import config reads declared secrets and public config values from
Via's config server. The runtime fetches values over the workload
identity issued to the container at launch, so application code does not
handle credentials or know the config server's address.
| Environment | Behavior |
|---|---|
| Deployed on Via | Values come from the bound config server. |
vary run locally | Reads env vars for declared keys. |
| Tests | Use the testing helpers; no production values. |
On Via, the bootstrap variables (VARY_CONFIG_URL,
VARY_CONFIG_TOKEN_PATH, VARY_ENVIRONMENT) are set at container launch
and identify the app to the config server. Local vary run falls back to
plain environment variables for declared keys; missing keys raise
ConfigMissingError. Use a local vary.toml [secrets] block to
declare development values.
import config
let db_url = config.secret("DATABASE_URL")
let feature_enabled = config.bool("FEATURE_NEW_FLOW", False)
| Function | Returns | Raises |
|---|---|---|
secret(name) | Str | Any ConfigError subclass below. |
bool(name, default) | Bool | ConfigBadTypeError if not parseable as Bool. |
All errors subclass ConfigError, so application code can either catch
each subclass specifically (for fall-back behavior) or except ConfigError as e for the generic case.
| Error | Cause |
|---|---|
ConfigMissingError | The key is declared but no value is set. |
ConfigUndeclaredError | Key is not declared in vary.toml. |
ConfigPermissionDeniedError | The workload identity token was rejected. |
ConfigServerUnavailableError | Network failure, timeout, 5xx, or bad bootstrap. |
ConfigBadTypeError | Stored value cannot be coerced to the type. |
vary app env and vary app config| Surface | What it controls |
|---|---|
vary app env set/rotate/history | Secrets read via config.secret(...). |
vary app config patch/validate/diff/redeploy | Public config read via config.bool(...). |
vary.toml [config] and [secrets] blocks | Declarations; undeclared keys are rejected. |
Treat every config read as an external call that can fail. Wrap reads in
try/except ConfigError at the boundary that has a default policy, not
inside business logic deep in the call graph.