Stategraph — Terraform & OpenTofu without the state file bottleneck

5 min read Original article ↗

Works with your existing Terraform/OpenTofu

Stategraph replaces the flat state file with a database-backed graph. Independent changes can run in parallel, and the state becomes queryable and auditable. No code changes.

Parallel teams No lock waiting Audit-ready state

What Stategraph makes possible

Teams run in parallel

If resources don't overlap, everyone ships
?

Query your infrastructure

SQL-queryable state, not JSON parsing

Resource-level control

Resource-level locking & RBAC

Teams run in parallel

If resources don't overlap, everyone ships

?

Query your infrastructure

SQL-queryable state, not JSON parsing

Resource-level control

Resource-level locking & RBAC

From flat files to dependency graphs

State as a file

Global locks

Serial execution

Audit via CI logs

State as a database

Resource ownership

Parallel where safe

SQL queries and diffs

Under the hood: API and database

Stategraph has two parts: a CLI that provides the same interface as Terraform, and a backend that fundamentally reimagines how state is stored and processed—as a dependency graph in PostgreSQL, not a flat file. The CLI doesn't orchestrate Terraform; it executes graph-aware operations directly against the database.

stategraph plan

stategraph apply

stategraph query

STATEGRAPH CLI

Replaces Terraform & OpenTofu CLI
Manages Graph-aware execution
Provides Query interface

Replaces

Terraform & OpenTofu CLI

Manages

Graph-aware execution

HTTP API SERVER

POST /transactions

GET /transactions/{id}

GET /graph

POST /query

POSTGRESQL DATABASE

id

type

name

depends_on

status

1

aws_vpc

main

NULL

active

2

aws_subnet

public-1a

1

active

3

aws_subnet

public-1b

1

active

4

aws_security_group

web-sg

1

active

5

aws_instance

web-server-1

2,4

active

6

aws_instance

web-server-2

3,4

pending

7

aws_alb

main-lb

2,3

active

8

aws_db_instance

postgres-prod

3

active

Resources as rows • Dependencies as foreign keys • Graph traversal via SQL joins

Parallel-safe

Disjoint ops run together

SQL-queryable

Direct database access

Graph-native

Dependencies as edges

Audit-ready

Every change tracked

Visual interface

Visualize the dependency graph, run SQL queries, and browse transactions — all in one place.

Stategraph mock UI showing a dependency graph, SQL query panel, and transaction log Stategraph mock UI showing a dependency graph, SQL query panel, and transaction log

Graph explorer SQL results Transaction log Resource ownership

shell

$ # Want this in your hands? $ echo "Notify me when Stategraph launches" | \ mail -s "Launch Updates" hello@stategraph.dev

See the difference

Watch how Stategraph parallelizes your infrastructure operations

Traditional Backend

[VPC ] waiting

[Subnets ] waiting

[Security ] waiting

[RDS ] waiting

[ALB ] waiting

[ASG ] waiting

[Route53 ] waiting

[CloudFront ] waiting

Stategraph

[VPC ] waiting

[Subnets ] waiting

[Security ] waiting

[RDS ] waiting

[ALB ] waiting

[ASG ] waiting

[Route53 ] waiting

[CloudFront ] waiting

Parallel Team execution

Graph Dependency aware

SQL Queryable state

Get launch updates

Be the first to know when Stategraph launches.

Why Terraform & OpenTofu need a new backend

FILE

State is stored as a monolithic JSON file. Every plan loads the entire file. Result: slow plans at scale.

LOCK

Global lock blocks all teams. Even those working on unrelated resources. Result: teams queue behind each other.

BLIND

State is opaque binary data. No queries. No insights. No audit trail. Result: Debugging via CI logs.

SERIAL

Resources execute one at a time. Even when operating on completely separate parts of the tree. Result: Wasted time waiting for unrelated changes.

Two ways to deploy Stategraph

Use Stategraph as a Terraform backend for inventory and queries, or add the CLI for faster plans.

5-minute setup

Terraform Backend

Point your Terraform/OpenTofu backend configuration at Stategraph. No CLI installation needed.

What you get:

  • Infrastructure inventory & CMDB
  • SQL-queryable state
  • Resource change history

Full power

Backend + CLI

Install the Stategraph CLI for drop-in Terraform/OpenTofu replacement with performance enhancements.

All backend features, plus:

  • Subgraph-based execution
  • Parallel team operations
  • Incremental resource refresh

Frequently Asked Questions

No code changes required. Your Terraform/OpenTofu configurations, modules, and providers remain exactly the same. You just use the Stategraph CLI (a drop-in replacement for the Terraform/OpenTofu CLI) and update your backend configuration to point to Stategraph.

Stategraph imports your existing .tfstate file on first run. Every resource, every attribute, every piece of metadata is preserved and migrated into the database. The import process is non-destructive, and you can always export back to standard .tfstate format if needed.

Stategraph builds a complete dependency graph of your resources and only parallelizes truly independent subgraphs. We enforce explicit barriers for dependencies and use transactional writes. If resources depend on each other, they run in order. If they don't, they run in parallel.

You need PostgreSQL 14+, but you have options: self-hosted on your infrastructure, managed services like RDS or Cloud SQL, or local PostgreSQL for development. The database requirements are minimal — any PostgreSQL instance can handle thousands of resources.

Your infrastructure state becomes queryable data. Find all EC2 instances in production, track resource changes over time, identify unused resources, or build custom dashboards. This is real SQL against normalized data, not parsing JSON blobs.

Terraform/OpenTofu's pg backend just stores the state file as a blob in PostgreSQL. Stategraph actually parses and normalizes the state into a proper database schema. Every resource becomes a queryable entity with relationships, history, and ownership. The pg backend stores a file in a database — Stategraph IS a database.

All state data is encrypted at rest (AES-256) and in transit (TLS 1.3). Provider credentials are never stored in state. Resource-level RBAC means teams only see what they need. Every access and modification is logged with full attribution.

We're targeting our first release early Q1 2026. Design partners get early access starting soon. Sign up above to be the first to know when we launch.

We're looking for teams running Terraform or OpenTofu at scale to co-build with us. As a design partner, you'll get early access, direct engineering support, and influence over the roadmap. Apply to be a design partner.

Contact

Stategraph is under active development.