Introduction
A modern, open-source, self-hosted Terraform platform that provides a complete solution for managing your infrastructure deployments, state, and workspaces.
Tharsis eliminates the complexity of running Terraform at scale. It provides secure state management, OIDC-based managed identities for cloud authentication without storing secrets, built-in module and provider registries, VCS-driven workflows, and a powerful CLI with gRPC and MCP support. Whether you're a single team or an enterprise with hundreds of workspaces, Tharsis gives you the control, visibility, and automation to deploy infrastructure with confidence.
Some key features​
Tharsis API + UI​
✔ Hierarchical group structure with variable and managed identity inheritance.
✔ Managed identities for secure cloud authentication via OIDC — no secrets to store or rotate.
✔ Service accounts with OIDC federation and client credentials for M2M authentication.
✔ Role-based access control (RBAC) with viewer, deployer, and owner roles.
✔ Terraform module and provider registries with versioning and attestation support.
✔ Federated registries for cross-instance module and provider sharing.
✔ Provider mirror for air-gapped and restricted environments.
✔ VCS integration with GitHub and GitLab for automatic run triggering.
✔ Workspace drift detection and scheduled assessments.
✔ Module attestation for supply chain security.
✔ Configurable job executors (Docker, Kubernetes, ECS).
✔ Live run logs and real-time UI updates powered by GraphQL subscriptions.
✔ Activity events for full audit trail of resource modifications.
✔ Built-in GraphiQL editor for direct API exploration.
✔ Compatible with the Terraform CLI remote backend.
✔ SCIM support for user and team provisioning.
✔ Email notifications for key events.
✔ GraphQL and gRPC APIs for programmatic access.
✔ Built-in remote MCP server for AI assistant integration without a local CLI.
✔ Written in Go and TypeScript.
The Tharsis SDK for Go is deprecated. The CLI now communicates directly with the Tharsis API via gRPC using the client package.
Tharsis CLI​
✔ Full CLI for managing groups, workspaces, runs, modules, providers, and more.
✔ Run Terraform commands directly via the tf-exec subcommand.
✔ SSO and service account authentication with multi-profile support.
✔ Built-in MCP server for AI assistant integration (Claude, Cursor, etc.).
✔ Ready for use in CI/CD pipelines.
✔ Written in Go and available for all major platforms.
Tharsis Terraform Provider​
✔ Manage Tharsis resources (groups, workspaces, variables, managed identities, and more) using Terraform.
✔ Share workspace outputs across deployments.
✔ Available on the Terraform Registry.
Deploying with Tharsis​
| Method | Description |
|---|---|
| Module Sources | Use Tharsis's built-in registry or third-party registries |
| CLI | Deploy directly from the command line |
| VCS | Automatically trigger runs from Git commits |
| CI/CD | Integrate with GitLab CI, GitHub Actions, and other pipelines |