Files aren't bad, but your rationale for vilifying env vars feels a bit spurious. A few counterpoints:

* You still have to parse what's in a file. If using a strongly-typed language, the parsing may be automatic as part of unmarshaling, but alphas that should have been numerals, for instance, will still cause a failure that you need to handle. In a weakly-typed language, you still have to validate the values or else you're just pushing the failure back to wherever the value is eventually used.

* Env var collisions are not a common problem when you consider that anything beyond CLIs you use in an interactive shell are likely to be managed in a fairly well-isolated way. Docker containers don't see each others env vars. Same goes for processes launched with the likes of systemd.