Exploring DevOps Config

Release version: Xanadu

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Exploring DevOps Config

DevOps Config provides a centralized platform to store, manage, and validate all your configuration data as a single source of truth. It helps prevent configuration drift by enabling root cause analysis of unintended changes, comparing current and past configurations, and rolling back to desired states when necessary. Although it will be hidden and no longer activated on new instances starting with the Washington D.C. release, existing instances will continue to be supported.

Show full answer Show less

Key Features

Centralized Management: Consolidates configuration data from multiple sources with role-based access control, enhancing security and governance.
Validation Before Deployment: Automatically validates configuration data against policies before deployment to prevent risky or non-compliant changes. Policies can be customized and include generic checks from the DevOps Config Policy content pack.
Integration with CI/CD Pipelines: Enables automated gates in deployment pipelines or scripts to block deployments if configuration changes are deemed risky or non-compliant.
Use of DevOps Config API: Allows DevOps teams to programmatically manage and validate configuration data, supporting faster and safer release cycles.
Application Modeling: Creating an app in DevOps Config serves as a container for configuration data and links with other ServiceNow products like DevOps Change Velocity for enhanced lifecycle visibility.
Powered by CDM and PaCE: Utilizes Configuration Data Management and Policy as Code Engine for effective configuration and policy management.

Key Outcomes

Reduced Configuration Drift: Quickly identify and resolve configuration-related incidents by comparing snapshots of configuration data over time.
Improved Compliance and Risk Mitigation: Ensure that all configuration changes comply with corporate policies before being applied in production, reducing the likelihood of outages or security issues.
Seamless Adoption: Integrates with existing DevOps toolchains without requiring new tools or workflow changes for app engineers and IT infrastructure owners.
Enhanced Collaboration: DevOps teams, engineers, and IT personnel benefit from a unified platform that supports faster, safer deployments and better visibility into configuration management.

Use DevOps Config to store and manage all of your config data as a single source of truth. You can also use DevOps Config to validate your config data before deployment, and resolve conflicts in deployed config data.

Important:

Starting with the Washington D.C. release, DevOps Config is being prepared for future deprecation. It will be hidden and no longer activated on new instances but will continue to be supported.

Watch this short video to see how config data snapshots in DevOps Config can help you identify issues caused by unintended config data changes.

Use root cause analysis of configuration-related outages or alerts to quickly identify and resolve unintended config data changes, also known as configuration "drift." Compare current and past versions of intended config data changes attached to change requests, and roll back to the desired state when needed.

For more information, see Investigate an alert that involves a change to config data.

DevOps Config Use Cases for applications and Infrastructure as Code

Manage your configuration data

DevOps Config becomes the single source of truth for your configuration data, rather than the source tool. A consolidated model manages and secures config data across multiple sources with role-based access control.

Although DevOps Config prevents non-compliant changes by validating your configuration data before deployment, security of the configuration data can't be enforced if the data is kept at the source and not stored in DevOps Config.

Workflow
DevOps Config manages all your data in one location, validates it as it's written, and exports, when needed.
DevOps Engineer persona
Use DevOps Config and DevOps Config API to manage and validate configuration data. Thus, enabling DevOps teams to release at a faster speed, ensuring that no risky or non-compliant changes are introduced in production.
Use automated gates in a CI/CD pipeline or deployment script so that a deployment is stopped if any change to the application or infrastructure configuration is deemed risky or non-compliant.
Manage DevOps Config as more policies are added and more exporters are defined.

Validate your configuration data

DevOps Config acts as a test tool by automatically validating your configuration data before deployment to prevent non-compliant changes, while ensuring adherence to policy frameworks.

Validation before deployment occurs by executing policies on the configuration data. The DevOps Config Policy content pack includes generic policies that check for standard issues, but can be customized based on use case.

Workflow
When configuration data is changed or added, DevOps Config runs policies on the configuration data that's stored across multiple sources, validates it, and returns the outcome.
In the pipeline, the decision on whether to deploy is made, and the configuration data is retrieved from the source (Git, for example) to deploy.
App Engineer (or IT infrastructure owner) persona
Use DevOps Config to validate configuration data. Thus, making sure no risks are introduced and that all changes are compliant with company policies before any changes are applied in a production environment.
Since the tool integrates with the existing toolset, there's no change to the way work is done and there are no new tools to learn. Changes made to configuration data are validated in the background, and when the outcome is reported, action can be taken.