Skip to content

Infrastructure as code

Describe the infrastructure.
Trueform writes the Terraform.

Production-grade Terraform across seven providers, generated from a plain-English description and pushed straight to your repo, wrapped in the SSO, SCIM, and audit controls an enterprise security review expects.

Book a Trueform demoRequest demo access
View the live app
OktaAWSGCPJAMFFleetSnowflakeKandji

See it work

A sentence becomes a Terraform module.

You describe

A new Okta group "Engineering" with SSO into GitHub, AWS, and Datadog.

okta.tf
# Generated by Trueform
resource "okta_group" "engineering" {
  name = "Engineering"
}

resource "okta_app_group_assignment" "github" {
  app_id    = okta_app_oauth.github.id
  group_id = okta_group.engineering.id
}
# + AWS and Datadog assignments
1 / 3
Book a Trueform demoRequest demo access

How it works

A sentence in, a clean Terraform module out.

01

Describe it in plain English

Write what you want in a sentence. A new Okta group with SSO into three apps. A Jamf policy that enforces FileVault. A scheduled Lambda that sweeps stale users.

02

Trueform writes the Terraform

Production-grade HCL across providers, with the glue: Okta event hooks calling Lambdas, GCP Cloud Functions, Jamf and Fleet GitOps. Provider blocks merge and variables dedupe so it applies as one clean module.

03

Push straight to your repo

One click opens a pull request in your GitHub repo, or saves a ZIP. Every file ships with an apply runbook documenting the provider quirks so the plan is self-explaining.

Built for the security review

The controls an enterprise expects, in from day one.

SCIM provisioning

Your IdP provisions and deprovisions Trueform users automatically. Assign in Okta, the user appears; unassign, access is revoked. Soft-delete preserves the audit trail.

SSO and RBAC

OIDC single sign-on with role-based access (admin, editor, contributor, viewer). Group membership drives roles, enforced by row-level security on every tenant.

Audit and redaction

Every action is logged per org. Prompts are scrubbed of 19 categories of secrets and PII before they reach a model. The full threat model and incident-response runbooks are published.

FAQ

Frequently asked

Can I edit the generated Terraform?
Yes. The output lands as a pull request you review and merge, or a ZIP you download. You own the HCL and can edit, extend, or fork it before running terraform apply.
Does Trueform store my infrastructure description or the generated output?
The description is processed in memory for one call. Generated files go to your repo or your machine. We do not persist the body of either by default.
What if I run a provider not in the seven supported?
We will write an adapter for it on engagement. Until then, the generator emits a NOTE block in the output pointing at the missing provider so you know exactly what to wire in yourself.
Does Trueform store credentials to my cloud providers?
No. Trueform generates HCL; it does not apply it. You run terraform apply with your own credentials in your own environment. We never touch a cloud control plane.
Will the same input always produce the same Terraform?
Yes. The generator is deterministic across runs for the same description. The prompt is cached and the resource layout is canonicalized, so you get stable output without surprises on re-runs.

We built Trueform because we run this infrastructure ourselves.

The provider quirks Trueform encodes, the Jamf parallelism limits, the Fleet GitOps workflow, the Okta event hooks, come from running these systems in production, not reading the docs. It is the same operator experience behind everything Auxon does.

7 providers in productionGitHub EMU migration of 2300 reposOkta event hooks shipped
See what else we run

Want to see it on your stack?

Tell us the providers you run. We will get you in.

Book a Trueform demo