Changelogยป
2026-07-16ยป
From now on we will be reporting GraphQL depreciations and removals to give our customers better visibility in API changes. Below you can find a list of currently deprecated entities.
Deprecationsยป
- GraphQL
UPDATE_BLUEPRINT_DEPLOYMENTenum value onAction: Use UPGRADE_BLUEPRINT_DEPLOYMENT instead. - GraphQL
UPDATE_BLUEPRINT_DEPLOYMENT_INPUTSenum value onAction: Use UPGRADE_BLUEPRINT_DEPLOYMENT instead. - GraphQL
adminfield onApiKeyInput: Please use accessRules or roleBindings with root admin permission instead. - GraphQL
spaceIDfield onApiKeyRoleBinding: Use space field instead. - GraphQL
secretfield onAuditTrailWebhook: This property is no longer used. - GraphQL
sensitivefield onBlueprintDeploymentCreateInputPair: Input type is used to determine whether the input is secret or not, so this field is no longer needed. - GraphQL
runIDfield onBlueprintStackCreation: Use the runIds field instead. - GraphQL
stackIDfield onBlueprintStackCreation: Use the stackIds field instead. - GraphQL
emailfield onManagedUserInviteInput: Please use invitationEmail instead. - GraphQL
sharedAccountsfield onModule: Use moduleShares field instead. - GraphQL
blueprintDeploymentCreatemutation: Use templateDeploymentCreate instead - GraphQL
blueprintDeploymentDeletemutation: Use templateDeploymentDelete instead - GraphQL
blueprintDeploymentRollbackmutation: Use templateDeploymentRollback instead - GraphQL
blueprintDeploymentUpdatemutation: Use templateDeploymentUpdate instead - GraphQL
blueprintVersionCreatemutation: Use templateVersionCreate instead - GraphQL
blueprintVersionDeletemutation: Use templateVersionDelete instead - GraphQL
blueprintVersionDeprecatemutation: Use templateVersionDeprecate instead - GraphQL
blueprintVersionParseTemplatemutation: Use the templateVersionParseTemplate query instead - GraphQL
blueprintVersionUpdatemutation: Use templateVersionUpdate instead - GraphQL
blueprintVersionedGroupCreatemutation: Use templateCreate instead - GraphQL
blueprintVersionedGroupDeletemutation: Use templateDelete instead - GraphQL
blueprintVersionedGroupUpdatemutation: Use templateUpdate instead - GraphQL
changeLLMVendormutation: LLM vendor selection is deprecated and will be removed in a future release. - GraphQL
contextCreatemutation: Please use contextCreateV2. - GraphQL
contextUpdatemutation: Please use contextUpdateV2. - GraphQL
managedUserGroupCreatemutation: Please use managedUserGroupCreateV2. - GraphQL
managedUserGroupUpdatemutation: Please use managedUserGroupUpdateV2. - GraphQL
managedUserInvitemutation: Please use managedUserInviteV2. - GraphQL
policyCreatemutation: Use PolicyCreatev2 instead. - GraphQL
policySimulatemutation: Use policySimulatev2 instead. - GraphQL
policyUpdatemutation: Use PolicyUpdatev2 instead. - GraphQL
stackIntegrationGcpCreatemutation: Use OIDC integration instead. - GraphQL
stackIntegrationGcpDeletemutation: Use OIDC integration instead. - GraphQL
templateVersionParseTemplatemutation: Use the templateVersionParseTemplate query instead - GraphQL
secretfield onNamedWebhooksIntegration: This property is no longer used. - GraphQL
activeRunsfield onPublicWorkerPool: Use busyWorkers fields instead. - GraphQL
queuedRunsCountfield onPublicWorkerPool: Use 'schedulableRunsCount' instead. - GraphQL
blueprintDeploymentquery: Use templateDeployment instead - GraphQL
blueprintV2Schemaquery: Use templateSchema instead - GraphQL
blueprintVersionedGroupquery: Use template instead - GraphQL
llmVendorquery: LLM vendor selection is deprecated and will be removed in a future release. - GraphQL
searchBlueprintDeploymentsquery: Use searchTemplateDeployments instead - GraphQL
searchBlueprintVersionedGroupsquery: Use searchTemplates instead - GraphQL
searchBlueprintVersionedGroupsSuggestionsquery: Use searchTemplatesSuggestions instead - GraphQL
cronSchedulefield onScheduledDeleteInput: ScheduledDelete doesn't support cron schedule. - GraphQL
timezonefield onScheduledDeleteInput: ScheduledDelete doesn't support timezone. - GraphQL
afterApplyfield onStack: Use hooks.afterApply instead. - GraphQL
afterDestroyfield onStack: Use hooks.afterDestroy instead. - GraphQL
afterInitfield onStack: Use hooks.afterInit instead. - GraphQL
afterPerformfield onStack: Use hooks.afterPerform instead. - GraphQL
afterPlanfield onStack: Use hooks.afterPlan instead. - GraphQL
afterRunfield onStack: Use hooks.afterRun instead. - GraphQL
beforeApplyfield onStack: Use hooks.beforeApply instead. - GraphQL
beforeDestroyfield onStack: Use hooks.beforeDestroy instead. - GraphQL
beforeInitfield onStack: Use hooks.beforeInit instead. - GraphQL
beforePerformfield onStack: Use hooks.beforePerform instead. - GraphQL
beforePlanfield onStack: Use hooks.beforePlan instead. - GraphQL
blueprintDeploymentfield onStack: Use templateDeployment instead - GraphQL
skipReplanWhenRunAllfield onStackConfigVendorTerragrunt: Use skipReplan instead, which applies to both run-all and non-run-all stacks. - GraphQL
skipReplanWhenRunAllfield onStackConfigVendorTerragruntInput: Use skipReplan instead, which applies to both run-all and non-run-all stacks. - GraphQL
dependsOnStackIdfield onStackDependency: Use dependsOnStack field instead. - GraphQL
stackIdfield onStackDependency: Use stack field instead. - GraphQL
gcpfield onStackIntegrations: Use OIDC integration instead. - GraphQL
spaceIDfield onUserGroupRoleBinding: Use space field instead. - GraphQL
userGroupIDfield onUserGroupRoleBinding: Use userGroup field instead. - GraphQL
spaceIDfield onUserRoleBinding: Use space field instead. - GraphQL
secretfield onWebhooksIntegration: This property is no longer used. - GraphQL
activeRunsfield onWorkerPool: Use busyWorkers fields instead. - GraphQL
queuedRunsCountfield onWorkerPool: Use 'schedulableRunsCount' instead.
2026-07-15ยป
- fix(auth): remove oidc-subject-template-frontend feature flag to always enable UI
2026-07-14ยป
- fix(cli): use code exchange instead of token-in-URL for login flow
2026-07-10ยป
- feat(spacectl): add environment credentials fallback for profile export-token
- fix(git): mark repository not found errors as user-facing
- feat(migrations): make
spaceliftreadlimitedrole creation optional - fix(roles): expose scheduled task/run/delete permissions in role editor
- feat(ui): add queue depth observability UI
2026-07-09ยป
- fix(auth): enforce create and delete permissions on cross-space resource moves
2026-07-08ยป
- feat(auth): add GitHub account linking via oauth flow
2026-07-06ยป
- fix(auth): use code exchange instead of token-in-URL to avoid CloudFront header limits
- feat(billing): update in-app billing page for v5 pricing tiers
2026-07-01ยป
- feat(self-hosted): implement autoscaling for kubernetes deployments
2026-06-25ยป
- feat(command-palette): add integrations and organization settings navigation
2026-06-23ยป
- fix(dependencies): allow stack dependency creation without space read access
Improvementsยป
- Run summaries: AI run summaries are now delivered through Infra Assistant. Clicking Summarize on a completed run phase or Explain on a failed run opens the assistant with a prepared prompt; it inspects the run's state, history, and policy outcomes and replies with a plain-language summary and concrete fix suggestions. Run summaries are now available on all plans and for all stack types.
2026-06-19ยป
- feat(launchpad): add continue button to resume in-progress missions
2026-06-18ยป
- fix(auth): refresh stale session PSA when reusing API key session
- fix(auth): enable automatic space discovery for OIDC API keys without session refresh
- fix(slack): support custom roles for run confirmation permissions
- refactor(auth): distinguish between session expired and unauthorized errors
2026-06-16ยป
- fix(oauth): enable OAuth2 flow endpoints on self-hosted installations
Improvementsยป
- Command palette: The search command palette (โK) now reaches your integrations and Organization settings, not just stacks and other resources. Jump straight to a VCS or cloud integration (GitHub, GitLab, Bitbucket, Azure DevOps, AWS, Azure, and so on), or to a settings page like Users, Roles, API keys, Single Sign-On, or MFA. Search aliases such as
sso/saml,mfa/2fa, andoidcfind pages by intent. Organization settings only appear for account admins
2026-06-11ยป
- fix(worker): improve error message when assigned worker fails to start run
- fix(auth): reconcile session PSAs on space topology change to avoid forced re-login
2026-06-10ยป
- fix(drain): add credentials cache expiry window to prevent expired tokens
- fix(federation): make token iss/aud claims respect FEDERATION_CUSTOM_ISSUER config
- feat(ui): add copy ID action to stack role binding menu
- feat(admin): replace stacks filter administrative toggle
- feat(cli): add config directory override and document TLS CA configuration
- perf(spaces): add virtualization to prevent diagram freezing at scale
Improvementsยป
- Spaces diagram: The Spaces tab no longer freezes on accounts with thousands of spaces. Above 100 spaces the diagram now renders the top of the tree and points you to the List view, which stays fast at any account size.
- Auto-attachments: Added
autoattach_read:andautoattach_write:labels for AWS/Azure integrations. When auto-attaching an AWS/Azure integration using theautoattach:label, it is granted read-write permissions by default. The new labels allow restricting the attachment to read-only or write-only permissions respectively.
Deprecating the pulumi-spacelift providerยป
We're retiring the open-source pulumi-spacelift provider on December 10, 2026. The repository will be archived on that date. Existing usage continues to function; the provider will receive no further updates, bug fixes, or new resource support after archival.
Pulumi remains a fully supported IaC vendor on Spacelift. This deprecation applies only to the provider used to manage Spacelift resources themselves from Pulumi code.
Migrate to Pulumi's Terraform provider bridge wrapping the official Spacelift Terraform provider: https://www.pulumi.com/blog/any-terraform-provider/
2026-06-09ยป
Featuresยป
- Configurable individual VCS checks: integrations can now limit individual check updates to failures and/or runs with planned changes, skipping unchanged successful runs.
2026-06-08ยป
- fix(subdomain): remove auto-rename on GitHub organization change
2026-06-04ยป
- fix(auth): resolve API key access loss when adding RUN_PRIORITIZE_SET permission to role
2026-06-03ยป
- feat(onboarding): add required tier field to missions
Improvementsยป
- Stack roles: Added a Role filter to the stacks list, so you can narrow the list to stacks with a specific role attached. This makes it easy to find stacks carrying the Space Admin role after the administrative flag migration, or to audit which stacks hold elevated permissions.
2026-06-02ยป
- fix(auth): allow SSO page access for non-Enterprise accounts
- fix(auth): remove admin access after revoking admin role from user
2026-06-01ยป
- feat(api): add runtime config support to runResourceCreate mutation
- fix(api): expose runTrigger mutation to all session types
- fix(auth): allow external state access with stack:state-read role
- feat(ui): add RBAC-based filter to replace administrative toggle in stacks view
Improvementsยป
- MCP: Added a
toolsURL parameter (Alpha) that lets any MCP client narrow the advertised tool set โ for example?tools=queryfor a read-only session. This cuts per-request token cost and works across every authentication method, including API keys andspacectltokens that previously had no narrowing control. The selection can only narrow what your authentication scope and deployment already permit.
2026-05-30ยป
- feat(drain): add in-pod concurrency per queue
2026-05-29ยป
- fix(billing): resolve worker addon parallelism not applied due to stale entitlement read in transaction
2026-05-28ยป
- feat(auth): expose OIDC idp_subject in login policy input for API keys
2026-05-26ยป
- fix(roles): restore missing gray card in role editing drawer
- feat(ui): add deprecation banners for stack access and task policies
2026-05-25ยป
Featuresยป
- Terragrunt: Added Skip replan option, which reuses the plan that was saved during the planning stage instead of generating a new plan
2026-05-21ยป
Fixesยป
- Tasks: Task runs now receive
ro_environment variables during preparation, making read-only credentials available consistently for task execution. - feat(ui): add CREATE_STACK permission to role display
2026-05-19ยป
Improvementsยป
- Login Policy: Added
session.idp_subjectto the login policy input. For SSO sessions and OIDC API key sessions it carries the rawsubclaim from the upstream IdP token, so policies can audit and authorize the human or workflow acting behind a shared credential without overloadingsession.login(which stays the stable credential identifier)
2026-05-18ยป
- feat(drain): add bounded in-pod concurrency with per-queue configuration
2026-05-14ยป
- fix(auth): reconcile read-only access when inheriting child space is created
Improvementsยป
- MCP: Split the OAuth
mcpscope intomcp:readandmcp:write. Read-only sessions now expose onlydiscover,query, and the read-onlyprovidertool. Breaking: the legacy singlemcpscope was removed without an alias, so existing OAuth sessions must reauthenticate. - Spacelift Intent: Added a per-project runner image (
runnerImageonintentProjectCreate/intentProjectUpdate) so projects can run on custom Intent worker images instead of the system default.
Fixesยป
- Intent to IaC:
READ_ONLYIntent projects now reject every write through MCP and the GraphQL API (create, update, delete, refresh, import, resume, and resource dependency edits). Re-enable writes viaintentProjectEnable.
2026-05-08ยป
- feat(auth): support dynamic teams/groups from JWT claims in OIDC API keys
- Intent policies: Added label-based auto-attachment (
autoattach:<label>/autoattach:*) for Intent policies, matching the convention used by stack policies.
2026-05-07ยป
- feat(api): add mutation to reset API key secrets in-place
2026-05-04ยป
- fix(ui): prevent navigation shortcuts from overlaying AI summary modal
2026-04-14ยป
- feat(auth): issue JWT with empty PSA for managed users with no space access instead of HTTP 403
2026-04-13ยป
- fix(auth): prevent truncation of OIDC API key identifiers in login policies
Improvementsยป
- MCP: Unified the MCP server behind a single
/mcpendpoint that exposes both the Spacelift Intent infrastructure tools and the full Spacelift GraphQL API (discover,query,mutate,provider,intent). The previous/intent/mcpendpoint remains available until August 1, 2026; update your MCP client configuration tohttps://<account-name>.app.spacelift.io/mcpbefore then. - Spacelift Intent: Intent projects can now be assigned to a private worker pool through MCP, the Spacelift UI, or the
intentProjectAttachWorkerPool/intentProjectDetachWorkerPoolGraphQL mutations. - AI integrations: Added AWS Bedrock as a Bring Your Own Model provider, so Infra Assistant and Intent can run on Claude models served through your own Bedrock inference profile.
2026-04-07ยป
Fixesยป
- Runs: Fixed an issue where workspace upload presigned URLs could expire during run execution, causing "ExpiredToken" errors during the "Uploading workspace" phase. Presigned URLs are now generated on the fly before upload instead of at run assignment time.
2026-04-03ยป
Fixesยป
- Login Policy: Fixed truncated
loginfield in login policy input for OIDC API key sessions. Theinput.session.loginvalue was being cut short (e.g.api::oidc::https:instead of the fullapi::oidc::https://...::<key-id>) due to incorrect path handling of URLs in the API key subject.
2026-03-31ยป
- fix(migrations): resolve BackfillSystemRoles failure on fresh installations
- feat(auth): add optional expiration date/time for api keys
2026-03-30ยป
- fix(migrations): batch run_state_transitions backfill to prevent timeouts
- feat(auth): reconcile PSA instead of invalidating sessions on role changes
2026-03-27ยป
- feat(docs): expose markdown files via .md URLs and add llms.txt index
2026-03-19ยป
Improvementsยป
- Access Management: Role and role binding changes (create, update, delete) no longer require users to re-login. Spacelift now recalculates user permissions on the fly instead of invalidating active sessions, providing a seamless experience when administrators modify roles or group memberships.
2026-03-13ยป
- Launcher: Retry archive download on connection reset during body read.
2026-03-10ยป
Documentationยป
- User Management: Clarified that revoking a user's access immediately frees their seat on plans with a seat limit (Free and Starter), making it available for a new user right away.
2026-03-03ยป
Featuresยป
- Runs: Improved diff view for JSON-encoded resource attribute values is now generally available. JSON values in the resource changes panel are now rendered with code lens actions, allowing users to view structured JSON diffs inline.
2026-03-02ยป
Featuresยป
- API: Added detailed error messages for inheritance removal failures.
Fixesยป
- Authentication: Paginated GitHub team membership query to support organizations with 100+ teams.
2026-02-26ยป
Featuresยป
- Terragrunt: Implemented resource destruction when deleting a Terragrunt-managed stack. Previously, deleting a stack only marked it as destroying without performing actual cleanup of Terragrunt-managed resources.
2026-02-25ยป
Featuresยป
- OIDC: Added space ancestry claim to OIDC tokens.
2026-02-20ยป
Featuresยป
- Terragrunt: Added a new Skip replan option for stacks using Run All mode. When enabled, the second planning phase during the apply stage is skipped by reusing the saved plan, which can speed up deployments.
2026-02-18ยป
Featuresยป
-
Templates: Introduced a self-service infrastructure provisioning system that enables application developers to deploy infrastructure without deep IaC or Spacelift knowledge. Templates provide a form-based deployment interface with reusable, versioned configurations that maintain lifecycle control over deployed infrastructure.
Unlike Blueprints which create independent stacks that live separately after creation, Templates maintain ongoing lifecycle management of deployed stacks. Changes to template-managed stacks must be made through the template system (updating deployment inputs, switching versions, or publishing new template versions), providing governance and consistency while still allowing controlled infrastructure evolution.
See the Templates documentation for more details.
2026-02-17ยป
Featuresยป
- Provider: Added write-only attribute support for sensitive resource inputs.
2026-02-16ยป
Featuresยป
- Advanced Access Control: Add system role for managing drift detection settings for a stack.
2026-02-04ยป
- Terragrunt Stacks: OpenTofu is now the default tool when creating Terragrunt stacks, replacing Terraform as the default option.
2026-02-02ยป
- UI feature: Added warning when attaching stack roles to admin stacks.
2026-01-30ยป
- API fix: Resolved URL handling for OIDC keys with double slashes in audience.
2026-01-28ยป
Featuresยป
- Drift Detection Permissions: Added granular RBAC permissions for drift detection management. Users can now be granted specific permissions to create, update, or delete drift detection schedules on stacks (
DRIFT_DETECTION_INTEGRATION_CREATE,DRIFT_DETECTION_INTEGRATION_UPDATE,DRIFT_DETECTION_INTEGRATION_DELETE), enabling more fine-grained access control for drift detection operations.
2026-01-21ยป
Featuresยป
- AWS Integration: Added session tagging support for AWS role assumptions. You can now enable the "Enable tag session" option when creating or editing AWS integrations, which adds session tags when Spacelift assumes the configured IAM role. This helps with AWS CloudTrail auditing and compliance tracking. When enabled, the trust policy must include the
sts:TagSessionpermission.
2026-01-13ยป
- fix(dashboard): exclude modules from Stacks state dashboard element
- feat(oidc-federation): add use:sig field to .well-known/jwks endpoint
2026-01-09ยป
-
Advanced Access Control: Added granular permissions for Terraform Module Registry management. You can now control how module can be shared with other spaces. This allow to share a module with a space without granting full write to the target space.
SPACE_SHARE_MODULE- Allow modules to be shared with an assigned space from other spaces
You may also probably want to set the
SPACE_READpermission in order for your users to be able to see the availaible spaces in the UI.See the module sharing documentation for more details.
2025-12-17ยป
Featuresยป
- Cloud Integrations: AWS and Azure integrations now support auto-attachment to stacks and modules. This follows the same behavior as other auto-attachable resources like contexts and policies. See the cloud integration documentation for AWS and Azure for more details.
2025-12-10ยป
Featuresยป
- Advanced Access Control: Added granular permissions for Terraform Module Registry management. You can now control who can disable/enable modules, trigger module version tests, and mark module versions as bad through the following new permissions:
MODULE_DISABLE- Disable a moduleMODULE_ENABLE- Enable a disabled moduleMODULE_TRIGGER_VERSION- Trigger module version testsMODULE_MARK_AS_BAD- Mark a module version as bad (yanking)
These permissions can be assigned to custom roles in your space, providing fine-grained control over module management operations.
2025-11-25ยป
Fixesยป
- Modules: Fixed an issue where legacy space modules were incorrectly displayed as having no read access when users had valid read permissions. That could have happened if still using legacy space and access policies.
2025-11-17ยป
Featuresยป
- Authorization & RBAC: Non-root Space Admins can now view all roles, users, API keys, and IdP group mappings (read-only) and manage role bindings within their administered spaces. Previously, these capabilities were limited to Root Space Admins only. See the RBAC system documentation for details.
2025-11-13ยป
Featuresยป
- Login Policy: Enriched the roles input in login policy data with
slugandulidfields for better role identification and assignment. See the login policy documentation for details. - Plugins: Introduced a new plugin system that allows you to extend Spacelift's functionality with custom integrations and automations. Plugins are written using the spaceforge Python SDK and can integrate with third-party services, automate workflows, and enhance your infrastructure management capabilities.
Key features include:
- Marketplace: Browse and install plugins from the Templates section in the Spacelift UI
- Auto-attachment: Automatically attach plugins to stacks using labels
- First-class citizens: Plugins are managed directly in Spacelift, not through stacks
- Configurable parameters: Define and configure plugin-specific settings during installation
- Multiple execution phases: Run plugins at different stages of your infrastructure lifecycle(before_init, after_plan, after_apply, etc.)
Available plugins include:
- Infracost: Estimate infrastructure costs before deployment
- SOPS: Secure secret management with encryption/decryption
- Wiz: Cloud security scanning and compliance reporting
- Checkov: Infrastructure-as-Code security and compliance scanning
- Terrascan: Detect security vulnerabilities and compliance violations
- Trivy: Comprehensive vulnerability and misconfiguration scanner
- TruffleHog: Secret detection and prevention
- Environment Manager: Manage environment variables across stacks
- Envsubst: Environment variable substitution in configuration files
- OpenTofu Tracing: Enhanced tracing and debugging for OpenTofu runs
Plugins automatically create and manage related Spacelift resources (contexts, policies, webhooks) which are locked in the UI and managed through the plugin interface.
See the plugins documentation for installation guides, usage instructions, and plugin development guidelines.
2025-11-12ยป
Featuresยป
- Kubernetes Worker Pools: The Kubernetes worker pool controller now supports auto-registration with version
v0.0.27.
Worker pools can be created and managed entirely through Kubernetes resources without manual setup in the Spacelift UI. The controller automatically registers pools with Spacelift, generates credentials, and handles the complete lifecycle.
This enables pure GitOps workflows where worker pools are provisioned declaratively alongside other infrastructure.
Additionally, OIDC-based API keys can be used to eliminate static credentials from the cluster entirely.
See the auto-registration documentation for more details.
2025-11-10ยป
Featuresยป
- Authorization & RBAC: Stacks can now assume roles for elevated permissions through stack role attachments, replacing the legacy administrative flag. This new approach provides three key advantages:
- Cross-space access: Attach roles for sibling spaces, not just the stack's own space and subspaces
- Fine-grained permissions: Use custom roles with specific actions instead of full Space Admin permissions
- Enhanced audit trail: Role information (
actor_roles) is included in webhook payloads for better visibility
The administrative flag is deprecated for stacks and will be automatically disabled on June 1st, 2026. On that date, Spacelift will backfill affected stacks with Space Admin roles (100% backward compatible), but manual migration is recommended to access advanced features and to avoid drifts in the OpenTofu/Terraform state.
Note
Modules are not affected by this change. The administrative flag for modules remains unchanged.
See the stack role bindings documentation for migration guides and detailed examples.
2025-11-07ยป
Featuresยป
- Rego Version Selector: Added support for switching between Rego v0 and v1 when editing policies. A version selector is now available in the policy editor, allowing you to easily switch between versions. We recommend using Rego v1 for all new policies. See the policy documentation for more information.
2025-10-27ยป
Featuresยป
- Account default runner images โ Added support for account default runner images. See the runtime security for more information.
- Account Deletion: Improved account deletion user experience with a dedicated settings tab, confirmation modals, and a safer two-step deletion process. Account deletion has been moved from the header dropdown to a dedicated tab in organization settings, with a 7-day waiting period after marking for deletion and multiple confirmation steps to prevent accidental deletions. Additionally, we now collect feedback about deletion reasons to help improve the product.
2025-10-17ยป
Featuresยป
- Dashboard: The Dashboard is now accessible to all users, not just admins. Non-admin users can view most dashboard widgets, with the Launch Pad and User Activity widgets remaining admin-only.
-
Integrations: Migrated the Slack integration management screen to the integrations page. The legacy UI has been removed, and all the legacy URLs now redirect to the new screen in the Integrations page.
-
Module Registry: Modules can now be shared with specific spaces within your account, providing fine-grained control over which teams can discover and use your modules.

The module list includes an availability filter to help you find modules shared with your spaces.
Space-level sharing is now the recommended approach for most organizations, with cross-account sharing remaining available for backwards compatibility.
See the module availability documentation for more details.
2025-10-15ยป
Featuresยป
- Filters: Enhanced filtering interface with improved selection states, dropdown functionality, and visual styling for better user experience
- Added SSO SAML attribute mapping support. See the custom attribute mapping documentation for more information.
2025-10-14ยป
Featuresยป
- Personal Settings: You can now find new "Spaces" view under your personal settings. This view lets you see the permissions you have for each space, making it easier to understand your access across Spacelift.
2025-10-10ยป
Featuresยป
- VCS Integrations: Completed migration to the new VCS integration interface. The legacy VCS integration UI has been removed, and the source code integrations can now be accessed using the new integrations screen.
2025-10-03ยป
Featuresยป
- You can now create API keys via the TF provider. See the API keys resource documentation for more information.
- Added SSO OIDC claim mapping support. See the custom claims mapping documentation for more information.
2025-10-01ยป
Featuresยป
- Run log retention period can now be configured at the organization level. This allows you to set how long run logs are retained before being automatically deleted. More details can be found in the run log retention documentation.
2025-09-30ยป
Featuresยป
- Detailed policy schema can now be retrieved from a public URL served by the Spacelift API. Each policy type has a detailed JSON schema definition which can be used for validation or provided to LLMs to generate policies. The schema can be found at .well-known/policy-contract.json.
2025-09-16ยป
Featuresยป
- Run details now display both the API key ID and name when triggered by an API key. Previously only the key ID was shown, which made it difficult to identify which key was used. The key ID is shown in shortened format. For example:
api::01K56PK::DevopsSpaceKey.