ConfigStack

Docs

Download your Stack, run Stack Doctor, set baselines, and integrate with CI.

Stack Doctor

Stack Doctor detects configuration drift and structural issues. Use it in the app (Stack page → Run Stack Doctor) or via the API/CLI. No secret values are ever returned.

  • Cross-environment comparison: Compare current stack vs another environment (e.g. Staging vs Production) or vs a snapshot.
  • High-risk key detection: Keys that look like secrets (e.g. containing "password", "token", "secret") are flagged when missing in the target.
  • Severity and scoring: Results are CLEAN, LOW, MEDIUM, or HIGH with a numeric risk score. Use --fail-on in CI to gate on severity.

See How it works on the homepage and CI Gate below for usage.

Baselines

Each environment can have one baseline snapshot — the reference point for drift comparison.

  • Set baseline: Versions tab → choose a snapshot → "Set as Baseline". One baseline per environment.
  • Default comparison: Stack Doctor preselects the baseline so you can compare current vs baseline in one click.
  • CI: Omit --target to compare source environment against its baseline.

Ignore Rules

Exclude specific keys or patterns from Stack Doctor results. Useful for keys that differ intentionally (e.g. feature flags).

  • EXACT: Ignore a single key (e.g. FEATURE_X_ENABLED).
  • PREFIX: Ignore all keys starting with a prefix (e.g. DEBUG_).

Manage from the Stack Doctor modal or project settings. Rules apply to all runs, including CI.

Download Stack

Download any Stack as .env or JSON. Use the app (Stack page → Download) or API/CLI with an API token.

API
Authorization: Bearer <token>

# .env format

GET https://configstack.dev/api/v1/stacks/<stackId>/export.env

# JSON format

GET https://configstack.dev/api/v1/stacks/<stackId>/export.json

Or use the CLI: configstack export — see CLI docs.

CLI (configstack-cli)

The configstack-cli package lets you verify tokens, download Stacks, and run Stack Doctor in CI. Uses an API token from Settings → API tokens.

Install
npx configstack-cli --version
npm install -g configstack-cli    # or: npm install --save-dev configstack-cli
Commands (after install: configstack)
configstack whoami --token <token>
configstack export --stack <stackId> --format env --token <token>
configstack doctor --source <env-id> --target <env-id> --fail-on medium --token <token>

Full details: CLI documentation

CI GatePro feature

Fail your pipeline when drift or risk exceeds a threshold. Auth is Bearer token only. No secret values are returned.

API: POST /api/v1/doctor/check

# Compare two environments

curl -s -X POST "https://configstack.dev/api/v1/doctor/check" \
  -H "Authorization: Bearer $CONFIGSTACK_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"sourceEnvironmentId":"<src-env-id>","targetEnvironmentId":"<tgt-env-id>","failOn":"MEDIUM"}'

# Compare source to baseline (omit target)

curl -s -X POST "https://configstack.dev/api/v1/doctor/check" \
  -H "Authorization: Bearer $CONFIGSTACK_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"sourceEnvironmentId":"<env-id>","failOn":"MEDIUM"}'
CLI (configstack-cli)
npx configstack-cli doctor --source <env-id> --target <env-id> --fail-on medium --api-url https://configstack.dev --token <token>
GitHub Actions example
- name: Stack Doctor check
  run: |
    npx -y configstack-cli doctor \
      --source ${{ secrets.CONFIGSTACK_SOURCE_ENV }} \
      --target ${{ secrets.CONFIGSTACK_TARGET_ENV }} \
      --fail-on medium \
      --api-url https://configstack.dev \
      --token ${{ secrets.CONFIGSTACK_TOKEN }}

GitHub Action (load env)

Use the ConfigStack GitHub Action to pull config into your workflow and write .env or config.json.

Example
Add CONFIGSTACK_TOKEN as a repo secret.
- name: Load ConfigStack env
  uses: your-org/configstack-action@v1
  with:
    environment-id: ${{ env.CONFIGSTACK_ENVIRONMENT_ID }}
    token: ${{ secrets.CONFIGSTACK_TOKEN }}
    format: env  # or json
    output-file: .env  # optional

Back to homeCLI docsPricing