Detect drift. Automate remediation. Execute with control.
Nautobot Golden Config helps network teams move beyond passive configuration compliance reporting toward true configuration assurance. It backs up device configurations, generates intended state from Nautobot data, identifies noncompliance, automatically creates remediation commands, and turns that output into executable configuration plans that can be deployed directly or routed through an approval workflow before execution.
Detecting configuration drift is not the hardest part of network operations. The real challenge is detecting what has changed, on which devices and and efficiently remediating configurations once noncompliance is found.
Most teams can identify that a device has moved away from the intended standard. But too often, the next steps are still manual: interpret the delta, determine the right corrective commands, package the fix, pass it through change control, and then deploy it safely. That slows response times, increases operational risk, and makes consistency harder to maintain across multi-vendor environments.
Traditional backup and compliance tools often stop at visibility. They show differences between intended and actual state, but they do not give teams a repeatable, governed path to correction. The result is more manual effort, more room for error, and more friction between compliance findings and operational execution.
Common challenges include:
Bottom line:
If your tools identify noncompliance but do not help generate and deploy the corrective action, you still have a manual operations problem.
With Golden Config, configuration management becomes proactive, structured, and easier to govern.
Instead of stopping at “this device is out of compliance,” your team can define intended state, detect deviations, automatically generate remediation, convert that remediation into a config plan, and move the config plan into execution through the workflow that fits your environment. That might mean direct automation for routine cases or an approval queue for changes that require management review before they are run.
With Golden Config, teams gain:
Instead of manually crafting CLI fixes from scratch, engineers can work from structured, reviewable plans aligned to operational policy. Compliance improves. Auditability improves. Time to correction improves. And network changes become easier to standardize at scale.
Bottom line:
Golden Config transforms configuration management from passive reporting into an automated, remediation-driven lifecycle aligned to modern NetDevOps practices.
Nautobot Golden Config gives teams more than configuration visibility. It provides a NetDevOps workflow to identify drift, automatically generate remediation data, turn that remediation into a config plan, and move the change into deployment with the right level of control. Golden Config’s remediation is an automated process that compares current and intended state and generates the data needed to return a feature to compliance. It also supports config plans derived from remediation output and configuration deployment to devices.
Golden Config uses Nornir to connect to devices, collect running configurations, optionally process those configurations, and store them in Git repositories. That gives teams version control, traceability, and a durable history of network change over time.
Intended-state configuration generation
Golden Config compares actual and intended configurations at the compliance-feature level. This gives teams a structured way to detect drift in the areas that matter most to their standards, policies, and operating model.
Compliance report in a brownfield environment at launch
Compliance report in a brownfield environment after remediations
This is where Golden Config becomes especially powerful. The remediation workflow compares current and intended state and automatically generates remediation data designed to bring a configuration feature back into compliance. The remediation engine can use intended, missing, and extra configuration data as inputs, improving efficiency and reducing manual effort and human error.
Golden Config can generate config plans from several sources, including remediation configurations created during the compliance process. Those plans are tied to a single device and can include change-control IDs and URLs, making them easier to group, track, review, and govern before deployment.
Golden Config’s natural progression is config deployment, generating a device configuration, and pushing the configuration to the network device. In environments using Nautobot approval workflows, jobs can either run immediately or be added to the Approval Dashboard for review; once all required approvals are obtained, the job is automatically placed in the execution queue. That enables a practical model for automated remediation in lower-risk scenarios and approval-governed remediation in more controlled environments.
Golden Config does not require an all-or-nothing rollout. Teams can use any combination of these features, including integrating Golden Config with existing backup approaches while still using compliance, remediation, or config generation workflows.
Ready to unify your network data and accelerate automation?
Deploy Nautobot SSoT to centralize your Sources of Record, eliminate integration sprawl, and build automations on a trusted foundation.
Nautobot Golden Config is a Nautobot app that provides a NetDevOps approach to configuration compliance, with use cases including backups, intended configuration, compliance, remediation, and deployment.
It compares actual configurations gathered through backups against intended configurations generated from Nautobot’s data and templates, using compliance features to identify where devices have deviated from the intended state.
Yes. The remediation workflow automatically generates remediation data by comparing current and intended state, and it can use intended, missing, and extra configuration data to build the corrective output.
Yes. Golden Config can generate config plans from remediation configurations produced by the configuration compliance process, giving teams a structured, deployable plan rather than forcing them to build corrections manually.
Yes. Golden Config supports deployment, and Nautobot supports approval workflows for scheduled jobs. Jobs that do not require approval can run immediately; those that do require approval are added to the Approval Dashboard, and once approved they are automatically placed in the execution queue.
Yes. Config plans can include optional change-control IDs and change-control URLs, which makes them easier to group, filter, and connect to external change-tracking processes.
The Golden Configuration application generates a device configuration and pushes it to the target network device. Golden Config also uses Nornir-based processes in its backup and intended configuration workflows, reinforcing its automation-oriented operating model.
Yes, the application provides a broad list of compliance platforms, including Arista EOS, Cisco IOS, IOS XR, NX-OS, Juniper Junos, Fortinet FortiOS, Nokia SR OS, Palo Alto PAN-OS, and others.
Share details about yourself & someone from our team will reach out to you ASAP!
