Terrateam is an open-source GitOps CI/CD platform for automating infrastructure workflows. It integrates with GitHub to orchestrate Terraform, OpenTofu, CDKTF, and Terragrunt operations via pull requests. Use our hosted service or run on-premise.
Every part of your Terrateam configuration lives directly in Git, right alongside your code. Branch, merge, and revert configurations exactly like code, with no external setup or separate configuration files. This ensures full version control, traceability, and seamless integration with your existing Git workflows.
- GitHub-Native: Manage Terraform workflows in GitHub with Actions, PRs, and Secrets, no extra tools.
- Enterprise-Grade Security: RBAC, SSO, and audit trails for secure, compliant infrastructure.
- High Availability: Handles parallel execution, multi-repo environments with distributed architecture.
- Drift Detection: Alerts teams when live infrastructure diverges from infrastructure as code.
- Multi-Environment Support: Easily manage dev, staging, and production environments.
Terrateam combines powerful GitOps automation with enterprise-ready security and scalability, all directly in GitHub.
Get started quickly with our free SaaS version by signing up at https://terrateam.io.
For those who prefer more control, you can deploy Terrateam in your own environment.
Before you begin, ensure you have the following:
- Docker and Docker Compose installed on your machine.
- A way to expose the Terrateam server to the internet. The server must be able to receive GitHub webhooks and allow the GitHub Action to communicate with it.
- For local testing: Terrateam supports Ngrok natively through the provided
docker-compose.yml
file. Alternatively, you can use any tunneling or reverse proxy tool that fits your needs. - For production environments: It is recommended to use a load balancer or another production-grade solution for secure and reliable communication. Read the docs for more details.
- For local testing: Terrateam supports Ngrok natively through the provided
-
Clone the
terrateamio/terrateam
repository:git clone /~https://github.com/terrateamio/terrateam.git cd terrateam/docker/terrat
-
Start the Terrateam setup container:
GH_ORG=YOUR_GITHUB_ORG docker-compose up setup
If you're using a GitHub Enterprise server, set the
GHE_HOST
environment variable:GHE_HOST=github.mycompany.com GH_ORG=YOUR_GITHUB_ORG docker-compose up setup
-
Navigate to http://localhost:3000 to create your private Terrateam GitHub application. Take note of your application URL for use below.
⚠️ Important: Do not install your private Terrateam GitHub application until you complete the steps below. -
Save the generated GitHub application settings Create a
.env
file in theterrateam/docker/terrat
directory, next to thedocker-compose.yml
file, and save the settings there. -
Stop the Terrateam setup container by pressing
Ctrl+C
in the terminal to stop the container. -
Start the Terrateam Server: Get your Ngrok auth token here
NGROK_AUTHTOKEN=<YOUR-NGROK-AUTH-TOKEN> docker-compose up server -d
If you're using a GitHub Enterprise server that can communicate directly with the Terrateam server, use the following environment variables to start the server:
TERRAT_API_BASE=https://terrateam.example.com GITHUB_API_BASE_URL=https://api.github.example.com GITHUB_WEB_BASE_URL=https://github.example.com docker-compose up server -d
-
Wait for the server to be ready. The
docker-compose
command will return you to your shell when the Terrateam Server is ready for connections. -
Install your private Terrateam GitHub application using the application URL from step 3. You can install Terrateam against your entire organization or specific repositories.
⚠️ Important: Ensure the Terrateam Server is running (see step 7) before installing the GitHub application. -
Add the Terrateam GitHub Actions Workflow Download terrateam.yml and save it in your repository under
.github/workflows/terrateam.yml
. The Terrateam GitHub Actions workflow file must reside in the default branch of your Terraform repository, typically namedmain
ormaster
. -
Start Using Terrateam Create a pull request with a Terraform code change to automatically trigger a Terraform
Plan
operation. For detailed instructions on your first Terrateam deployment, refer to the Quickstart Guide.
For non-local setup instructions, including manual setup and Kubernetes deployment options, follow our Self-Hosted Guide to get up and running.
- GitOps Integration: Orchestrate Terraform changes using GitHub pull requests and Actions.
- High Availability: Scale seamlessly across teams and large workloads with distributed architecture.
- Apply Before/After Merge: Apply infrastructure changes either before or after merging.
- Cost Estimation: Predict infrastructure costs automatically before applying changes.
- OIDC Authentication: Authenticate cloud providers securely using OpenID Connect.
- Apply Locks: Avoid conflicts with automatic locking and concurrent operations.
- Parallel Runs: Run multiple operations in parallel with no concurrency limits.
- Private Runners: Execute workflows securely in your own environment using dedicated runners.
- Apply Requirements: Ensure compliance and approval checks before applying any changes.
- Drift Detection: Detect and reconcile infrastructure drift from Terraform or OpenTofu configurations.
- Layered Runs: Establish dependencies between operations to ensure proper execution order.
- Multiple Environments: Manage multiple environments using GitHub Environments.
- GitHub Secrets: Safely store and manage sensitive data like credentials in your workflows.
- Configuration Builder: Dynamically generate configurations for complex workflows.
- Role-Based Access Control (RBAC): Securely manage permissions across GitHub identities.
- Audit Trail: Track and review all infrastructure changes for compliance and security.
Terrateam’s architecture is built for high availability and reliability.
- Terrateam Server: Orchestrates infrastructure, scalable for complex environments and parallel operations.
- GitHub Application: Enables GitOps workflows with native GitHub functionality.
- GitHub Actions: Powers infrastructure as code executions.
- Postgres Database: Securely stores operations data and configurations for consistency and auditability.
graph TD
gpr[GitHub Pull Request] --> ge[GitHub Events]
ge --> ts[Terrateam Server]
ts <--> pd[(Postgres Database)]
ts <--> ga[GitHub Actions]
ts --> gpr
gt[GitHub Teams] --> ts
ga <--> go[GitHub OIDC]
gs[GitHub Secrets] --> ga
ga --> cp[Cloud Provider]
tr[Terraform Code Repository] --> ga
For more details, see our How It Works Documentation.
Terrateam’s configuration is managed in an in-repo .terrateam/config.yml
file, providing flexibility for custom workflows and advanced settings. You can also dynamically generate configurations using the config_builder
for even more control.
For more details and example configurations, explore the Configuration Reference and Advanced Workflows sections of our documentation to customize Terrateam to your specific use cases.
- Website
- Documentation
- GitHub Discussions
- Join our Slack
- Terrateam Blog
- If you have any questions, you can email us at support@terrateam.io
Thank you for your interest in contributing to Terrateam! We appreciate your help in improving the project. Whether you're fixing bugs, suggesting new features, or improving documentation, your contributions are essential to making Terrateam better for everyone.
🌟 If you find Terrateam useful, starring the repo is always appreciated! Your support helps increase the project’s visibility, allowing us to grow and continue improving Terrateam for the community.
- Reporting Issues: If you encounter bugs or other issues, please report them via GitHub Issues. Make sure to include as much detail as possible (e.g., steps to reproduce, environment, logs).
- Improving Documentation: We welcome updates that enhance clarity or add useful information. Your contributions make Terrateam easier to use for the whole community.
- Bug Fixes & New Features: If you're interested in submitting code changes, we encourage you to review our Contributing Guide to understand the process. Since the codebase follows specific styles, contributions may need adjustments to fit project standards.
- Feature Requests: Have an idea to enhance Terrateam? We welcome your feature suggestions! Please open an issue on GitHub Issues and describe the problem you're solving and how your feature would help. We can't guarantee all requests will be implemented, but we'll review them carefully. Thumbs up your favorite feature requests.
Please refer to the Contributing Guide for detailed steps on how to contribute and what to expect during the review process.
If you'd like to engage with the community or need help, you're welcome to participate in GitHub Discussions or join our Slack Community. We'd love to hear your feedback, ideas, and questions.
Thank you for being a part of the Terrateam community and helping us make it better!
Terrateam is available in two versions:
-
Community Edition (CE): Open-source, offering powerful infrastructure automation features. Perfect for small teams and individual developers looking for seamless GitOps workflows and infrastructure automation. Learn more about Self-Hosted CE.
-
Enterprise Edition (EE): Designed for larger teams and organizations that require advanced features like RBAC, UI-based audit trails, centralized configuration, and more. Available via Terrateam Cloud (all plans), Private Cloud, or Self-Hosted options. The Enterprise Edition is ideal for companies with stricter compliance and governance requirements. Contact us for more details.
Category | Feature | Open-Source (MPL-2.0) | Enterprise (Proprietary) |
---|---|---|---|
Core Features | Plan & Apply Operations | ✅ | ✅ |
Apply Before / After Merge | ✅ | ✅ | |
Layered Runs (Dependencies) | ✅ | ✅ | |
Drift Detection & Reconciliation | ✅ | ✅ | |
Cost Estimation | ✅ | ✅ | |
Scalability | High Availability | ✅ | ✅ |
Unlimited Concurrency | ✅ | ✅ | |
Private Runners | ✅ | ✅ | |
Integrations | GitHub Environments Support | ✅ | ✅ |
GitHub Secrets Integration | ✅ | ✅ | |
OPA, Checkov, and more | ✅ | ✅ | |
Advanced Features | Centralized Configuration | ➖ | ✅ |
Dynamic Configuration Builder | ✅ | ✅ | |
Security & Compliance | Fine-Grained Apply Requirements | ✅ | ✅ |
OIDC Authentication | ✅ | ✅ | |
Role-Based Access Control (RBAC) | ➖ | ✅ | |
Audit Trail UI | ➖ | ✅ |
Both versions include essential automation features, but the Enterprise Edition offers additional capabilities that help manage larger infrastructures, provide more granular control, and ensure security and compliance at scale.
This repository uses a multi-license model:
- Community Edition: Most of the code is licensed under the Mozilla Public License 2.0 (MPL-2.0).
- Enterprise Edition: Enterprise-specific features are licensed under the Terrateam Enterprise License.
- Third-Party Components: Any third-party components included in the project retain their original licenses.
Please refer to the individual LICENSE
files within each directory for more details.