Introduction

What Yaffle is

Yaffle is an OpenTofu platform. It handles:

• Remote execution — Plans and applies run in secure containers
• State management — Encrypted storage with locking and isolation
• PR workflows — Automated plans, checks, and applies tied to Git
• Preview environments — Real infrastructure for every PR

Think of it as Terraform Cloud, but with preview environments built in—and without the BSL licensing concerns.

OpenTofu, not Terraform

Yaffle runs OpenTofu, the open-source fork of Terraform under MPL 2.0. OpenTofu is fully compatible with existing Terraform configurations and uses the same provider ecosystem. We chose OpenTofu to give you infrastructure automation without vendor lock-in.

The problem with existing tools

Terraform Cloud and Enterprise give you remote runs and state management. But when you open a PR, you still just get a plan. You read the diff, hope you understand it, merge, and find out if it works.

Write TF → PR → Read plan → Merge → Apply → Hope it works

There’s no way to see infrastructure running before production.

How Yaffle is different

Yaffle runs the full lifecycle. When you open a PR, it doesn’t just plan—it applies to an isolated preview environment. You can hit real endpoints, connect real databases, run real tests.

Write TF → PR → Plan → Apply preview → Test it → Merge → Apply production

Why 'Yaffle'?

Yaffle is old English for woodpecker. They tap to test before committing.

Core capabilities

Remote execution

Plans and applies run in isolated containers. Your team doesn’t need AWS credentials locally. Runs are reproducible and auditable.

State management

Each environment gets its own state file, stored encrypted with locking:

s3://yaffle-state/
├── environments/
│   ├── production/terraform.tfstate
│   └── staging/terraform.tfstate
└── previews/
    ├── pr-42/terraform.tfstate
    └── pr-99/terraform.tfstate

PR workflows

Every push triggers a plan. Results show up as GitHub checks. Merge policies, approval gates, and audit logs are built in.

Preview environments

This is what makes Yaffle different. When you open a PR, Yaffle:

1. Creates an isolated workspace
2. Runs tofu apply against that workspace
3. Posts outputs (URLs, connection strings) to the PR
4. Updates the preview on every push
5. Destroys everything when the PR closes

You ship with confidence because you’ve already seen it running.

Who Yaffle is for

Yaffle is built for platform engineering teams at growth-stage companies who:

• Have outgrown Atlantis and its operational overhead
• Find Terraform Cloud’s pricing unpredictable (RUM billing, surprise increases)
• Want preview environments without building custom CI pipelines
• Need RBAC, drift detection, and audit logs without running their own infrastructure
• Are concerned about IBM’s HashiCorp acquisition and want an open-source foundation

Next

• Quick Start — Set up Yaffle in 5 minutes
• How it works — Architecture overview