{"id":13707029,"url":"https://github.com/spacelift-io/spacectl","last_synced_at":"2026-04-01T17:23:08.685Z","repository":{"id":39290672,"uuid":"354647574","full_name":"spacelift-io/spacectl","owner":"spacelift-io","description":"Spacelift client and CLI","archived":false,"fork":false,"pushed_at":"2026-03-15T18:38:28.000Z","size":823,"stargazers_count":159,"open_issues_count":15,"forks_count":48,"subscribers_count":15,"default_branch":"main","last_synced_at":"2026-03-16T06:45:26.394Z","etag":null,"topics":["infra-as-code","pulumi","spacelift","terraform"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spacelift-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-04-04T21:11:03.000Z","updated_at":"2026-03-13T13:41:59.000Z","dependencies_parsed_at":"2024-02-28T10:29:00.744Z","dependency_job_id":"da1c788e-aba9-48a2-a20b-361054f92a73","html_url":"https://github.com/spacelift-io/spacectl","commit_stats":{"total_commits":188,"total_committers":34,"mean_commits":5.529411764705882,"dds":0.7925531914893618,"last_synced_commit":"4bb59fe6e29e2392c65addb098462455c3d38137"},"previous_names":["spacelift-io/spacelift-cli"],"tags_count":87,"template":false,"template_full_name":null,"purl":"pkg:github/spacelift-io/spacectl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spacelift-io%2Fspacectl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spacelift-io%2Fspacectl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spacelift-io%2Fspacectl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spacelift-io%2Fspacectl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spacelift-io","download_url":"https://codeload.github.com/spacelift-io/spacectl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spacelift-io%2Fspacectl/sbom","scorecard":{"id":839979,"data":{"date":"2025-08-11","repo":{"name":"github.com/spacelift-io/spacectl","commit":"ea69e85a7749d4b498ad12052e0d414476d8a375"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.6,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":8,"reason":"Found 21/25 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/security.yml:1","Warn: no topLevel permission defined: .github/workflows/unit-testing.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:62: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/security.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/security.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/security.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-testing.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/unit-testing.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-testing.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/spacelift-io/spacectl/unit-testing.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   8 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: key.asc: https://github.com/spacelift-io/spacectl/releases/tag/v1.15.0","Info: signed release artifact: key.asc: https://github.com/spacelift-io/spacectl/releases/tag/v1.14.4","Info: signed release artifact: key.asc: https://github.com/spacelift-io/spacectl/releases/tag/v1.14.3","Info: signed release artifact: key.asc: https://github.com/spacelift-io/spacectl/releases/tag/v1.14.2","Info: signed release artifact: key.asc: https://github.com/spacelift-io/spacectl/releases/tag/v1.14.1","Warn: release artifact v1.15.0 does not have provenance: https://api.github.com/repos/spacelift-io/spacectl/releases/238962239","Warn: release artifact v1.14.4 does not have provenance: https://api.github.com/repos/spacelift-io/spacectl/releases/229977057","Warn: release artifact v1.14.3 does not have provenance: https://api.github.com/repos/spacelift-io/spacectl/releases/225525113","Warn: release artifact v1.14.2 does not have provenance: https://api.github.com/repos/spacelift-io/spacectl/releases/222663991","Warn: release artifact v1.14.1 does not have provenance: https://api.github.com/repos/spacelift-io/spacectl/releases/222009481"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:10"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":9,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 26 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T20:13:58.980Z","repository_id":39290672,"created_at":"2025-08-23T20:13:58.980Z","updated_at":"2025-08-23T20:13:58.980Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["infra-as-code","pulumi","spacelift","terraform"],"created_at":"2024-08-02T22:01:15.947Z","updated_at":"2026-04-01T17:23:08.672Z","avatar_url":"https://github.com/spacelift-io.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# `spacectl`, the Spacelift CLI\n\n`spacectl` is a utility wrapping Spacelift's [GraphQL API](https://docs.spacelift.io/integrations/api) for easy programmatic access in command-line contexts - either in manual interactive mode (in your local shell), or in a predefined CI pipeline (GitHub actions, CircleCI, Jenkins etc).\n\nIts primary purpose is to help you explore and execute actions inside Spacelift. It provides limited functionality for creating or editing resources. To do that programatically, you can use the [Spacelift Terraform Provider](https://github.com/spacelift-io/terraform-provider-spacelift).\n\n## Installation\n\n### Officially supported packages\n\nOfficially supported packages are maintained by [Spacelift](https://spacelift.io/) and are the preferred ways to install `spacectl`\n\n#### Homebrew\n\nYou can install `spacectl` using Homebrew on MacOS or Linux:\n\n```bash\nbrew install spacelift-io/spacelift/spacectl\n```\n\n#### Windows\n\nYou can install `spacectl` using winget:\n\n```shell\nwinget install spacectl\n```\n\nor\n\n```shell\nwinget install --id spacelift-io.spacectl\n```\n\n#### Docker image\n\n`spacectl` is distributed as a Docker image, which can be used as follows:\n\n```bash\ndocker run -it --rm ghcr.io/spacelift-io/spacectl stack deploy --id my-infra-stack\n```\n\n\u003e Don't forget to add the [required environment variables](#authenticating-using-environment-variables) in order to authenticate.\n\n#### asdf\n\n```bash\nasdf plugin add spacectl\nasdf install spacectl latest\nasdf global spacectl latest\n```\n\n#### GitHub Release\n\nAlternatively, `spacectl` is distributed through GitHub Releases as a zip file containing a self-contained statically linked executable built from the source in this repository. Binaries can be download directly from the [Releases page](https://github.com/spacelift-io/spacectl/releases).\n\n#### Usage on GitHub Actions\n\nWe have [setup-spacectl](https://github.com/spacelift-io/setup-spacectl) GitHub Action that can be used to install `spacectl`:\n\n```yaml\nsteps:\n  - name: Install spacectl\n    uses: spacelift-io/setup-spacectl@main\n\n  - name: Deploy infrastructure\n    env:\n      SPACELIFT_API_KEY_ENDPOINT: https://mycorp.app.spacelift.io\n      SPACELIFT_API_KEY_ID: ${{ secrets.SPACELIFT_API_KEY_ID }}\n      SPACELIFT_API_KEY_SECRET: ${{ secrets.SPACELIFT_API_KEY_SECRET }}\n    run: spacectl stack deploy --id my-infra-stack\n```\n\n---\n\n### Community supported packages\n\n**Disclaimer:** These packages are community-maintained, please verify the package integrity yourself before using them to install or update `spacectl`.\n\n#### Arch linux\n\nInstall [`spacectl-bin`](https://aur.archlinux.org/packages/spacectl-bin) from the Arch User Repository ([AUR](https://aur.archlinux.org/)):\n\n```bash\nyay -S spacectl-bin\n```\n\nPlease make sure to verify the [`PKGBUILD`](https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=spacectl-bin) before installing/updating.\n\n#### Alpine linux\n\nInstall [`spacectl`](https://pkgs.alpinelinux.org/packages?name=spacectl\u0026branch=edge\u0026repo=\u0026arch=\u0026maintainer=) from the Alpine Repository ([alpine packages](https://pkgs.alpinelinux.org/packages)):\n\n```bash\napk add spacectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/testing\n```\n\nPlease make sure to verify the [`APKBUILD`](https://git.alpinelinux.org/aports/tree/testing/spacectl/APKBUILD) before installing/updating.\n\n## Quick Start\n\nAuthenticate using `spacectl profile login`:\n\n```bash\n\u003e spacectl profile login my-account\nEnter Spacelift endpoint (eg. https://unicorn.app.spacelift.io/): http://my-account.app.spacelift.tf\nSelect authentication flow:\n  1) for API key,\n  2) for GitHub access token,\n  3) for login with a web browser\nOption: 3\n```\n\nUse spacectl :rocket::\n\n```bash\n\u003e spacectl stack list\nName                          | Commit   | Author        | State     | Worker Pool | Locked By\nstack-1                       | 1aa0ef62 | Adam Connelly | NONE      |             |\nstack-2                       | 1aa0ef62 | Adam Connelly | DISCARDED |             |\n```\n\n## Getting Help\n\nTo list all the commands available, use `spacectl help`:\n\n```bash\n\u003e spacectl help\nNAME:\n   spacectl - Programmatic access to Spacelift GraphQL API.\n\nUSAGE:\n   spacectl [global options] [command [command options]]\n\nVERSION:\n   1.13.0\n\nCOMMANDS:\n   profile                  Manage Spacelift profiles\n   whoami                   Print out logged-in user's information\n   version                  Print out CLI version\n   module                   Manage a Spacelift module\n   stack                    Manage a Spacelift stack\n   provider                 Manage a Terraform provider\n   run-external-dependency  Manage Spacelift Run external dependencies\n   workerpool               Manages workerpools and their workers.\n   blueprint                Manage Spacelift blueprints\n   policy                   Manage Spacelift policies\n   audit-trail              Manage Spacelift audit trail entries\n   mcp                      Manage MCP server\n   help, h                  Shows a list of commands or help for one command\n\nGLOBAL OPTIONS:\n   --help, -h     show help\n   --version, -v  print the version\n```\n\nTo get help about a particular command or subcommand, use the `-h` flag:\n\n```bash\n\u003e spacectl profile -h\nNAME:\n   spacectl profile - Manage Spacelift profiles\n\nUSAGE:\n   spacectl profile [command [command options]] \n\nCOMMANDS:\n   current       Outputs your currently selected profile\n   export-token  Prints the current token to stdout. In order not to leak, we suggest piping it to your OS pastebin\n   usage-csv     Prints CSV with usage data for the current account\n   list          List all your Spacelift account profiles\n   login         Create a profile for a Spacelift account\n   logout        Remove Spacelift credentials for an existing profile\n   select        Select one of your Spacelift account profiles\n\nOPTIONS:\n   --help, -h  show help\n```\n\n## Example\n\nThe following screencast shows an example of using spacectl to run a one-off task in Spacelift:\n\n[![asciicast](https://asciinema.org/a/pYm8lqM5XTUoG1UsDo7OL6t8B.svg)](https://asciinema.org/a/pYm8lqM5XTUoG1UsDo7OL6t8B)\n\n## Authentication\n\n`spacectl` is designed to work in two different contexts - a non-interactive scripting mode (eg. external CI/CD pipeline) and a local interactive mode, where you type commands into your shell. Because of this, it supports two types of credentials - environment variables and user profiles.\n\nWe refer to each method of providing credentials as \"credential providers\" (like AWS), and details of each method are documented in the following sections.\n\n### Authenticating using environment variables\n\nThe CLI supports the following authentication methods via the environment:\n\n- [Spacelift API tokens](#spacelift-api-tokens).\n- [GitHub tokens](#github-tokens).\n- [Spacelift API keys](#spacelift-api-keys).\n\n`spacectl` looks for authentication configurations in the order specified above, and will stop as soon as it finds a valid configuration. For example, if a Spacelift API token is specified, GitHub tokens and Spacelift API keys will be ignored, even if their environment variables are specified.\n\n#### Spacelift API tokens\n\nSpacelift API tokens can be specified using the `SPACELIFT_API_TOKEN` environment variable. When this variable is found, the CLI ignores all the other authentication environment variables because the token contains all the information needed to authenticate.\n\nNOTE: API tokens are generally short-lived and will need to be re-created often.\n\n#### GitHub tokens\n\nGitHub tokens are only available to accounts that use GitHub as their identity provider, but are very convenient for use in GitHub actions. To use a GitHub token, set the following environment variables:\n\n- `SPACELIFT_API_KEY_ENDPOINT` - the URL to your Spacelift account, for example `https://mycorp.app.spacelift.io`.\n- `SPACELIFT_API_GITHUB_TOKEN` - a GitHub personal access token.\n\n#### Spacelift API keys\n\nTo use a Spacelift API key, set the following environment variables:\n\n- `SPACELIFT_API_KEY_ENDPOINT` - the URL to your Spacelift account, for example `https://mycorp.app.spacelift.io`.\n- `SPACELIFT_API_KEY_ID` - the ID of your Spacelift API key. Available via the Spacelift application.\n- `SPACELIFT_API_KEY_SECRET` - the secret for your API key. Only available when the secret is created.\n\nMore information about API authentication can be found at \u003chttps://docs.spacelift.io/integrations/api#authenticating-with-the-api\u003e.\n\n### Authenticating using account profiles\n\nIn order to make working with multiple Spacelift accounts easy in interactive scenarios, Spacelift supports account management through the `profile` family of commands:\n\n```bash\n❯ spacectl profile\nNAME:\n   spacectl profile - Manage Spacelift profiles\n\nUSAGE:\n   spacectl profile command [command options] [arguments...]\n\nCOMMANDS:\n     current       Outputs your currently selected profile\n     export-token  Prints the current token to stdout. In order not to leak, we suggest piping it to your OS pastebin\n     list          List all your Spacelift account profiles\n     login         Create a profile for a Spacelift account\n     logout        Remove Spacelift credentials for an existing profile\n     select        Select one of your Spacelift account profiles\n     help, h       Shows a list of commands or help for one command\n\nOPTIONS:\n   --help, -h  show help (default: false)\n```\n\nEach of the subcommands requires an account **alias**, which is a short, user-friendly name for each set of credentials (account profiles). Profiles don't need to be unique - you can have multiple sets of credentials for a single account too.\n\nAccount profiles support three authentication methods:\n\n- GitHub access tokens\n- API keys\n- Login with a browser (API token).\n\nIn order to authenticate to your first profile, type in the following (make sure to replace `${MY_ALIAS}` with the actual profile alias):\n\n```bash\n❯ spacectl profile login ${MY_ALIAS}\nEnter Spacelift endpoint (eg. https://unicorn.app.spacelift.io/):\n```\n\nIn the next step, you will be asked to choose which authentication method you are going to use. Note that if your account is using [SAML-based SSO authentication](https://docs.spacelift.io/integrations/single-sign-on), then API keys and login with a browser are your only options. After you're done entering credentials, the CLI will validate them against the server, and assuming that they're valid, will persist them in a credentials file in `.spacelift/${MY_ALIAS}`. It will also create a symlink in `${HOME}/.spacelift/current` pointing to the current profile.\n\nBy default the login process is interactive, however, if that does not fit your workflow, the steps can be predefined using flags, for example:\n\n```bash\n❯ spacectl profile login --method browser --endpoint https://unicorn.app.spacelift.io local-test\n```\n\nYou can switch between account profiles by using `spacectl profile select ${MY_ALIAS}`. What this does behind the scenes is point `${HOME}/.spacelift/current` to the new location. You can also delete stored credetials for a given profile by using the `spacectl profile logout ${MY_ALIAS}` command.\n\n## MCP Server\n\nSpacectl includes an MCP (Model Context Protocol) server that allows AI models to interact with Spacelift through a standardized interface. MCP is an open protocol that standardizes how applications provide context to LLMs, similar to how USB-C provides a standardized way to connect devices to peripherals.\n\n### Authentication\n\nThe MCP server uses the same authentication methods as the standard CLI. You can use any of the [authentication methods described above](#authentication).\n\n### Configuration\n\nTo use the Spacelift MCP server with your AI tool:\n\n1. Find your tool's MCP configuration file\n2. Add the following configuration:\n\n```json\n{\n  \"mcpServers\": {\n    \"spacelift\": {\n      \"command\": \"spacectl\",\n      \"args\": [\"mcp\", \"server\"]\n    }\n  }\n}\n```\n\nOr if you prefer using Docker:\n\n```json\n{\n  \"mcpServers\": {\n    \"spacelift\": {\n      \"command\": \"docker\",\n      \"args\": [\n        \"run\", \n        \"-i\", \n        \"--rm\", \n        \"-e\", \"SPACELIFT_API_TOKEN=your-api-token-here\",\n        // Or use API key authentication:\n        // \"-e\", \"SPACELIFT_API_KEY_ENDPOINT=https://your-account.app.spacelift.io\",\n        // \"-e\", \"SPACELIFT_API_KEY_ID=your-key-id\",\n        // \"-e\", \"SPACELIFT_API_KEY_SECRET=your-key-secret\",\n        \"ghcr.io/spacelift-io/spacectl\", \n        \"mcp\", \n        \"server\"\n      ]\n    }\n  }\n}\n```\n\n3. Restart your AI tool to apply the changes\n\n### Available Tools\n\n#### Stack Management\n\n- **list_stacks**: Browse and search stacks with pagination\n- **list_stack_runs**: View tracked runs for a stack\n- **list_stack_proposed_runs**: View preview runs for a stack\n- **get_stack_run**: Get run details\n- **get_stack_run_logs**: Access run logs with pagination\n- **get_stack_run_changes**: See infrastructure changes from a run\n- **trigger_stack_run**: Start new runs (PROPOSED or TRACKED)\n- **confirm_stack_run**: Approve runs waiting for confirmation\n- **discard_stack_run**: Cancel pending or in-progress runs\n- **list_resources**: View infrastructure resources managed by stacks\n- **local_preview**: Create preview runs using local workspace files\n\n#### Module Registry\n\n- **list_modules**: Browse modules in your private registry\n- **get_module**: Get module information including metadata, inputs, outputs\n- **list_module_versions**: List all versions for a module\n- **get_module_version**: Get version information including dependencies and consumers\n- **search_modules**: Search with filtering by provider, labels, space, public/private status\n\n#### GraphQL Schema\n\n- **introspect_graphql_schema**: Complete schema introspection\n- **get_graphql_type_details**: Information about specific GraphQL types\n- **search_graphql_schema_fields**: Search for fields, types, or operations\n- **get_authentication_guide**: Authentication guidance with examples\n\n## Contributing\n\nFor information about how to contribute to the development of spacectl, please see our [CONTRIBUTING.md](./CONTRIBUTING.md) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspacelift-io%2Fspacectl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspacelift-io%2Fspacectl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspacelift-io%2Fspacectl/lists"}