The Future of
IaC is Open.
Introducing Project OpenTaco: The Open Standard for Terraform
Closed licenses have compromised open tooling.
BSL & lock-in restrict
freedom.
RUM pricing punishes adoption.
"Project OpenTaco is a community effort to deliver a fully open, self-
hosted alternative to Terraform Cloud and Spacelift: feature for
feature, but open source forever."
ALL FULLY OPENSOURCE
The Pillars
State Manager
The backbone of automation.
Private Registry
Modules, shared securely.
Auth & RBAC
Granular trust, by design.
Stacks & Dependencies
Complexity, ordered.
Drift Detection
Know when reality diverges from code.
State Insights
Reality mapped to code.
ALL FULLY OPENSOURCE
The Blueprint
V0.0
Current
We are HERE
State manager
A service to manage terraform states, compatible with terraform & opentofu's cloud block. Requires only a single bucket. Has support for fine-grained RBAC controls to decide who can achieve which access operations to the state. User is able to "terraform login" into this service to run terraform commands. Supports any S3-compatible storage on AWS, GCP, Azure and on-prem. This will be close to terraform cloud's workspaces in local mode.
V0.1
October 2025
The Execution Engine
Remote runners
Remote agents that can execute terraform commands with access to the state. Integrates with k8s agentpools. Agents will autoscale and also support RBAC controls for users. Users are able to user terraform or opentofu cli to trigger runs of local directories on remote locations. This enables elimination of credentials sharing accross machines and a centralised RBAC flow for all IAC users in the organisation. This will be close to terraform cloud's workspaces with cli and remote runs.
Management CLI
Taco cli to manage CRUD operations for states and team management. It will have the ability to perform the same actions as in the web UI
Web UI
• A UI to initiate Plan/Apply/Refresh/Destroy.
• A management dashboard to view history of runs, "who did what", control access.
• Support SSO with multiple identity providers
Dependencies manager
Keeps track of all runs that occurred that make modifications to state. User is able to specify Input/output mapping of dependent states. User is able to query the status of all dependent states when an output has been modified. This api will also used by the webUI while displaying the status of each state
V0.2
Kubecon 2025
Core Platform (UI + CLI + GitOps)
VCS automation
Automatically detect changes, trigger runs, and keep configurations in sync with source control. GitHub only initially, building on top of the existing VCS goodness available with Digger as of today.
Module registry
• Taking inspiration from amazing projects like citizen, tapir, antholog and boring-registry the module registry will be designed to enable organizations to maintain their own repository of Terraform modules and providers. This is for reasons that most other organisations have private module registries:
• Access to Git repos are often designed on team level, no access for others per default
• Search capabilities are very limited, in terms you are searching for specific Terraform modules
• You may not get insights in the codes quality and security measures
• Module versioning is not enforced
• Documentation formats vary or docs are missing at all.
TFC Stacks support
• We should add support for Terraform Stacks in Digger. Stacks replace the traditional root module structure with a higher-level layer made of modular components.
• They make it easier to manage complex, multi-environment deployments by organizing and reusing infrastructure code. Supporting Stacks ensures OpenTaco works with modern Terraform workflows at scale.
V0.1
AWS ReInvent 2025
Extensibility
TFE compatibility
• The advantage of maintaining a compatibility with terraform cloud and terraform enterprise workspace API, this allows usage of native terraform/opentofu cli. useres of opentaco can perform "terraform login opentaco.mycompany.com" or "opentofu login opentaco.mycompany.com" and upon authentication granted access to perform remote runs and operations, subject to RBAC. This increases velocity while keeping the
State and cloud insights
• Once we have versioned states there is alot of insights that can be drawn. It all starts with parsing the statefile and storing individual resources. The second part is to have a resource inventory of the resources provisioned. Once these two are mapped together, we are able to produce reports around resources out of management, drifted resources and coverage more accurately, which is very valuable insights for the platform team. Furthermore we can offer ways to safely break out larger statefiles into smaller units given that we know the relationships between them.
Forward Compatibility
• The Opentaco project should enable users to use the entire feature set available in commercial TACOS, and should be open source. This allows for increased enterprise usage and opens up the ecosystem for the next layer of innovation. This also allows users to use any version of Terraform or Opentofu that they'd like to use, without penalising them for using it via extractive pricing.
Digger's journey so far
4.7k+
GitHub Stars
600k+
Downloads
500+
Orgs in Production
