Spacelift

What Is Spacelift?

The infrastructure-as-code market reached a turning point when HashiCorp changed Terraform's licence to BSL in 2023. Suddenly, organisations that had built their entire infrastructure automation strategy on a single tool found themselves evaluating alternatives — and discovered that the ecosystem was more fragmented than they had assumed. Terraform Cloud handles Terraform well, but what about teams running Pulumi alongside Terraform? Or OpenTofu migrations mid-flight? Or organisations managing Kubernetes alongside CloudFormation stacks?

Spacelift is the answer Warsaw's infrastructure automation startup built for exactly this multi-framework reality. Founded in 2020 by Marcin Wyszynski and Paweł Hytry, Spacelift provides a unified management layer for infrastructure-as-code regardless of the underlying tool. Terraform, OpenTofu, Pulumi, CloudFormation, Ansible, Kubernetes — all managed through a single platform with consistent workflows, policy enforcement, and audit trails.

The company has grown quickly. By July 2025, Spacelift had raised $82.3 million across four funding rounds (including a $51M Series C) and scaled to over 100 employees globally, while maintaining its Polish roots and EU-based operations. For a category defined by AWS, HashiCorp (now IBM), and Google, a Warsaw-built platform capturing significant enterprise infrastructure spend is a notable outcome.

Key Features

Multi-Framework IaC Support

Most IaC management platforms are built to manage one thing well. Terraform Cloud manages Terraform. Pulumi Cloud manages Pulumi. Spacelift manages all of them from a single interface.

Supported frameworks include Terraform, OpenTofu (the open-source Terraform fork), Terragrunt, Pulumi, Ansible, AWS CloudFormation, AWS CDK, and Kubernetes. A team can manage all of these from a single Spacelift account, with consistent Git-triggered workflows, unified audit logs, and the same policy enforcement across every framework.

This matters in practice: most non-trivial organisations use more than one IaC tool. Kubernetes manifests alongside Terraform modules, CloudFormation stacks inherited from an acquisition, Ansible playbooks for server configuration. Spacelift removes the operational overhead of managing separate automation pipelines for each.

Policy-as-Code with Open Policy Agent

Spacelift integrates Open Policy Agent (OPA) natively. Infrastructure teams write policies in Rego that enforce compliance rules on every infrastructure change before it runs. A policy can block any Terraform run that would create a public S3 bucket, require approval for changes to production databases, or enforce tagging standards on every cloud resource.

Policies apply uniformly across all IaC frameworks. The same OPA policy that prevents untagged resources in Terraform runs also enforces the same rule on Pulumi and CloudFormation stacks. Spacelift has updated its OPA integration to support Rego v1, the current standard.

Plan and approval policies are available on every plan tier, including the free tier. This is unusual — most platforms reserve policy enforcement for enterprise plans.

Drift Detection

Infrastructure drift — the gap between your declared desired state and actual cloud state — is one of the most persistent problems in infrastructure management. A developer edits a security group in the console. A script runs directly against the API. A cloud provider migrates a resource. Your Terraform state no longer reflects reality.

Spacelift detects drift on a configurable schedule and can trigger automatic reconciliation runs to restore the desired state. Drift detection requires private workers (not available on the free tier), which means it is best suited to paid plans. The platform added granular RBAC permissions for drift detection management in 2025, allowing teams to control who can create, modify, or delete drift detection schedules on individual stacks.

Stack Dependencies and DAG Workflows

Real infrastructure is not a flat list of independent stacks. A database stack's outputs feed an application stack's configuration, which feeds a DNS stack's records. Spacelift models these relationships explicitly as directed acyclic graphs (DAGs), passing outputs from one stack to dependent stacks automatically.

This dependency modelling means infrastructure updates propagate through your stack correctly. Update the database and Spacelift knows which application stacks need re-applying, in the right order, without manual coordination.

Private Worker Pools

For organisations in regulated industries or with strict security requirements, shared infrastructure automation workers are not acceptable. Secrets, execution context, and infrastructure state must stay within the organisation's own environment.

Spacelift's private worker pools run inside your cloud account. You deploy the Spacelift worker agent on your own infrastructure; it connects to the Spacelift control plane and pulls jobs. All run payloads are end-to-end encrypted. Secrets never leave your environment. The control plane handles scheduling and state; the execution stays on your hardware.

Private workers support configurable concurrency limits for drift detection runs, preventing resource exhaustion on busy worker pools.

Pricing

Spacelift uses concurrency-based pricing rather than resource-based pricing. This distinction is commercially significant: you pay for how many infrastructure operations run simultaneously, not for the number of resources you manage or the number of API calls you make.

The free tier is functional, not just a trial. You get access to all supported IaC frameworks, unlimited plan and approval policies (including OPA), and shared public workers. The limitation is concurrency and the absence of private workers.

Paid tiers (Starter, Business, Enterprise) add private worker pools, advanced RBAC, dedicated Slack support, and for Enterprise, a self-hosted deployment option and SOC 2 compliance documentation. Exact pricing for Starter and Business is usage-based and not published on the pricing page — teams need to contact sales for specifics.

Some customers have reported significant cost reductions versus Terraform Cloud after switching to Spacelift's concurrency model. For large organisations managing many infrastructure modules with intermittent changes, concurrency pricing tends to be more economical than per-resource or per-run pricing.

EU Compliance & Privacy

Spacelift is headquartered in Warsaw, Poland — an EU member state — making it subject to GDPR as both a data controller and data processor. EU data residency for the control plane is available, and Data Processing Agreements are standard for business customers.

The private worker pool architecture provides the strongest compliance posture: infrastructure execution, secrets, and state data never leave your own cloud account. The Spacelift control plane handles scheduling and policy enforcement; your workers handle execution. For organisations in financial services, healthcare, or government — sectors where infrastructure data is itself sensitive — this split architecture is a meaningful compliance advantage.

SOC 2 Type II compliance documentation is available on the Enterprise plan. The audit log records every infrastructure change with actor attribution, providing the paper trail that regulated organisations require.

Who It's Best For

Infrastructure teams running multiple IaC tools who want a single management layer rather than separate pipelines per framework. If you have Terraform and Pulumi coexisting in the same organisation, Spacelift is the most coherent solution available.

Organisations migrating from Terraform to OpenTofu who need a management platform that supports both during the transition period, without disrupting existing workflows.

Security and compliance teams that need to enforce infrastructure policies at scale. OPA-based policy enforcement on every run, across every framework, with a full audit trail, is difficult to replicate with custom tooling.

Engineering leaders managing large infrastructure teams who need approval workflows, RBAC, and drift detection without building these capabilities themselves.

Regulated industries that require infrastructure automation with private execution (no shared workers), end-to-end encryption, and SOC 2 compliance documentation.

Spacelift is not the right choice for teams that need general-purpose CI/CD for application builds. It is purpose-built for infrastructure automation and does not pretend otherwise. Small teams with a single IaC framework may also find simpler tools (like Terraform Cloud or Atlantis) better matched to their needs.

The Verdict

Spacelift built its business on a market insight: most organisations are not monogamous about their infrastructure tools, and no other vendor was building an IaC management platform that acknowledged this. The multi-framework support, OPA-native policy enforcement, and private worker architecture are not features bolted on — they are the core design. With $82M raised and 100+ employees, Spacelift is no longer a startup bet. It is a serious infrastructure platform, built in Warsaw, that competes credibly with HashiCorp's management tooling at a lower price point and with broader framework support.

Frequently Asked Questions

What IaC tools does Spacelift support?

Spacelift supports Terraform, OpenTofu, Terragrunt, Pulumi, Ansible, AWS CloudFormation, AWS CDK, and Kubernetes. This multi-framework support is one of its key differentiators from Terraform Cloud, which only supports HashiCorp tooling.

What is drift detection in Spacelift?

Drift detection identifies infrastructure changes that happened outside of Spacelift — for example, manual console edits or scripts run directly against your cloud provider. Spacelift can detect these drift events on a schedule and optionally trigger reconciliation runs to bring infrastructure back to the desired state.

Can I run Spacelift on my own infrastructure?

Yes. Spacelift offers a self-hosted deployment option for Enterprise customers. You can also run private worker pools on your own cloud, which keeps secrets and execution entirely in your environment while still using the Spacelift control plane.

How does Spacelift's pricing compare to Terraform Cloud?

Spacelift uses concurrency-based pricing, which is more predictable than Terraform Cloud's resource-based model. Some customers have reported 5x cost reductions after switching, particularly for organisations managing large numbers of infrastructure modules.

Is Spacelift GDPR compliant?

Spacelift is headquartered in Warsaw, Poland (an EU member state) and processes data in accordance with GDPR. Private worker pool deployments keep infrastructure execution and secrets entirely within your own environment, further reducing data exposure.