DEV Community

Federico Distaso
Federico Distaso

Posted on

We Broke Staging With a One-Line Config Change (And Didn’t Notice Until It Was Too Late)

#security #cicd #webdev #infrastructure

Last month we broke staging with a one-line configuration change.
Not code.
Not infrastructure.
Not a database migration.
One line in a JSON file.

Everything passed CI.
Everything deployed successfully.
And then authentication silently started failing.

Here’s what happened.
The Change That Looked Harmless
We had a typical configuration file:

{
  "Api": {
    "BaseUrl": "https://staging.api.internal",
    "Token": "abc123"
  }
}
Enter fullscreen mode Exit fullscreen mode

A developer rotated a token and changed it to:

"Token": "abc13"
The PR looked clean.

No compilation errors
Tests passed
Linting passed
CI was green
It was merged and deployed.
Within minutes, staging services started returning 401 errors.
Nothing crashed.
No obvious exception.
Just authentication silently failing.

Why CI Didn’t Catch It
Because CI checks syntax, not impact.

It validated:
JSON formatting
Unit tests
Build integrity
But it never asked:

“Did a sensitive value just change?”
The pipeline didn’t know that Token was critical.
It just saw a string change.

The Real Problem
Configuration files are treated as passive data.
But configuration is behavior.
Changing a token, connection string, endpoint, or feature flag can change system behavior completely.
And yet most pipelines treat config like harmless text.

A Simple Defensive Pattern
After this incident, we started experimenting with a simple idea:
Snapshot the configuration
Make the change

Compare snapshots
Enforce a policy
The goal wasn’t to block every change.
The goal was to detect high-risk changes before deployment.

Example:

impactcheck json appsettings.json --snapshot before.json
Modify the file.

impactcheck json appsettings.json --snapshot after.json
impactcheck diff before.json after.json --policy strict
If a sensitive key changes (like Token, ConnectionString, or an endpoint), the tool exits with:
1
Which can block CI automatically.
Instead of discovering the issue in staging,
you discover it in the pull request.

Extending the Idea
The same thinking applies to:
XML config files
.config files in .NET apps
Even system-level DLL changes
A replaced DLL might be loaded by multiple Windows services.
A small change might have a large blast radius.

The key idea is always the same:
Measure impact before deploy.
Why This Matters
Most production incidents aren’t caused by exotic distributed system failures.

They’re caused by:
Misconfigured tokens
Wrong endpoints
Invalid connection strings
Configuration drift
They look harmless in a diff.
But they change system behavior.

We review code carefully.
We test infrastructure carefully.
Maybe it’s time we treat configuration with the same respect.

If you’ve ever had a staging or production issue caused by a config change,
I’d love to hear about it.

Project:
[https://github.com/fede456/ImpactCheck-v1.0.0-Windows/releases/tag/v1.0.0]

Top comments (0)