Back to all posts

Access to Spacelift state backend

We would like Spacelift to support exposing its managed Terraform/OpenTofu HTTP state backend in a way that allows authorised users to run plan and apply locally against the same state backend used by Spacelift-managed stacks.

The goal is to support a break-glass operational process where, in exceptional circumstances, we can run Terraform/OpenTofu locally while still using Spacelift as the source of truth for state and locking.

Ideally, this would allow local Terraform/OpenTofu runs to:

  • Use the Spacelift-managed state backend directly

  • Respect Spacelift state locking

  • Prevent concurrent Spacelift pipeline runs while local operations are in progress

  • Avoid having to manually reconcile or “fold back in” state changes made outside of Spacelift

Workaround
We currently run custom after-commit scripts to pull state from Spacelift and back it up externally, such as to S3, for disaster recovery purposes.
Problem
State files are a critical asset in Terraform/OpenTofu workflows. While we can mirror state externally for disaster recovery, there is no supported break-glass process for safely planning and applying a stack locally while continuing to use Spacelift’s state and locking mechanisms. Without public or controlled access to the Spacelift HTTP state backend, any local emergency apply would need to use a copied or externalised version of the state. This introduces operational risk because state changes made outside Spacelift then need to be reconciled back into the platform afterwards, and Spacelift’s normal locking guarantees are bypassed.

Please authenticate to join the conversation.

Upvoters
Status

👀 In Review

Board

💡 Feature Requests

Tags

OpenTofu

Date

About 14 hours ago

Subscribe to post

Get notified by email when there are changes.