Stategraph Backend

Stategraph Backend is a self-hosted Terraform state backend that stores state in PostgreSQL with complete transaction history.

Features

HTTP Backend Protocol

Stategraph implements the Terraform HTTP backend protocol, making it compatible with any Terraform version that supports HTTP backends.

terraform {
  backend "http" {
    address  = "http://stategraph:8080/api/v1/states/backend/550e8400-e29b-41d4-a716-446655440000"
    username = "session"
    password = "<your-api-key>"
  }
}

PostgreSQL Storage

All state data is stored in PostgreSQL, providing:

  • ACID transactions - State updates are atomic and consistent
  • Familiar tooling - Use standard PostgreSQL backup and replication
  • Query capability - State data is queryable through Stategraph Insights
  • Scalability - PostgreSQL handles large state files efficiently

Transaction History

Every state change is recorded:

  • Who made the change
  • When it was made
  • What resources were added, modified, or removed
  • Complete state snapshots for point-in-time recovery

How It Works

┌──────────────┐         ┌─────────────────┐         ┌────────────┐
│   Terraform  │ ──────▶ │   Stategraph    │ ──────▶ │ PostgreSQL │
│     CLI      │         │     Backend     │         │            │
└──────────────┘         └─────────────────┘         └────────────┘
       │                         │
       │ 1. GET state            │ 2. Query DB
       │ 2. POST state           │ 3. Parse & index
       ▼                         ▼ 4. Store state
  1. Terraform requests state - GET request to retrieve current state
  2. Terraform pushes state - POST request with new state
  3. Stategraph processes - Parses state, extracts resources, updates indexes
  4. PostgreSQL stores - Atomic write of state and metadata

State Storage

State files are stored with full fidelity:

  • Original JSON preserved exactly as Terraform sends it
  • Parsed and indexed for querying
  • Resource dependencies extracted for graph analysis
  • Outputs and providers tracked

Security

Authentication

  • API keys for Terraform CLI authentication
  • OAuth integration for UI access
  • Separate tokens for CI/CD systems

Network Security

  • Supports HTTPS with TLS termination
  • Can be placed behind VPN or private network
  • No external network access required

Data Security

  • State files stored in your PostgreSQL instance
  • No data sent to external services
  • Full control over backup and encryption

Getting Started

  1. Deploy Stategraph
  2. Configure Terraform

Documentation

Topic Description
Terraform Configuration Detailed backend configuration guide
State Migration Migrate from S3, GCS, or Terraform Cloud
Transactions View and understand state history