Dojo × Spacelift: Unifying infrastructure as code with governance and visibility

Dojo’s mission is to empower businesses to thrive in the experience economy. With a next-gen card machine that takes payments over 50% faster than the competition, and data and insights that help customers measure and manage their card payments from the palm of their hand, they create the tools and technology that turn transactions into meaningful relationships.  Reliability, governance, and compliance are critical. As the company scaled, its Payments team adopted Terraform and Terragrunt in GitHub Actions, whereas the wider organization relied on a mix of ClickOps and application-driven infrastructure provisioning. This resulted in silos, inconsistent governance, and limited visibility into infrastructure changes.

“We had a very fragmented infrastructure management with no unified way to see all the infrastructure changes that were happening.”

 — Tibor Benke, Senior Engineering Team Lead

To mature its infrastructure as code (IaC) practices, Dojo sought a solution that would unify its workflows, enforce governance, and improve developer experience across teams.

Without a cohesive approach to managing its infrastructure, engineers at Dojo struggled with a range of issues:

• Fragmented workflows: The payments organization relied on Terraform/Terragrunt via GitHub Actions, whereas other teams adopted a mixture of ClickOps or Infrastructure from Code, where they provision infrastructure as their services start up. Still other teams had trialled Pulumi and used it in production.
• Lack of governance: There were no system-level controls or enforced approvals for high-risk or costly changes.
• Limited visibility: Developers manually scanned thousands of CI log lines to interpret changes, introducing risk and slowing reviews.

“Before Spacelift, we’d scroll through endless Terragrunt logs searching for keywords. The visualization in Spacelift — seeing exactly what changed — has been a huge quality-of-life improvement, especially for engineers new to IaC.”
— David Garnett Welsh, Senior Staff Engineer

Dojo evaluated other vendors and considered building an in-house tool, but neither approach would deliver what they needed. Competing products didn’t support Terragrunt at the time, and maintaining a custom platform would have required significant overhead.

Spacelift stood out for three reasons:

1. Purpose-built for IaC: Spacelift offered governance and visibility designed specifically for Terraform and Terragrunt.
2. Ease of adoption: Setup was quick and self-directed with clear documentation and minimal configuration.
3. Mature feature set: Policy guardrails, role-based permissions, and deep GitHub integration enabled infrastructure could be deployed safely without slowing developers.

“Spacelift is a tool built for one purpose, and it does it really well. We could make it work quite quickly without any handholding.”
— Tibor Benke, Senior Engineering Team Lead

Dojo manages its infrastructure in a couple of monorepos, each of which is opinionated in some way. This structure balances standardization and flexibility across teams.

Stack configuration

Stacks are currently created via the Spacelift UI and managed in Terraform. Each monorepo contains multiple stacks, with Spacelift running all relevant Terragrunt configurations using the <code>run-all</code> functionality. The folder structure of this is broken down by project, where the root of the stack is configured by account/project. The <code>run-all</code> feature respects the dependencies defined between modules, ensuring that changes are applied in the correct order and simplifying the process of managing complex infrastructure:

/terraform

  /modules

    /<cloud_provider>

      /common

      /<some_domain>

  /providers

    /<cloud_provider>

      /<project_name>

        /common

        /<environment>

          /<region>

            /<some_domain>

Governance policies

Governance is central to Dojo’s Spacelift rollout. The team has implemented several initial policies that combine workflow enhancements with preventive controls:

• Clear the queue when multiple pushes to main occur rapidly
• Comment infrastructure changes on GitHub PRs
• Ensure stacks stay synced with the head of main
• Require approval for deployments
• Require a private worker
• Ignore changes outside stack root or project globs
• Warn on changes to sensitive resources

Dojo plans to expand these policies organization-wide and use Spacelift’s policy library to ensure consistent, auditable governance.

Contexts and automation

Dojo leverages contexts to share configurations and credentials:

• Injecting variables and mounted files, such as GCP integration settings
• Providing SSH deploy keys for GitHub access
• Including debugging hooks that can be attached manually for additional insights

Contexts help the platform team standardize and reuse setup steps across projects. This reduces duplication and configuration drift.

Drift detection 

Drift detection is enabled in five production stacks, with regular scans performed. Although remediation is not yet automated, results are monitored for discrepancies. 

Global resources view

Recently, the team began using the Resources View to visualize the scope and count of resources in AWS accounts. This gives them early insight before implementing any large-scale changes.

“We have recently used the Resources view to see the quantity of resources in an AWS account to understand the scope of a planned change.”
— David Garnett Welsh, Senior Staff Engineer

The developer experience

Dojo’s engineers took to Spacelift immediately, finding it easy to adopt and quick to deliver results. When a large monorepo surfaced performance challenges, Spacelift’s support team resolved them within days — reinforcing trust in the partnership.

Developers now work with clarity and confidence. Pull requests show precise diffs linked directly to Spacelift, replacing guesswork with predictable change control.

“Before Spacelift, we would have to visually scan logs files from Terragrunt that were thousands of lines long, searching for keywords. The visualization we get in Spacelift to know what has changed without having to do this has improved the developer experience — especially for engineers who are new to IaC.”
— David Garnett Welsh, Senior Staff Engineer

Although individual runs take slightly longer due to governance checks, overall delivery is faster and safer.
Teams spend less time interpreting logs and more time shipping reliable infrastructure.

The result?

• Unified visibility — A single source of truth for all infrastructure activity
• Governance guardrails — Enforced policies that protect against risk
• Higher developer confidence — Safe, transparent changes even for less experienced engineers
• Operational efficiency — Time once spent on manual validation now fuels delivery and innovation

“Once we integrated and got initial support touchpoints, it just set off and did its thing. The visibility alone has been the biggest win.”
— David Garnett Welsh, Senior Staff Engineer

Dojo plans to:

• Onboard its remaining AWS and GCP accounts within six months
• Expand policy-as-code coverage and Terraform registry integration
• Increase self-service infrastructure under controlled governance
• Continue using Spacelift to centralize and mature its IaC workflows

As governance and automation deepen, Dojo expects even greater velocity — combining developer freedom with operational control. By using Spacelift to create a unified, governed IaC platform that combines policy guardrails, contextual automation, and centralized visibility, Dojo’s engineers now deliver faster, safer, and with greater confidence.

“The overall time Spacelift saves us has come from stuff we can’t really estimate —  like the time it used to take to interpret results. Developers don’t have to look through the logs anymore because they can just click on a link and get the results immediately.”
— David Garnett Welsh, Senior Staff Engineer