Back to all posts

Feature Request: Native Spacelift Provider Mirror & Transparent Cache

Spacelift should provide a native, managed way to mirror or cache OpenTofu and Terraform providers to ensure build reliability and performance. Currently, every Spacelift run is directly dependent on the availability and speed of public registries (like registry.opentofu.org).

We are requesting a Spacelift-native solution that can be implemented in one of two ways:

  1. Transparent Pull-Through Cache: A managed proxy where Spacelift automatically caches requested provider binaries. If a worker requests a provider version, Spacelift fetches it once from the upstream registry and serves it for all subsequent runs.

  2. Managed OCI/ORAS Mirror: A built-in registry where Spacelift hosts provider artifacts. This could be implemented as a ORAS (OCI Registry As Storage) project standards, allowing users to leverage OCI-native provider distribution (OpenTofu 1.8+) without having to manage their own external OCI infrastructure or complex manifest logic.

How this helps Spacelift

This feature would position Spacelift as the "Source of Truth" for the entire execution environment. By leveraging the ORAS standard natively, Spacelift would stay ahead of the curve as the ecosystem shifts toward OCI-based provider distribution, saving customers from the "undifferentiated heavy lifting" of building their own mirrors.

Workaround
We are currently forced to maintain a custom "Harvester" pipeline that: Scans our .terraform.lock.hcl files for new versions. Manually downloads ZIPs and checksums for multiple architectures. Manually handles the "gross" process of re-packaging these into OCI artifacts and pushing them to private storage. Requires us to maintain our own "active" infrastructure (ECR, S3, or similar) just to ensure OpenTofu can initialize.
Problem
We are seeing frequent 504 Gateway Timeouts when pulling providers from registry.opentofu.org. │ Error: Failed to install provider │ Error while installing hashicorp/aws v6.19.0: could not query provider registry for registry.opentofu.org/hashicorp/aws: 504 Gateway Timeout These upstream failures are outside of our control and break our CI/CD pipelines inconsistently. Relying on a public, community-run registry for production-critical deployments creates a single point of failure. We need Spacelift to provide a "buffer" that makes our builds resilient to upstream registry downtime.

Please authenticate to join the conversation.

Upvoters
Status

❌ Rejected

Board

💡 Feature Requests

Tags

Terraform registry

Date

12 days ago

Subscribe to post

Get notified by email when there are changes.