State Management (remote state, locking)
On this page
State Is Production Data
- State contains mapping of resources and often sensitive metadata.
- Operate it like a database: access controls, backups, and locking.
Checklist: Remote State Backend
- Server-side encryption enabled
- Versioning enabled (or append-only history)
- State locking enabled to prevent concurrent apply
- Least-privilege access for CI role
- Break-glass procedure documented
Runbook: Lock Contention
# Symptoms - apply fails due to lock - pipeline stuck or crashed mid-apply # Actions 1) identify owner of lock (job id, actor, timestamp) 2) confirm no apply is running 3) release lock using documented command/tool 4) re-run plan and apply
Failure Modes
- Local state on laptops: impossible to coordinate safely.
- No versioning: state corruption becomes unrecoverable.