config_writeback

Config Writeback closes a common gap on self-hosted Drupal sites: configuration
changes made through the admin UI (content types, views, fields, permissions,
and more) live only in the database until someone runs

drush
config:export

and commits the result to git. That step usually requires
SSH access to the server, which the people making the changes — site
builders and content administrators — often do not have.

This module adds a Git Writeback tab directly on the existing
Configuration Synchronization page. An authorized user enters the git
repository URL and a token, reviews a diff of what changed, and confirms. The
module exports the active configuration, commits it to a new feature branch,
pushes it to the remote, and shows a ready-made "Create Pull Request" link. No
terminal, no Drush, no server access required.

Features

One-click config export to git — clones the repository, exports active config with Drupal's config storage API, commits to a timestamped feature branch (e.g. master_04102026_163045), and pushes, all from one form.
Diff preview before pushing — shows a stat-style diff of changed configuration files so the user can confirm exactly what will be written back before anything is pushed.
Pull request links generated automatically — detects Bitbucket or GitHub from the repository URL and builds a "Create Pull Request" link, pre-checking "Delete source branch after merge" on Bitbucket.
Per-environment branch locking — set the target branch in settings.local.php per environment so production, staging, and dev can never accidentally target the wrong branch.
Webroot auto-detection — figures out whether the Drupal docroot sits at the repository root or in a subdirectory like web or docroot, without relying on git, by walking up to the nearest Composer project root.
Config Ignore integration — when the Config Ignore module is present, environment-specific config can be excluded from (or deliberately included in) the writeback, with diff annotations showing which files were affected.
No stored credentials — the token is used only for the duration of the git operation, is never written to config, the database, or logs, and any error output containing the authenticated URL is sanitized before display.

Use this module if you run a custom-hosted Drupal site (shared hosting, a VPS,
Docker, or similar) where site builders need to get their configuration
changes into version control but do not have CLI or SSH access. It is
especially useful for agencies maintaining several client sites on
infrastructure they do not fully control.

Post-Installation

After enabling the module, go to People → Permissions and
grant the Use Config Writeback permission to trusted
administrator roles only — it is marked "restrict access" by default
because it allows pushing to an external git repository.

There is no separate settings page. Once the permission is granted, a new
Git Writeback tab appears on
/admin/config/development/configuration. From there:

Enter the git repository URL (including your username) and an app password or personal access token.
Click Generate Diff to review which configuration files would change.
Click Confirm Writeback to push the feature branch, or Cancel to back out.
Follow the generated link to open a pull request.

For production use, it is strongly recommended to lock the branch (and, if
your repository layout is non-standard, the webroot) per environment in
settings.local.php:

$settings['config_writeback']['branch'] = 'master';
$settings['config_writeback']['webroot'] = 'web';

When the branch is locked, the form field becomes read-only so the configured
value is always visible but cannot be changed by mistake.

Additional Requirements

Drupal 10 or 11.
PHP 8.1 or newer.
The git binary available to the web server process.
Outbound HTTPS access from the server to your git remote (GitHub, Bitbucket, etc.).
proc_open() must not be disabled in php.ini (the module shells out to git via Symfony's Process component).
A Bitbucket App Password or GitHub Personal Access Token with repository read/write scope.

This module is not recommended for Acquia, Pantheon, or Platform.sh, since
those platforms enforce their own git-based configuration and deployment
workflows, and may restrict outbound git operations or proc_open()
from the web server.

Recommended modules/libraries

Config Ignore (3.3 or newer) — if installed, Config Writeback automatically detects it and lets you choose whether to include or exclude config matched by your ignore patterns when writing back, which is useful for preserving environment-specific settings.

No other libraries beyond Drupal core and its bundled Symfony components are required.

Similar projects

The closest comparison isn't another module but the manual workflow Config
Writeback replaces: running drush config:export over SSH and
committing/pushing by hand. That approach works fine for developers with
server access, but excludes site builders and content editors who lack it.
Config Writeback's distinguishing feature is doing the export, branch
creation, commit, and push from the admin UI in one step, plus generating a
ready-to-use pull request link.

It is complementary to, not a replacement for, modules like
Config Split (manages
per-environment config overrides) and
Config Filter (a
plugin framework for altering what gets exported) — both can be used
alongside Config Writeback as part of the same export pipeline.

Supporting this Module

There is no Patreon or OpenCollective for this project at this time. The best
way to support development is by filing detailed issues, submitting patches or
merge requests, and helping triage the issue queue.

Community Documentation

There is no external walkthrough or demo site yet. Contributions of a
DrupalPod demo link, screencast, or written walkthrough are welcome via the
issue queue.