Everything your team needs
Map projects to branches or tags. Set up multiple workspaces pointing to the same Git repository. Go wild with monorepos. Spacelift is mostly driven by Git push and tag events but the exact interpretation of these can be customized using policies, making it easy to build sophisticated Git-based workflows.
Access control (SSO)
Declare who can log in (and under what circumstances) and what their level of access to each of the managed projects should be. Spacelift ships with SSO support out of the box, supporting every identity provider that speaks SAML 2.0 protocol.
Policy as code
Puts policy-as-code in the center with Spacelift’s robust policy framework built on top of Open Policy Agent. Spacelift uses policy-as-code to allow you to declare rules around your infrastructure, access, Git workflow, state changes, and relationships between projects.
Author and maintain reusable modules for your organization. Spacelift adds a full CI solution for modules, out of the box and free of charge. So, you can ensure that your private modules are healthy before you distribute them to the rest of your organization. Currently available for Terraform only.
Manage stacks, contexts, modules, and policies in a declarative way using your favorite infra-as-code tool. For Terraform, Spacelift offers a provider that allows you to manage the life cycle of its own resources programmatically. Administrative stacks get credential-less access to the subset of our GraphQL API that does not involve managing the actual infrastructure.
Implement per-project environment management and build your own runtime environment using Docker. Spacelift lets you add environment variables and mount files programmatically or through the GUI without requiring convoluted procedures.
Use Spacelift’s trigger policies to put a smart, declarative automation layer on top of Infrastructure as Code. Trigger policies let you plug into state changes of individual projects and declare dependencies that should be resolved following the changes that have just been applied.
Attach collections of config files and environment variables to multiple stacks. Not only useful for safely passing around secrets, contexts present an attractive alternative to the more dangerous and fragile remote state.
Take exclusive control over a stack to ensure that no one is able to modify its state while crucial changes are being made. The owner of the lock is the only one who can trigger runs and tasks for the entire duration of the lock.
By default, Spacelift uses a managed worker pool hosted and operated by us. This is very convenient, but often you may have special requirements regarding infrastructure, security or compliance, which aren't served by the public worker pool. This is why Spacelift also supports private worker pools, which you can use to host the workers which execute Spacelift workflows on your end.
In order to enjoy the maximum level of flexibility and security with a private worker pool, temporary run state is encrypted end-to-end, so only the workers in your worker pool can look inside it. We use asymmetric encryption to achieve this and only you ever have access to the private key.
Not enough time to test Spacelift?
Instead of using your own resources, fork our starter repository and test all Spacelift capabilities in under 30 minutes.