Turn tribal knowledge into a repeatable procedure
The most dangerous operational knowledge is the kind that lives in one engineer’s head. A runbook captures a procedure so anyone on call can execute it safely and consistently. This builder produces a structured Markdown runbook with every section a good procedure needs: overview, prerequisites, numbered steps, verification, rollback, and escalation.
How it works
The builder assembles a standard runbook layout from your inputs:
- Overview — what the procedure does and when an operator should use it
- Prerequisites — all access, tools, and conditions needed before starting (VPN, credentials, permissions)
- Procedure — your raw steps, rendered as a numbered list so they are executed in order
- Verification — how to confirm the procedure actually worked
- Rollback — how to safely undo the change if something goes wrong
- Escalation — who to page and when if the procedure fails
Each step you type on its own line becomes a numbered item, and list fields render as bullets. The output is plain Markdown that pastes cleanly into Confluence, Notion, GitHub wikis, or PagerDuty.
What makes a runbook actually useful
A runbook is not a design document or a troubleshooting guide. It is an execute-in-order checklist for a specific, bounded operation. That constraint drives every writing choice:
Be imperative and specific. “Restart the API service” fails at 3am when the operator does not know the service name. “Run systemctl restart api.service on the app server” does not.
Verification after every irreversible step. If step 4 deletes data, step 5 must confirm the right data is gone and no collateral damage occurred — before continuing. Without this, a botched deletion gets compounded by the steps that follow.
Rollback is mandatory, not optional. Even “routine” procedures sometimes need to be undone. A rotation that updates a secret in the wrong environment, or a database migration that hits an unexpected constraint, needs an unwind path. If there is no clean rollback, the runbook must say so explicitly so the operator knows to escalate rather than improvise.
The prerequisites list is a deployment blocker list. Every item on it is something that, if missing at 2am, will stop the procedure cold. Be honest: if the procedure requires production database read access, say so — do not discover it mid-step.
Example section structure
A good credential-rotation runbook looks like this in outline:
- Verify you have IAM admin access to the prod environment
- Generate the new credential in the secret manager
- Update the credential in the application config
- Verify: confirm the application is healthy after the change (
/healthendpoint returns 200) - Revoke the old credential
- Verify: confirm the old credential is rejected (attempt a connection with it and confirm it fails)
- Rollback: if the application fails after step 4, restore the old credential from the backup noted in prerequisites
That pattern — action, verify, action, verify, explicit rollback — is what separates runbooks that actually work under pressure from ones that get abandoned mid-procedure.