The 12-Factor App: A Checklist for Modern Software Engineering

Hey readers,

I once inherited a project where deploying a simple bug fix took two days and a 15-page Word document. We had hardcoded IP addresses, secret keys checked into Git, and a build process that only worked on one developer’s machine (and he was on vacation). It was a nightmare.

That experience taught me a hard lesson: writing code is only half the battle. Building software that can actually survive in the wild—that can be deployed, scaled, and maintained without losing your mind—is a different skill entirely.

That’s what the 12-Factor App methodology is all about. It’s not a specific technology or framework. It’s a set of rules for building modern, robust, and scalable applications. Think of it as a constitution for your codebase.

Naima: You can get our PDFs from the bottom of this post, that include detailed learning roadmaps for AI Agents, frontend and backend web development, complete with suggested study timelines and links to books, YouTube tutorials, and certificate courses.

If you’re tired of painful deployments and legacy code that’s impossible to debug, this guide is for you. Let’s break down the 12 factors that separate the pros from the amateurs.

---

The 12 Factors

I. Codebase (One Codebase, Many Deploys)

A 12-factor app is always tracked in a version control system like Git. There is only one codebase per app, but there can be many deploys (e.g., a development, staging, and production environment).

• Analogy: Think of it as a single master blueprint for a car. You can use that same blueprint to build a standard model, a sport model, and a luxury model. The core design is the same, but the final versions differ.

• Why it matters: This rule ensures that you always know the source of truth. If the code is in Git, it’s the app. If it’s not, it doesn’t exist. This eliminates the “it works on my machine” problem because everyone is working from the same script.

II. Dependencies (Explicitly Declare and Isolate)

Your app should never rely on system-wide packages. All dependencies should be declared explicitly in a manifest file (package.json, requirements.txt, pom.xml) and isolated using a tool (npm, pip, Maven).

• Analogy: This is like providing a detailed ingredient list and a sealed box for your recipe. You don’t just say “use flour”; you say “use 200g of King Arthur bread flour” and package it with the kit.

• Why it matters: It makes setup predictable and reliable. A new developer can check out the code, run one command (e.g., npm install), and have the exact same dependencies as the production server. No more hunting for missing libraries.

III. Config (Store in the Environment)

Configuration—anything that varies between deploys (database URLs, API keys, credentials)—must be stored in the environment, not in the code.

• Analogy: Think of your code as a universal TV remote. The remote works for any TV, but you have to point it at the specific TV you want to control. The TV is the environment. The remote (your code) doesn’t have the TV’s location hardcoded into it.

• Why it matters: This is a massive security and flexibility win. Storing config in the environment means you can open-source your code without exposing secrets. It also means you can promote the exact same code from staging to production just by changing the environment variables.

IV. Backing Services (Treat as Attached Resources)

A backing service is any service the app consumes over the network, such as a database, a message queue, or an email service. A 12-factor app makes no distinction between local and third-party services.

• Analogy: Your app is a house, and backing services are utilities like water, gas, and electricity. You don’t care if the power comes from a local generator or the city’s power plant. You just connect to the grid (the URL) and it works.

• Why it matters: This makes your application incredibly flexible. You can swap a local PostgreSQL database for an Amazon RDS instance just by changing a config URL. No code changes required.

V. Build, Release, Run (Strictly Separate Stages)

This factor demands a strict separation between the three stages of turning code into a running application.

1. Build Stage: Converts a code repo into an executable bundle called a “build.”
2. Release Stage: Takes the build and combines it with the deploy’s current config. The resulting “release” is a unique, immutable entity.
3. Run Stage: Runs the app in the execution environment by launching the release.

graph TD;
    A[Code Repository] -->|git push| B(Build Stage);
    B -->|Creates| C[Build Artifact];
    C --> D{Release Stage};
    E[Environment Config] --> D;
    D -->|Creates| F[Immutable Release];
    F --> G(Run Stage / Production);
    F --> H(Run Stage / Staging);

• Why it matters: It prevents changes from being pushed directly to production. Every release has a unique ID, so you can easily roll back to a previous version if something goes wrong. It makes the deployment process predictable and safe.

VI. Processes (Execute as Stateless Processes)

The app should execute as one or more stateless processes. Any data that needs to persist must be stored in a stateful backing service (like a database or object storage).

• Analogy: Think of your app’s processes as fast-food cashiers. They don’t remember you from your last visit. Each transaction is a fresh start. Your order history (the state) is stored in the central computer system (the database).

• Why it matters: Statelessness is the key to horizontal scalability. Because any process can handle any request, you can simply add more processes to handle more traffic. It also makes the system more resilient; if a process crashes, you lose nothing.

VII. Port Binding (Export Services via Port Binding)

A 12-factor app is completely self-contained. It doesn’t rely on a webserver (like Apache or Nginx) being injected into the execution environment. Instead, it exports its service by binding to a port.

• Analogy: Your app is a food truck. It has its own kitchen and its own service window (the port). It doesn’t need to be installed inside a restaurant to serve customers.

• Why it matters: This makes your app portable. It can be run as a local service for development, or as a process in a larger cloud environment for production. It becomes just another resource that can be consumed by other services.

VIII. Concurrency (Scale Out via the Process Model)

In a 12-factor app, you don’t scale up by making one process bigger and more powerful (vertical scaling). You scale out by adding more processes (horizontal scaling).

• Analogy: Instead of hiring one super-strong worker to move a pile of bricks, you hire ten regular workers. If you need to move bricks faster, you just hire more workers.

• Why it matters: This model is built for the cloud. It’s far cheaper and more resilient to scale out with commodity processes than to scale up with expensive, monolithic servers.

IX. Disposability (Maximize Robustness)

Your app’s processes should be disposable, meaning they can be started or stopped at a moment’s notice. This implies fast startup times and graceful shutdowns.

• Analogy: Think of your processes like lightbulbs. They can be turned on or off instantly. When one burns out, you just screw in a new one.

• Why it matters: This allows for rapid elastic scaling, fast deployments, and robust systems. When a process crashes or a deploy happens, the system can gracefully replace the old processes with new ones without downtime.

X. Dev/Prod Parity (Keep Environments Similar)

The gap between development and production environments should be as small as possible.

• Analogy: You wouldn’t practice for a Formula 1 race in a go-kart. You’d use a car that’s as close to the real thing as possible.

• Why it matters: This reduces the risk of unexpected bugs showing up in production. By using the same backing services (e.g., PostgreSQL in dev, not SQLite) and the same deployment process, you can be confident that if it works in development, it will work in production.

XI. Logs (Treat as Event Streams)

A 12-factor app never concerns itself with writing to or managing log files. Instead, it writes all logs to standard output (stdout) as a continuous event stream. The execution environment is responsible for capturing and routing that stream.

• Analogy: Your app is a radio announcer. It just speaks into the microphone (stdout). It doesn’t care if the signal is being recorded, broadcast live, or ignored. The radio station (the environment) handles all of that.

• Why it matters: This decouples your application from the logging infrastructure. You can switch your log aggregator from Splunk to Datadog to a local file without changing a single line of code.

XII. Admin Processes (Run as One-Off Processes)

Administrative tasks, like running database migrations or a REPL, should be run as one-off processes in the same environment as the regular long-running processes.

• Analogy: This is like using a service elevator in a skyscraper. It runs on demand, has access to all the same floors as the main elevators, but it’s used for a specific, temporary task.

• Why it matters: It ensures that admin tasks are run against the same codebase and config as the running application, preventing drift and errors. The code for these tasks ships with the application code.

---

So, what’s the next move?

You don’t have to adopt all 12 factors overnight. But you should start thinking about them.

Here is a challenge for you: Pick one factor that your current project violates the most. Is your database config hardcoded? Do you FTP files to deploy? Find that one weak spot and create a plan to fix it.

Adopting these principles will force you to build cleaner, more resilient, and more professional software.

Thanks for reading!

Bou~codes and Naima from 10xdev blog.

PDF Roadmaps:

1. A PDF Guide for Learning AI Agents

2. A PDF Guide for Learning Frontend Development

3. A PDF guide for becoming a JavaScript Developer.

4. A PDF guide for becoming a Backend Developer.