Save as configcompare (requires jq , yq ):
✅ Normalize the format (sort keys, pretty-print) ✅ Strip volatile fields (timestamps, IDs, versions) ✅ Use semantic diff ( jq / yq + diff ) ✅ Ignore comments and whitespace where appropriate ✅ Visualize with color/word-diff for complex changes
Now compare the normalized files:
For deeply nested configs, use git diff --no-index with color:
ConfigCompare is a process used to compare the configurations of two or more systems, networks, or applications to identify differences and similarities. This process involves collecting configuration data from each system, parsing and analyzing the data, and then generating a report highlighting the discrepancies. ConfigCompare can be applied to various IT domains, including network configuration management, software configuration management, and cloud infrastructure management. configcompare
By automating the comparison of configurations, teams move from reactive debugging ("Why is it broken?") to proactive assurance ("We know exactly what changed"). Whether you use open-source tools like dyff and jd (JSON Diff) or build custom scripts into your pipeline, making configuration comparison a standard part of your workflow is the smartest way to eliminate "it works on my machine" syndrome forever.
Security teams can compare the "Golden Image" configuration against what is currently running in production. This detects "Shadow IT" configurations or unauthorized changes that bypass the standard approval process. Save as configcompare (requires jq , yq ):
To get the most out of ConfigCompare, organizations should follow best practices, including: