State

Yaffle fully manages OpenTofu state. You don’t configure backends, set up buckets, or manage lock tables. State storage and locking are handled automatically.

How it works

When Yaffle runs OpenTofu, it configures the backend automatically. Any backend configuration in your code is ignored during Yaffle runs.

terraform {
  # This block is ignored by Yaffle
  # Yaffle manages state for all runs it executes
  backend "s3" {
    bucket = "my-existing-bucket"
    key    = "terraform.tfstate"
  }
}

State isolation

Each environment and preview gets isolated state. Environment names are completely up to you—use whatever fits your workflow:

Context	State isolation
Named environment (e.g. prod, staging, eu-west)	Dedicated state per workspace
Preview (PR #42)	Ephemeral state, destroyed with PR

Tip

Yaffle doesn’t prescribe environment names. Use production and staging, or us-east and eu-west, or dev, test, qa, prod—whatever makes sense for your team. You can have as many or as few named environments as you need.

Preview state is completely isolated from named environments. A bug in a preview can’t corrupt your other environments’ state.

Locking

Yaffle prevents concurrent modifications. If two commits push simultaneously, runs are queued and executed sequentially.

Lifecycle

Event	State action
PR opened	State created on first apply
PR updated	State updated
PR merged/closed	State destroyed with resources
Push to trigger branch	Named environment state updated

Caution

Preview state is ephemeral. When a PR closes, Yaffle destroys the preview resources and deletes the state. Don’t store anything permanent in previews.

Security

• Encrypted at rest
• Encrypted in transit
• Isolated per organization
• No customer access to raw state files

Viewing state

The Yaffle dashboard shows:

• Resource counts per workspace
• Last modified timestamps
• Drift detection (planned)

For debugging, use tofu show output in run logs rather than accessing state directly.

Migrating existing state

If you have existing state you want Yaffle to manage:

1. Import your OpenTofu/Terraform directory as a workspace
2. Yaffle runs tofu plan against empty state
3. Use tofu import commands to bring resources under management

Or continue managing existing infrastructure separately and use Yaffle for new workspaces.