Skip to Content
GuidesCustom variable source

Write a custom variable source

Custom variable sources are for teams that need values from a source Configorama does not ship with, such as an internal secret store or deployment registry. This guide shows the shape of a source and where safe mode changes the trust model.

The extension point exists so the core resolver can stay framework-agnostic. Instead of adding every possible platform source to Configorama itself, applications can provide a small source object with a type, match rule, and async resolver function.

resolve.js
const configorama = require('configorama') const vault = { type: 'vault', source: 'remote', prefix: 'vault', match: /^vault:/, resolver: async variable => { const key = variable.replace(/^vault:/, '') return `value-for-${key}` } } await configorama('config.yml', { variableSources: [vault] })

Custom variable sources are blocked by safe mode because they are user-provided executable code. Audit output reports them as custom_extension risk.

Read variable sources for built-in resolver behavior and security policies for safe-mode controls. For API details, see the API reference.

Last updated on