Back to Cookbook

Env Diff

Find out why it works in staging but not production

Compares configurations across your environments — Terraform state, Helm values, env vars, K8s resources — and surfaces every difference. The fastest way to find the manual change someone made in production 6 months ago.

House RecipeWork3 min

INGREDIENTS

🐙GitHub💬Slack

PROMPT

Create a skill called "Env Diff". Compare configurations across environments to find drift: 1. Compare Terraform variables (tfvars) across workspaces 2. Diff Helm values.yaml files across environments 3. Compare K8s resources using `kubectl diff` or by fetching and comparing manifests 4. Diff environment variables from deployment configs 5. Identify resources that exist in one environment but not another For each difference found: - Classify as: intentional (different sizing), drift (manual change), or missing (exists in one env only) - Flag security-relevant differences (IAM, security groups, encryption, network policies) - Suggest whether to align or document the difference Present as a clean diff report, organized by severity.

How It Works

Environment drift causes outages that are uniquely frustrating because the

code is the same — it's the configuration that differs. This skill diffs

your environments systematically.

What You Get

  • Side-by-side comparison of Terraform state/vars across workspaces
  • Helm values.yaml diff across environments (dev, staging, prod)
  • Kubernetes resource comparison (deployments, configmaps, secrets, ingresses)
  • Environment variable comparison across deployment configs
  • Identification of resources that exist in one environment but not another
  • Flagging of security-relevant differences (open ports, permissive IAM, missing encryption)

Setup Steps

  1. Tell your Claw which environments to compare (e.g., staging vs production)
  2. Point it at the relevant configs, Terraform workspaces, or K8s clusters
  3. Review the diff report
  4. Decide for each difference: align environments or document why they differ

Tips

  • Pay special attention to security-group and IAM differences — these are the dangerous ones
  • Some differences are intentional (smaller instances in dev) — mark these as acknowledged
  • Run before deployments to catch drift that could cause issues
  • Pairs well with Drift Hunter for Terraform-specific drift detection
Tags:#environments#drift#devops#troubleshooting