Brad, this is awesome, thank you for taking the time to write a code example.
You read my mind. Just minutes ago I was trying to go about the parentSettings
method you just described. I’m glad I caught your message while I still have hair left to pull out. 
Regarding module configuration priority, in defense of your argument, we sometimes allow modules to override root app configurations. For example, with cbSecurity
you can override the default config within a submodule to further refine security rules for that module. We wouldn’t want the root app to clear out all of the security rules, so your point is a good one!
On the other hand, take a generic CMS module, that should be configured with a bunch of defaults (background color, default mail config, etc). In an ideal world, the CMS module should be ready to use out of the box (pun intended) using its default configuration, with all child modules configured. Then, if the root app wants to make a customization, or break away from the defaults, they can override the settings using their /config/coldbox.cfc. Here’s an example:
// root app's config/coldbox.cfc
moduleSettings = {
myCmsModule: {
backgroundColor: "blue", // overriding the module's background color
recaptcha: { // <-- child module settings that will be overridden
publicKey: "12345",
secretKey: "54321"
}
}
}
Then… in the myCmsModule’s ModuleConfig.cfc, we could use your code to establish defaults AFTER the module is loaded with any overrides. I tweaked the code you wrote and moved it to the postModuleLoad()
method because we want to use any overridden configuration properties:
// ModuleConfig.cfc inside of myCmsModule
function configure(){
variables.settings = {
backgroundColor: "red",
recaptcha = { <-- default child module configuration
publicKey: "foo",
secretKey: "bar"
}
}
}
function postModuleLoad( event, interceptData, buffer, rc, prc ) {
var moduleSettings = controller.getSetting( 'modules' );
// If module is already registered with ColdBox, then add a setting directly
if( moduleSettings.keyExists( 'recaptcha' ) ) {
moduleSettings.recaptcha.settings.publicKey = variables.settings.recaptcha.publicKey;
moduleSettings.recaptcha.settings.secretKey = variables.settings.recaptcha.secretKey;
} else {
// Otherwise, add it to ColdBox.cfc's moduleSettings to be used when the module IS registered in the future
var coldBoxConfig = controller.getSetting( "ColdBoxConfig" );
coldBoxConfig.getVariablesMixin = wirebox.getUtility().getMixerUtil().getVariablesMixin;
var configVars = coldBoxConfig.getVariablesMixin();
// Don't assume this exists
configVars.moduleSettings = configVars.moduleSettings ?: {};
configVars.moduleSettings.recaptcha.publicKey = variables.settings.recaptcha.publicKey;
configVars.moduleSettings.recaptcha.secretKey = variables.settings.recaptcha.secretKey;
}
}
I’m still in brainstorming mode, so there may be problems with the above idea. However, I am thinking I could push this even further by creating a new method within ModuleConfig.cfc which would execute the code you wrote dynamically so each key doesn’t have to be written explicitly.