Back to BlogRSS
August 18, 2025josh-pollara
terrateaminfrastructureterraformdevopsconfiguration

Announcing Feature Branch Configuration Overrides

Today we're introducing Feature Branch Configuration Overrides, giving you granular control over which Terrateam configuration settings must come from your default branch and which can be modified in feature branches.

This feature solves a fundamental challenge: maintaining security controls while enabling teams to customize their workflows without affecting the main branch configuration.

The Security vs. Flexibility Balance

By default, Terrateam sources critical security configurations from your default branch to prevent unauthorized changes. This ensures that users can't bypass security controls by simply modifying configurations in their feature branches. Feature Branch Configuration Overrides lets you choose exactly which settings require default branch authority and which can be customized per branch.

How It Works

The default_branch_overrides setting specifies which configuration keys must always come from the default branch. By default, three security-critical settings are locked to the default branch:

  • access_control: Who can run Terrateam commands
  • apply_requirements: What approvals and checks are needed before applying
  • destination_branches: Which branches changes can be merged into

All other configuration settings (workflows, hooks, etc.) are always read from the feature branch.

Default Configuration

# This is the default - these settings must come from the default branch
default_branch_overrides:
  - access_control
  - apply_requirements
  - destination_branches

Customizing Override Behavior

To allow specific configurations to be overridden in feature branches, remove them from the list:

# Allow workflows to be customized in feature branches
# while keeping security controls locked to default branch
default_branch_overrides:
  - access_control
  - apply_requirements
  - destination_branches

Or to allow apply requirements to be customized per branch:

# Allow branch-specific apply requirements
default_branch_overrides:
  - access_control
  - destination_branches

Getting Started

Feature Branch Configuration Overrides is available now for all Terrateam users. To implement it:

  1. Review your current default_branch_overrides setting (defaults are secure)
  2. Identify if you need branch-specific customization for non-security settings
  3. Document your override policy for the team
  4. Adjust the overrides only if necessary

Full documentation is available at docs.terrateam.io/advanced-workflows/feature-branch-configuration.

The Power of Choice

Feature Branch Configuration Overrides represents our philosophy that teams should have control over their tools. By letting you choose which configurations require central control and which can be customized, we're enabling both security and flexibility.

The default settings provide maximum security out of the box. The override capability is there when you need it, giving you the power to adapt Terrateam to your organization's unique needs.

Have questions about configuring overrides for your use case? Join our Slack community or reach out via GitHub issues.