Env Drift — Multi-Environment Config Diff
Catch the config drift between your Terraform environments before it causes a
"worked in staging, broke in prod" incident — right inside VS Code.
Infrastructure is usually defined per environment (dev.tfvars, staging.tfvars,
prod.tfvars). Over time these silently diverge: a variable is added to one env
but not another, or a risky flag like enable_deletion_protection is true in
prod but false everywhere else. Env Drift compares them all and tells you.
Features
- 📊 Environment matrix — every variable as a row, every environment as a
column, so you see all values side-by-side. Run “Env Drift: Show Environment
Matrix.”
- 🔴 Missing-variable detection — a key defined in some environments but not
others is flagged inline.
- 🟠 Suspicious drift — high-risk keys (security/feature flags, booleans) that
differ across environments are surfaced as warnings.
- 🟢 Expected differences —
region, account_id, *_arn, etc. are ignored
by default (configurable) so you only see real problems.
- 🧩 Schema validation against
variables.tf — cross-checks each *.tfvars
against the variable "..." {} declarations in nearby .tf files:
- undeclared keys (almost always a typo Terraform would warn about), and
- required variables (no
default) not set in an environment.
This catches "would this even terraform apply?" bugs, not just drift.
- ✅ Status bar — live count of drift issues; click to open the matrix.
- 🔗 Click any value in the matrix to jump to that line in the right env file.
How it classifies each key
| Status |
Meaning |
Flagged? |
missing |
defined in some envs, absent in others |
✅ info |
suspicious |
risky key (or boolean) with differing values |
✅ warning |
different |
values differ (often legitimate: sizes, names) |
shown only |
same |
identical everywhere |
shown only |
ignored |
matched an ignore pattern (expected to differ) |
no |
Settings
| Setting |
Default |
What it does |
envDrift.enabled |
true |
Master switch |
envDrift.files |
**/*.tfvars |
Which files are environments |
envDrift.exclude |
**/.terraform/** |
Paths to skip |
envDrift.ignoreKeys |
region/account_id/… |
Keys expected to differ |
envDrift.suspiciousKeyPattern |
enable/protect/encrypt/… |
High-risk key regex |
envDrift.validateAgainstVariables |
true |
Check tfvars against variables.tf (typos + required vars) |
Each *.tfvars file is treated as one environment (named after the file, or its
parent folder for generic names like terraform.tfvars).
Install (locally)
This extension isn't on the Marketplace — install the prebuilt .vsix directly.
Download env-drift-0.1.0.vsix from the
latest release.
Install it:
code --install-extension env-drift-0.1.0.vsix
Or in VS Code: Extensions panel → ⋯ menu → Install from VSIX… →
pick the file.
Reload VS Code. Open a folder with *.tfvars files and look for the
Env Drift item in the status bar.
Prefer building from source? See Develop / run below.
Develop / run
npm install
npm run compile
npm test # parser + differ unit tests
Press F5 to launch an Extension Development Host — it opens the bundled
samples/ folder (dev/staging/prod with deliberate drift) so you can see it work
immediately. Look for the Env Drift item in the status bar.
Roadmap
- Terragrunt, per-env folders, and Kubernetes/Kustomize overlay layouts
- "Promote value" quick-fix to copy a value from one env to another
- Export drift report to Markdown for PRs
License
MIT
