Skip to main content


Welcome to Hatchet!

Note: Hatchet is in early alpha and is not yet ready for production use. We are actively working on improving the documentation and user experience. If you have any questions or feedback, please reach out to us on Discord.

Hatchet is a continuous integration and deployment (CI/CD) solution for Terraform. It focuses on making it easier to run secure and scalable infrastructure deployment pipelines without having to build those pipelines from scratch. More specifically, it offers:

  1. Remote execution of Terraform runs, such as terraform plan and terraform apply
  2. Integrations with Git-based repositories, which can be configured to run pipelines automatically against pull requests and merges.
  3. An extensive monitoring integration built using Open Policy Agent, an industry-standard policy as code framework.

How does it work?

Hatchet is self-hosted and runs entirely on your infrastructure. The Hatchet architecture can be grouped into three main components:

  • Hatchet Control Plane: This encompasses the Hatchet API server, background workers, database, and a few other services. Hatchet uses a custom build of Temporal to manage the execution of Terraform runs.
  • Hatchet Worker: The worker that executes your Terraform runs.
  • Hatchet Client: The web interface for Hatchet. This is where you view the status of your runs and configure your pipelines.

While there are a few moving pieces, the getting started guides will make it simple to deploy these components. After you've gotten a basic installation up and running, you can start to customize your instance by consulting the config file references.

After installing Hatchet, you can deploy infrastructure through either local deployments or Github-based deployments.

How is this different from other tools?

Hatchet was created due to the lack of open-source, self-hostable, and scalable alternatives to Terraform Cloud. Hatchet focuses on making it as easy as possible to manage your deployment pipelines, while also providing the flexibility to customize your deployment to your specific needs.

Why self-hosted?

For many organizations, it's essential that sensitive data never leaves your internal infrastructure. As a result, while most solutions offer self-hosted runners, Hatchet makes it easy to self-host everything, including your control plane, credentials backend, and runners.

Why open-source?

While there are many benefits to being open source, one strength of Hatchet is the flexibility it provides for customizing different aspects of your deployment pipelines by extending our open-source repository. For example, if you'd like to load in your cloud credentials from a custom secret storage engine, you can simply write a credential plugin for Hatchet. We aim to make everything customizable -- down to even the theme of the Hatchet dashboard.

How are you scalable?

Hatchet is built on top of Temporal, an open-source workflow engine. Temporal is a horizontally scalable system that can run thousands of workflows in parallel across as many tenants as you need.

These three features of Hatchet -- being open-source, self-hosted, and focused on scalability -- work hand-in-hand to give you the best possible solution for infrastructure management.