username");
    string password = config:getAsString("app.auth.password");

    io:println(string `Authenticating user '${username}'`);
}

Config

The Ballerina Config API allows you to look up values from configuration files, CLI parameters, and environment variables. The precedence order for configuration resolution is as follows:

  • CLI parameters
  • Environment variables
  • Configuration files

If a specific configuration defined in the file is also defined as an environment variable, the environment variable takes precedence. Similarly, if the same is set as a CLI parameter, it replaces the environment variable value.

If a mapping does not exist for the specified key, the default value is returned as the configuration value. The default values of these optional configurations are the default values of the return types of the functions.

For more information on the underlying module, see the Config module.

import ballerina/config;
import ballerina/io;
public function main() {
    string username = config:getAsString("app.auth.username");
    string password = config:getAsString("app.auth.password");

Look up the configuration values.

    io:println(string `Authenticating user '${username}'`);
}
[app.auth]
  username="jack"
  password="pass1"
# Sensitive data such as passwords can be encrypted and accessed securely in code. To encrypt a value, the
# `ballerina encrypt` command is used. It prompts the user to enter the value and a secret. In this example,
# `ballerina` is the value and `12345` is the secret.
ballerina encrypt
Enter value:
Enter secret:
Re-enter secret to verify:
Add the following to the configuration file:
<key>="@encrypted:{njjb2H9u7Bax2FZX/X+UPZ50lR6+ckKmkesE87Yuw/x9wE1yvhcww1ehOc+mjgCc}"}"
Or provide it as a command line argument:
--<key>=@encrypted:{njjb2H9u7Bax2FZX/X+UPZ50lR6+ckKmkesE87Yuw/x9wE1yvhcww1ehOc+mjgCc}"}
# The secret needs to be provided if a configuration contains an encrypted value. The secret can be provided
# via a `secret.txt` file (which gets deleted immediately after its contents are read) or via the CLI. In this example, the CLI is used.
ballerina run config_api.bal
ballerina: enter secret for config value decryption:
# To specify a configuration file explicitly, use the `--b7a.config.file=<path_to_configuration_file>` property.
# If this property is not set, Ballerina looks for a `ballerina.conf` file in the current directory. The path
# to the configuration file can be either an absolute or a relative path.
# To run this example, place the following configurations in a file and provide its path.
# ```
# [app.auth]
#  username=jack
# [app.auth]
#  password="@encrypted:{njjb2H9u7Bax2FZX/X+UPZ50lR6+ckKmkesE87Yuw/x9wE1yvhcww1ehOc+mjgCc}"}"
#
# ```
ballerina run config_api.bal --b7a.config.file=path/to/conf/file/custom-config-file-name.conf
ballerina: enter secret for config value decryption:
Authenticating user 'jack'
# The same configurations given via a configuration file can also be given via CLI parameters. <br>
# e.g., app.auth.username
ballerina run config_api.bal --app.auth.username=jack --hello.keystore.password=@encrypted:{njjb2H9u7Bax2FZX/X+UPZ50lR6+ckKmkesE87Yuw/x9wE1yvhcww1ehOc+mjgCc}"}
ballerina: enter secret for config value decryption:
Authenticating user 'jack'