Terrapod is a free, open-source platform replacement for Terraform Enterprise — the collaboration, governance, state, and registry layer that wraps terraform or tofu. This release makes Terrapod far easier to try and to reason about.
Highlights
- One-command evaluation quickstart —
make evalstands up a throwaway kind or k3d cluster with Terrapod fully wired: chart-managed PostgreSQL + Redis, filesystem storage, a local admin, and the URL + login printed for you. No external database, no cloud account.make eval-downtears it all down. See the README's Quick Evaluation section. - Chart-managed dev/eval datastores — the Helm chart can now run PostgreSQL and Redis in-cluster (
postgresql.deploy=true/redis.deploy=true) for evaluation and local development, removing the external-datastore prerequisite for kicking the tyres. Single-replica, no HA/backups — production still uses managed datastores. - Inbound GitLab webhooks — GitLab push and merge-request events now trigger an immediate poll, at parity with the existing GitHub receiver (
POST /api/terrapod/v1/vcs-events/gitlab, timing-safeX-Gitlab-Tokenvalidation, optional per-connection secret). Webhooks remain an optional accelerator — Terrapod polls outbound by default and works without them. - Clearer, more legible documentation — the single-organization design rationale, the (already-supported) VCS webhook acceleration, and the OPA policy-as-code engine are now explicitly surfaced across the README,
llms.txt, and the docs so both operators and AI assistants get an accurate picture of what Terrapod does.
Security
- Cleared the current HIGH CVEs: refreshed the Debian base packages to pick up the
libssh2fix (1.11.1-1+deb13u1, CVE-2026-55200 / CVE-2026-7598) and bumped the bundled OPA to 1.18.0 (vendoring the patchedgolang.org/x/crypto0.52.0 +golang.org/x/net0.55.0), retiring the corresponding scanner ignores.
Status
Beta — actively developed and used in production by its maintainers; APIs for the CLI-consumed surface are stable.
Full Changelog: v0.46.1...v0.47.0