Open-source Terraform Platform

Tharsis is an enterprise scale Terraform platform that offers a complete solution for managing your Terraform deployments, state and workspaces.

CloudNative

EnterpriseScale

OpenSource

Get Started→Learn More

tharsis-demo.mp4

LIVE

Core Capabilities

Central control

Home Dashboard

Centralized dashboard displaying run status, workspace access, recent activity events, and team memberships. Single view for managing all your infrastructure deployments and monitoring system health.

Visual insights

Plan Visualization

Visual diff of infrastructure changes with streaming logs and plan summaries. See exactly what resources will be created, updated, or destroyed with drift detection before applying changes.

RBAC & teams

Role-Based Access Control

Hierarchical permissions with inherited memberships across groups and workspaces. User, team, and service account management with viewer, deployer, and owner roles for streamlined access control.

Organization

Group Hierarchy

Organize workspaces using nested groups that model your product and environment structure. Terraform variables and permissions set at group level are inherited by all subgroups and workspaces.

Module management

Private Registry

Built-in Terraform registry for private modules and providers with versioning, visibility controls, and attestation. Central location to store, discover, and share infrastructure patterns.

Simplified deployment

No-Code Deployments

Deploy Terraform modules directly from the registry without writing wrapper code. Create and manage infrastructure through UI or CLI without maintaining root Terraform configurations.

Registry: registry.tharsis.io

Module: aws-vpc/network

Version: v2.1.0

Workspace: prod-network

Plan

Apply

Enterprise Scale

Managed Identities

Secure cloud authentication using OIDC without storing static credentials. AWS and Azure support with access policies and module attestation for zero-credential infrastructure management.

Tharsis → AWS STS

↓

Token Exchange

↓

Assume Role

M2M authentication

Service Accounts

Machine-to-machine authentication for CI/CD pipelines using OIDC tokens. Assign roles within groups or workspaces without managing static API keys or secrets.

🔧

GitHub Action

→

🎫

OIDC Token

→

🚀

Deploy

Git workflows

VCS Integration

Automatic Terraform deployments triggered by Git repository changes. GitHub and GitLab support with webhook automation to keep infrastructure in sync with your codebase.

📝

Code Push

→

⚫🟠

Webhook

→

🚀

Auto Deploy

⚫ GitHub🟠 GitLab

Flexible execution

Runner Agents

Scalable job execution with pluggable container runtimes including Docker, Kubernetes, and AWS Fargate. Deploy shared or dedicated runners within private networks for secure deployments.

🐳

Docker

☸️

Kubernetes

☁️

AWS Fargate

SharedDedicated

Native integration

Terraform Provider

Native Terraform provider for managing Tharsis resources and consuming workspace outputs. Create and manage Tharsis infrastructure using familiar Terraform workflows and syntax.

🔧

Terraform

↔

🏗️

Tharsis

Manage ResourcesConsume Outputs

Dependency management

Workspace Dependencies

Visual dependency tracking and cross-workspace data sharing through output consumption. Understand infrastructure relationships and manage complex multi-workspace deployments.

vpc-prod

subnet_ids

vpc_id

→

app-prod

← subnet_ids

← vpc_id

Simple. Secure. Scalable.

📝

Write

Create Terraform configurations with your infrastructure as code

🚀

Deploy

Deploy using Tharsis CLI locally, from CI/CD pipelines, or trigger runs via VCS integration

📦

Publish modules to private registries for team collaboration

Ready to Get Started?

Deploy your first Terraform module with Tharsis in minutes. Choose your preferred way to begin.

Start Building View Documentation