The 15 Factors | Heroku’s Twelve-Factor App

1. Codebase

One codebase, multiple deploys

  • A single repository for your application, deployed across different environments.
  • Example: A GitHub repository containing a web app, deployed to staging and production with different configurations.

Good practice:

  • Use Git for version control.
  • Use branches for feature development.

2. Dependencies

Explicitly declare and isolate dependencies

  • Use dependency managers to avoid environment-specific issues.
  • Example: Java applications use Maven/Gradle, Node.js apps use package.json.

Good practice:

  • Avoid system-level dependencies.
  • Use Docker for isolating dependencies.

3. Configuration 

Store configurations in the environment

  • Don’t hardcode configs inside the app.
  • Example: Store database URLs in environment variables instead of hardcoding them in a config.properties file.

Good practice:

  • Use .env files or Kubernetes ConfigMaps.
  • Never commit secrets to version control.

4. Backing Services

Treat external services as attached resources

  • Any service the app consumes (DBs, caches, queues) should be treated as external.
  • Example: Connect to PostgreSQL via a connection string stored in an environment variable.

Good practice:

  • Use service discovery mechanisms.
  • Avoid hardcoded resource URLs.

5. Build, Release, Run

Strictly separate build and run stages

  • The app should be built once and deployed multiple times without modifications.
  • Example: A Docker image is built and then deployed in different environments without re-compilation.

Good practice:

  • Use CI/CD pipelines for automation.
  • Maintain a clear separation between builds, releases, and runtime configurations.

6. Processes 

Execute the app as one or more stateless processes

  • Applications should not rely on local state.
  • Example: User sessions should be stored in Redis instead of memory.

Good practice:

  • Make the app horizontally scalable.
  • Store persistent data in databases or cloud storage.

7. Port Binding 

Expose services via port binding

  • Applications should be self-contained.
  • Example: A Spring Boot app runs on port 8080 and can be accessed directly.

Good practice:

  • Avoid dependency on a specific web server.
  • Use cloud-native routing mechanisms.

8. Concurrency 

Scale out via the process model

  • Run multiple instances of a service to handle increased load.
  • Example: Running multiple Node.js instances behind a load balancer.

Good practice:

  • Use Kubernetes pods or AWS Auto Scaling Groups.
  • Design applications for parallel execution.

9. Disposability 

Fast startup and graceful shutdown

  • Apps should start and stop quickly.
  • Example: Kubernetes can kill and restart pods anytime.

Good practice:

  • Handle SIGTERM signals properly.
  • Use readiness and liveness probes.

10. Dev/Prod Parity 

Keep development, staging, and production as similar as possible

  • Avoid “works on my machine” problems.
  • Example: Using Docker to match production environments locally.

Good practice:

  • Automate environment setup.
  • Use Infrastructure as Code (IaC).

11. Logs 

Treat logs as event streams

  • Logs should be aggregated and analyzed separately.
  • Example: Use ELK stack (Elasticsearch, Logstash, Kibana) for log management.

Good practice:

  • Send logs to a centralized system.
  • Avoid writing logs to local files.

12. Admin Processes 

Run administrative tasks as one-off processes

  • Admin tasks should be separate from the main app.
  • Example: Running database migrations via a command-line tool.

Good practice:

  • Use Kubernetes Jobs for periodic admin tasks.
  • Avoid embedding admin logic inside the main app.

13. API First 

Design services with an API-first approach

  • Define APIs before implementing them.
  • Example: Using OpenAPI (Swagger) to design and document RESTful services.

Good practice:

  • Use API gateways for management.
  • Ensure backward compatibility.

14. Telemetry 

Implement robust monitoring and observability

  • Monitor performance, failures, and user activity.
  • Example: Using Prometheus + Grafana for real-time metrics.

Good practice:

  • Collect application metrics and traces.
  • Use distributed tracing (e.g., OpenTelemetry).

15. Authentication & Authorization 

Secure access to applications and services

  • Implement authentication and role-based authorization.
  • Example: Use OAuth2 + JWT for secure API authentication.

Good practice:

  • Follow zero-trust security principles.
  • Use centralized identity management (e.g., Keycloak, Auth0).
Back to blog

Leave a comment

Please note, comments need to be approved before they are published.