Why Infra?

Infra enables you to discover and access infrastructure (e.g. Kubernetes, databases). We help you connect an identity provider such as Okta or Azure active directory, and map users/groups with the permissions you set to your infrastructure.

If you don't have an identity provider, Infra supports local users for you to get started before connecting an identity provider.


  • Easy-to-use CLI: discover & login to infrastructure in one command
  • No more out-of-sync credentials or configurations (e.g. Kubeconfig)
  • Onboard and offboard users & groups via existing identity providers (e.g. Okta, Google)
  • Integrate with native RBAC authorization systems (e.g. Kubernetes roles)
  • Workflow for dynamically requesting & granting access to users (coming soon)
  • Audit logs for who accessed what, when (coming soon)

Example (Kubernetes)

# Log in as [email protected] via Okta
$ infra login
  ... logging in with Okta
  ... logged in as [email protected]

# Discover what you can access via `infra list`
# In the example below, 3 Kubernetes clusters are connected to Infra.
# Infra has already synchronized the kubeconfig file so the
# user can use their tool of choice right away (i.e. kubectl)

$ infra list
  NAME                           ACCESS
  production                     view
  production.web                 edit
  staging                        edit
  development                    edit

# You can switch clusters using your existing tools
# Infra also includes a CLI command for switching clusters
$ infra use production.web
Switched to context "production.web".

$ kubectl get pods
NAME                  READY   STATUS    RESTARTS   AGE
web-d6797786d-cz5jh   1/1     Running   0          8h
web-d6797786d-wzxns   1/1     Running   0          8h
web-d6797786d-zjbvl   1/1     Running   0          8h

Deploy anywhere

Infra works anywhere and doesn't depend on any existing identity & access management system such as AWS IAM, Google IAM or Azure AD. It can be completely self-hosted, including behind existing VPNs or proxies.

Automatic onboarding & offboarding

No more manual wiki pages, onboarding tickets or slowing down while access is manually granted. With Infra users can be provisioned access automatically when they join the team.

Connectors for your favorite tools & services

Infra includes a growing set of rich connectors for popular infrastructure tools:

  • Kubernetes
  • Databases (coming soon)
  • SSH (coming soon)
  • Kafka (coming soon)

No more long-lived, shared admin passwords or credentials

Credentials generated by Infra are:

  1. Unique to every user
  2. Scoped based on what the user needs to access (e.g. read-only, editor, admin)
  3. Rotated automatically

An extensible API

Infra includes a REST API so you can customize how easy it is for your team to get access. Example use cases we've seen include:

  • Just-in-time access (adding & removing access on the fly)
  • Custom CLI tools to access infrastructure (e.g. custom-built acmectl internal CLI)
  • Co-ordinating access with on-call rotation
  • A Slack bot to request or manage access

Secure by default

Data stored and transmitted by Infra is always encrypted. Read more about our security.

What's next

Get up and running with the Quickstart guide or read about the Key Concepts.

Sign up for product & API updates

You can unsubscribe at any time.