The Twelve-Factor App — Principles for Modern Services

How the twelve factors apply to real production services today.

Updated March 30, 2026 2 views

The most impactful factors

III — Config in the environment. Never hardcode config or check credentials into source control. Store in environment variables or a secrets manager. This enables the same image to run in dev, staging, and production without rebuild.

IV — Backing services as attached resources. Treat databases, queues, and caches as attachable resources. Swapping a local Postgres for an RDS instance should require only a config change.

VI — Processes are stateless. Processes share nothing. Session state lives in Redis, not in-process. This makes horizontal scaling trivial — any request can hit any instance.

VIII — Concurrency via process model. Scale out (more processes) rather than up (bigger process). Different process types (web, worker) scale independently.

XI — Logs as event streams. Write to stdout. Never manage log files inside the app. The platform captures and routes logs.

Compliance checklist

No credentials in source code.
No filesystem writes (except ephemeral /tmp).
Graceful shutdown on SIGTERM.
Health check endpoint responds before traffic is routed.

The Twelve-Factor App — Principles for Modern Services

The most impactful factors

Compliance checklist

Related articles

Secure Coding — OWASP Top 10 for Backend Engineers

Multi-Tenancy Patterns — Database-per-Tenant, Schema-per-Tenant, and Row-Level

REST API design principles we follow

Observability — Logs, Metrics, and Traces