Frequently Asked Questions

What is CloudTruth?

CloudTruth’s mission is to orchestrate all your cloud infrastructure and application configuration settings while preserving usage of the tools you already know and trust: Terraform, Cloudformation, AWS Parameter Store, Git, Blueprints, Chef, Puppet and many others.​

With CloudTruth you will gain a single record of truth across all configuration settings to help improve security and reliability. CloudTruth can also make compliance change management reporting easier with our “single record of truth” concept.

We’re offering CloudTruth “as a service” for DevOps, SRE, QA, Compliance & Audit professionals that need a global view across all configuration settings for infrastructure, applications & services, and secrets.

Configuration is becoming more decentralized and expanding in scope, leading to an exponential increase in the number of settings that can be touched by each deployment. CloudTruth is creating a configuration intelligence platform to solve this problem.


Why do I need CloudTruth?

We interviewed hundreds of technology professionals across roles ranging from CIO, CTO, CISO, to DevOps, SecOps and QA leaders and learned there needs to be a better way to track & orchestrate configuration changes. Our first offering helps with orchestrating changes. Our mission is to become the single record of truth for all settings.

Nearly all teams use infrastructure as code (IaC) techniques to provision infrastructure and another tool to configure applications & services. With the advent of IaC, containers and serverless, come new challenges because there are multiple tools, spread across multiple teams, using tens to thousands of Git repositories to store configuration settings.

​CloudTruth aggregates all configuration settings into one consolidated view. And then lets you use the data between tools.

Usage examples:

  • Automatically configure applications from IaC tooling.
  • Track consistency between dev/test, staging, and production environments.
  • Support multiple environments with inheritances and overrides.
  • Use dynamic templating streamline application configuration.
  • SRE teams need to know what changed, by whom, and when, right before an outage or security incident.
  • Share configuration file changes to team members who don’t have access to original sources (such as compliance, QA, audit & GRC teams.)
  • QA groups manage multiple environments and need to know if a setting is changed that causes drift from standard configuration settings.
  • A data science team will want to know when database configurations are changing before production rolls out.
  • Compliance auditing professionals need an easy way to track

What does CloudTruth do?

​CloudTruth is a unified parameter store with the ability to source configuration settings from other locations. Also included is built-in support for multiple environments along with static and dynamic templating.

CloudTruth connects to your existing configuration tools such as Cloudformation and Parameter Store, your Git repos that store JSON/YAML files, and your IaC tools (Terraform & Cloudformation for now) and auto-discovers your configuration files across all the sources.


Why is CloudTruth different?

  • Tool-agnostic: CloudTruth lives alongside your existing configuration tools and works across multiple environments and IaC solutions.
  • Cloud-agnostic: CloudTruth is focused on the configuration data layer and works with multiple cloud providers. Starting with AWS support now and future support for Azure, GCP, IBM, DO, and other infrastructure providers.
  • Focused on change: Our initial offering is a unified parameter store with the ability to source settings from other locations such as Terraform, AWS Parameter Store, and JSON/YAML stored in Github.
  • Built anticipating the evolution to containers, serverless and IaC: Configuration is becoming decentralized and distributed. DevOps, SRE, core software developers are all now interacting with configuration tools. What’s missing is a single record of truth describing how an organization’s infrastructure and applications are configured.


How does CloudTruth work?

​CloudTruth is a SaaS application running on Amazon Web Services (AWS).

CloudTruth needs read-access to the repositories which contain configuration data.


Where is my data stored?

Your configuration data never leaves the source. Additional account and system information are stored in AWS RDS.


What permissions does CloudTruth need?

CloudTruth needs read-only access permissions to S3, AWS SSM, and Github repositories.


What is the security model?

CloudTruth is designed and architected by experienced cloud technologists that have previously created massively scalable systems for data backup, archiving, compliance, and governance.

We follow the principle of least privilege for access policies, with strong boundaries between environments, and restricted access to production resources.

How much does CloudTruth cost?

​CloudTruth is free to use during the early access period. We will always offer a free trial and will implement paid plans as we add more functionality.

Get Early Access

We are seeking partners to help validate and prioritize product features.

Sign up to learn more about our Early Access Progam and help us build the future of cloud configuration.