We want to allow developers to manually trigger runs, especially for Ansible workflows, while strictly limiting what they can modify at runtime.
Today, runtime permissions are too coarse grained:
Allowing custom runtime config lets users override essentially everything via YAML.
Allowing environment variable edits gives access to all variables, not a controlled subset.
This makes it hard to safely expose stacks to developers without giving them far more control than intended.
Use case
We have Ansible pipelines where developers occasionally need to manually deploy a specific version or set a small number of parameters at run time.
For example, selecting a version or tag to deploy.
We want this without:
Allowing edits to all environment variables
Allowing changes to runner image, runtime config, or other stack level settings
Requiring a full Git change for every manual deploy
In our previous pipeline, users were presented with a small set of predefined input fields and could not modify anything else. We are trying to replicate this pattern in Spacelift.
Desired behavior
Ability to define a limited set of runtime inputs that users are allowed to modify when triggering a run.
All other variables and runtime configuration should remain locked.
Permissions should apply at run trigger time, not require stack edit access.
Ideally, this works across Ansible and other non Terraform workflows.
Why this matters
This would enable safe self service for developers, reduce the need for elevated permissions, and make Spacelift easier to adopt for teams that are not fully GitOps driven yet, especially for configuration management and operational workflows.
Please authenticate to join the conversation.
π Discovery
π‘ Feature Requests
2 months ago
Get notified by email when there are changes.
π Discovery
π‘ Feature Requests
2 months ago
Get notified by email when there are changes.