Kill switches — best practice

Kill switches are a safety mechanism used to shut off machinery in an emergency, when it cannot be shut down in the usual manner.


Many large sites occasionally have some features that struggle under certain edge cases, often related to third party integrations. A typical use case is that one of the payment providers is currently down and can’t take new orders.

Kill switches makes it super easy turn these flaky features off, which is a simple way to degrade the service in order to keep the business running.


“Of course, it would be nice to not need the kill switches, but they have proven their value over time.”

Senior developer, FINN.no

But how?

The general advice is to wrap your potential flaky features in inverted feature flags. Your application should assume that the feature is working as expected as long as the feature flag is disabled. In this example we use Unleash, an easy to use feature toggles service.

Kill switch feature toggle

The feature toggle is disabled when everything is working as expected

By having the toggle disabled by default also makes sure that your application will have the feature enabled in case it can not fetch the latest version of the feature toggle.

If you detect any problems with the integration you can then easily turn on the kill switch witch will turn of the feature toggle.

Activated kill switch

When the kill switch is enabled no users will not see the flaky feature.


Unleash will in seconds inform the application to turn off the feature. That was pretty simple?

Can we automate?

Even though it is pretty simple to use inverted feature flags to introduce kill switches in your service it is important to keep the number of long-lived switches to a minimum. They are a powerful tool to manually degrade your service, by turning of non critical features, during high load.

You can also think about kill switches as a manually managed circuit breaker. Circuit breaker is a design pattern often used in software development today. The general concept is that you wrap a service call in a circuit breaker, which monitors failures and automate the process of stop logic form executing to prevent the logic from constantly failing.

Fortunately there exists libraries implementing this pattern:


  • Inverted feature flags is a simple way to manually handle kill switches.
  • Keep manually managed and long-lived kill switches to a minimum.
  • Prefer to build failure tolerance in to your application. The Circuit breaker pattern is one way to achieve that.

Share this article

Explore further


Why feature toggles brings business value

In this blog post we will look at why feature toggles brings business value into DevOps, and how. We are getting used to have the same software development team taking care of both the development and the operations of the services — it makes perfect sense to have the ones that develop the service, also […]

Read more
Industry Insights

Take control of your sprint delivery

A feature management system such as Unleash can give you full control of your sprint delivery. In this article we will explain why and how. Imagine it is sprint demo day and you feel the excitement in the room. Your team committed to 10 user stories in the beginning of the sprint three weeks ago, […]

Read more
Industry Insights

Companies today are all facing a significant strategic challenge with the digital transformation. Customers are today trained to expect simplicity and highly personalized content. Consumer market is re-defining the business market. We are all used to Google and its simplicity. Netflix. It is simple, and it is highly personalized through it’s driven behavior. Netflix  know […]

Read more