What is a kill switch, and how does it work? [2023]

Updated 2023

In a nutshell, kill switches are a safety mechanism used to shut off machinery in an emergency. They’re usually activated when the machinery can’t be shut down like normal.


Use a kill switch to better control edge case flakey features

Here’s how it works in a development context:

Many large sites occasionally have some features that struggle under certain edge cases. This often comes from third-party integrations. Typical use case: One of a site’s payment providers is down and can’t take new orders.

Kill switches makes it super easy to turn these flaky features off. They’re a simple way to degrade a service in order to keep your business running.

“Of course, it would be nice to not need the kill switches, but they have proven their value over time.”

Senior developer, FINN.no

How does it work?

A good general practice is to wrap your flaky feature in an inverted feature flag. Your application should assume that the feature is working as expected so long as the feature flag is disabled.

Here’s what it looks like in Unleash:

A killswitch for the fancy payment option. It is disabled in production.

The feature flag is disabled when everything is working as expected.

When you disable a flag by default, your application will still have the feature enabled. This is in case it can’t fetch the latest version of the feature flag.

If you detect any problems with the integration, you can then easily turn on the kill switch. The feature will then turn off the feature flag.

A killswitch for the fancy payment option. The killswitch is enabled.

When the kill switch is enabled, users will not see the flaky feature.

It takes just seconds for Unleash to let the application know it should turn off the feature. It’s that easy.

Can you automate kill switches?

It’s pretty simple to use inverted feature flags to introduce kill switches into your service.

Still, it’s important to keep the number of long-lived kill switches to a minimum. You should treat them as a powerful tool to manually degrade your service by turning off non-critical features during high load.

You can think of kill switches as manually managed circuit breakers. The general concept is that you wrap a service call in a circuit breaker. The breaker is used to monitor failures.

The circuit breaker also automates processes that stop the logic from executing. This keeps the logic from constantly failing.

You can find circuit breakers in a number of libraries:


  • Use inverted feature flags to manually handle kill switches.
  • You should keep manually managed and long-lived kill switches to a minimum.
  • It’s a good idea to build failure tolerance into your application through patterns like circuit breakers.

Want to try out Unleash?


Share this article