Crucible IAP

Self-hosted Infrastructure Automation Platform — run, review, and govern your IaC pipelines on your own infrastructure. No per-resource pricing. No plan output leaving your environment.

View on GitHub

Open Beta — Free to Deploy Now

Crucible IAP is currently in open beta — deploy it today, give us feedback, and shape what comes next. Commercial licensing and dedicated support tiers are coming soon for teams that need SLAs and enterprise features.

Star on GitHub Get Notified on Licensing

The Problem

Cloud-based IaC platforms are expensive, opaque, and not yours

The major hosted infrastructure automation platforms charge per resource, per run, or per seat — costs that compound fast as your footprint grows. Worse, your plan output, state files, and environment secrets transit their infrastructure, not yours.

Crucible IAP gives you the same automated plan/apply workflows, policy gates, drift detection, and approval queues — running entirely within your own environment, at a cost you actually control.

Third-party plan exposure

Multi-tool

OpenTofu, Terraform, Ansible, Pulumi

Flat cost

No per-run or per-resource fees

Self-hosted

Your infra, your rules

Features

Everything your IaC pipeline needs

Built by engineers who managed infrastructure at scale and grew tired of paying cloud tax for something they could run themselves.

Multi-Tool Stack Management

Manage OpenTofu, Terraform, Ansible, and Pulumi stacks from a single platform. Define your stack once — branch, root, runner image, and behavior — and let Crucible handle the rest.

Policy-Gated Apply Workflows

Use OPA (Open Policy Agent) to define exactly which plans auto-apply and which require a human review. Policies live in your repo — reviewed in PRs, tested in CI, version-controlled like everything else.

Drift Detection & Remediation

Schedule drift checks on any stack. When your live infrastructure diverges from your declared state, Crucible surfaces it immediately — and can auto-remediate if you want it to.

Complete Audit Trail

Every plan, apply, approval, discard, and destroy is recorded with actor, timestamp, and full context. Meet compliance requirements with tamper-evident logs stored in your own object storage.

Self-Hosted, Your Infrastructure

Deploy on your own hardware or cloud account via Docker Compose. Your plan output, your state files, your secrets — none of it touches a third-party platform. Full control, no per-resource pricing.

Secrets & State Management

Native integrations with AWS Secrets Manager, HashiCorp Vault, Bitwarden, and Vaultwarden for runtime secret injection. S3, GCS, and Azure backends for remote state — including cross-stack state references.

In Action

See Crucible IAP at work

A clean, focused interface that gets out of the way and lets your team ship infrastructure confidently.

Run Dashboard — Pending Approvals & Live Runs

Crucible IAP run dashboard showing pending approvals and live runs

Run Detail — Plan Output & Policy Evaluation

Crucible IAP run detail showing plan output and OPA policy evaluation results

Policy Editor — OPA/Rego with Live Validation

Crucible IAP policy editor with OPA Rego syntax highlighting and live validation

How It Works

From commit to applied — with guardrails

Connect Your Repo

Point Crucible at a Git repository, branch, and working directory. Choose your IaC tool and configure runtime behavior — auto-apply, drift schedule, custom runner image.

Plan on Every Push

Commits trigger a plan automatically. OPA evaluates the result against your policies — low-risk changes apply automatically, significant ones queue for human review.

Review, Approve, Apply

Reviewers see the full plan output before confirming. Every decision is logged. Applied changes stream live to the run view. Drift checks run on your schedule.

Built for every stakeholder

Technical depth for the engineers running it. Clear outcomes for the leaders funding it.

For Engineers

OpenTofu, Terraform, Ansible, and Pulumi — all supported
OPA policies in Rego — testable, version-controlled, PR-reviewed
Live streaming run logs with auto-scroll and download
Env vars, secret store injection, remote state references
Custom runner images — bring your own toolchain
Docker Compose deployment — running in under an hour
Open source — read it, fork it, contribute back

View the source code →

For Leadership

No per-resource or per-run fees — predictable infrastructure cost
Plan output and state never leave your environment
Approval gates before significant changes apply
Full audit trail — who, what, when for every infra change
Drift detection surfaces config debt before it becomes an incident
Supports SOC 2, ISO 27001, and change management requirements
Open beta now — commercial support tiers coming for teams needing SLAs

Talk to us about your needs →

Technology

Boring technology, in the best possible way

Proven, battle-tested open-source components your team already knows how to operate, monitor, and secure.

GoAPI & orchestration engine

SvelteKitModern, reactive frontend

PostgreSQLRelational data store

MinIOS3-compatible artifact & log storage

OPAPolicy-as-code engine

Docker ComposeZero-friction self-hosted deployment

Today

Open Beta

Free to deploy, forever open source. Full access to all current features.

All core features
Community support via GitHub
Apache 2.0 license

Get started free

Coming Soon

Professional

For teams needing SLA response times, assisted onboarding, and priority features.

Everything in Beta
Email & Slack support
SLA response guarantee
Assisted onboarding

Join the waitlist

Coming Soon

Enterprise

For orgs with complex compliance needs, custom integrations, and dedicated support.

Everything in Professional
Custom policy development
SSO/SAML integration
Dedicated support engineer
Custom SLA

Own your infrastructure pipeline — all of it

Crucible IAP is open source and free to deploy today. Built and supported by Forged in Feathers Technology.

View on GitHub Talk to us