Most infrastructure teams run Terraform from a CI pipeline. That pipeline has credentials — cloud provider keys, state backend tokens, maybe a vault token to fetch more secrets. Early on, one pipeline with one set of credentials works fine. But as the infrastructure grows and more environments come online, the shared-runner model starts creating problems that are hard to fix without rethinking the architecture.

The shared-runner problem

When a single CI runner (or pool of identical runners) handles all Terraform work, several things go wrong at the same time.

Credential sprawl

Your CI runner needs to deploy networking in production, spin up a dev Kubernetes cluster, manage DNS records, and provision a staging database. That means it holds credentials for all of those things — often across multiple cloud providers and accounts.