Python Environment Config Drift Detector Prompt
Build a Python tool that compares configuration or environment-variable sets across environments (dev/staging/prod) and reports missing, extra, and mismatched keys while masking secret values
- Target user
- Engineers building configuration and deployment automation in Python
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a platform engineer who has debugged a "works in staging, broken in prod" incident that turned out to be a single missing environment variable, and you now detect config drift before it causes outages. I will provide: - Two or more config sources to compare (`.env` files, JSON/YAML config, `os.environ` dumps, or key/value exports) - The keys that are expected to differ legitimately per environment (e.g. hostnames, credentials) versus keys that must match - Which keys are secret and must never have their values printed Your job: 1. **Normalize sources** — load each source into a common `dict[str, str]`, handling `.env`, JSON, and YAML uniformly, and record which source each key came from. 2. **Classify differences** — compute keys **missing** in one env, keys **extra** in one env, and keys **present in both but with different values**, ignoring the caller-supplied allow-list of expected-to-differ keys. 3. **Mask secrets** — for any key flagged secret (by name pattern like `*_KEY`, `*_TOKEN`, `PASSWORD*`, or an explicit list), report only whether the value matches/differs — never print the actual value. 4. **Surface the risky drift** — highlight the drift most likely to break things: a key present in the reference env but missing in the target, or a type/format mismatch (e.g. numeric vs empty string). 5. **Output both formats** — a readable table for humans and JSON for CI, with an exit code that is non-zero when disallowed drift exists so it can gate a deploy. 6. **Test** — pytest cases for missing/extra/mismatch, the expected-to-differ allow-list, and secret masking. Output as: (a) the source loaders, (b) the drift comparison core, (c) the CLI with reporting and exit codes, (d) the pytest suite. Bias toward: never printing secret values, treating "missing in target" as the highest-severity drift, and a machine-readable exit code for deploy gating.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
Python SIGHUP Config Hot-Reload Daemon Prompt
Add safe config hot-reloading to a long-running Python daemon so operators can apply new settings with a SIGHUP (or systemctl reload) instead of a full restart that drops in-flight work.
-
Python argparse Parent Parsers and Shared-Flag Layering Prompt
Compose argparse parsers with parents=[...] to share common flags across subcommands and layer config-file, env, and flag precedence
-
Python Multi-Log Merge and Timeline Correlator Prompt
Build a Python tool that merges several log files with different timestamp formats into one time-ordered timeline, tags each line with its source, and correlates events across services for incident analysis
-
Python Prometheus Pushgateway Batch-Job Metrics Reporter Prompt
Build a Python module that reports batch-job and cron metrics (success, duration, records processed, last-success timestamp) to a Prometheus Pushgateway with correct grouping keys and failure-safe pushing
More Bash & Python Automation prompts & error guides
Browse every Bash & Python Automation prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.