Frequently Asked Questions

What is CloudTruth?

​CloudTruth’s mission is to orchestrate all your cloud infrastructure and application configuration settings while preserving your use of the tools you already know and trust: Terraform, Cloudformation, Blueprints, Chef, Puppet and many others.​

With CloudTruth you will gain a single record of truth across all configuration settings to help improve security and reliability. CloudTruth can also make compliance change management reporting easier with our “single record of truth” concept.

We’re offering CloudTruth “as a service” for DevOps, CISO, SRE, QA, Compliance & Audit professionals that need to know when critical configuration settings are changing.

Configuration is becoming more decentralized and expanding in scope, leading to an exponential increase in the number of settings that can be touched by each deployment. CloudTruth is creating a configuration orchestration platform to solve this problem.


Why do I need CloudTruth?

We interviewed hundreds of technology professionals across roles ranging from CIO, CTO, CISO, to DevOps, SecOps and QA leaders and learned there needs to be a better way to track & orchestrate configuration changes. Our first offering helps with tracking changes. Our vision and mission is to orchestrate the changes from one tool to another.

Nearly all teams are using infrastructure as code (IaC) techniques to provision infrastructure and applications. With the advent of IaC, containers and serverless, come new challenges because there are multiple tools, spread across multiple teams, using tens to thousands of Git repositories to store configuration settings.

​CloudTruth provides a “cross-cutting” view of configuration changes by aggregating into one notification stream. This single record of truth delivering “signal” from all the noise generated by observability and logging systems.

A few specific examples:

  • SRE teams need to know what changed, by whom, and when, right before an outage or security incident.
  • Share configuration file changes to team members who don’t have access to Github (such as compliance, QA, audit & GRC teams.)
  • QA teams manage multiple environments and need to know if a setting is changed that causes drift from standard configuration settings.
  • A data science team will want to know when database configurations are changing before production rolls out.
  • Compliance auditing professionals need an easy way to track configuration file changes.

What does CloudTruth do?

​CloudTruth connects to your Github Organization (other Git providers coming soon) and auto-discovers your configuration files across all the repositories you grant read-only access.

When a file is changed in Master, CloudTruth captures the details and displays an activity change log and optionally notifies a Slack channel.

​We’re early in our journey and seeking your feedback on how we can help you manage your configuration sprawl.


Why is CloudTruth different?

  • Tool-agnostic: CloudTruth lives alongside your existing configuration tools and works across multiple environments and IaC solutions.
  • Cloud-agnostic: CloudTruth is focused on the configuration data layer and works with AWS, Azure, GCP, IBM, DO and other infrastructure providers.
  • Focused on change: Our initial offering provides a cross-cutting view of the pertinent config changes and notifies appropriate people/roles in your organization without requiring them to be experts in the configuration tools used by developers & DevOps.
  • More than compliance: CloudTruth goes beyond compliance automation in that it tracks any change for any reason…be that for security, compliance, performance, or cost management,
  • Built anticipating the evolution to containers, serverless and IaC: CloudTruth will track configuration file changes (parameters in files coming soon) no matter where they take place across a decentralized and distributed infrastructure and application configuration environment.
  • Easy for everyone to use: CloudTruth’s Slack notification feature enables Dev, Security, Ops, and Compliance teams to be “in the know” of critical changes without having to access Github or the CloudTruth application directly.


How does CloudTruth work?

​CloudTruth is a native serverless-architecture SaaS application running on Amazon Web Services (AWS).

​No customer information is stored outside of your own Github organization.

​CloudTruth needs only read-access to the repositories which contain configuration data. One of the benefits is to auto-discover configuration files spread across all your Git repositories into one filtered view. You should feel comfortable granting the CloudTruth application read-only access to all your repositories.


Where is my data stored?

Your configuration data never leaves Github. Additional account and system information is stored in AWS DynamoDB.


What permissions does CloudTruth need?

CloudTruth needs read-only access permissions to Github repositories. One of the benefits we offer is to auto-discover configuration files spread across all your Git repositories into one filtered view. You should feel comfortable granting the CloudTruth application read-only access to all your repositories. We also need Read/Write access to PullRequests so that we can add you as a reviewer to the PR when the configuration files you care about are changed by that PR.


What is the security model?

CloudTruth is designed and architected by experienced cloud technologists that have previously created massively scalable systems for data backup, archiving, compliance and governance.

No source code information is stored outside of Github.

We follow the principle of least privilege for access policies, with strong boundaries between environments, and restricted access to production resources.

How much does CloudTruth cost?

​CloudTruth is free to use during the early access period. We will always offer a free trial and will implement paid plans as we add more functionality.

Get in touch – we’d love to share our vision for conquering cloud configuration.

We would like to share occasional product updates. Please join our mailing list. No spam, no list sharing. We respect your privacy.