Security & Architecture
How infra.new works, what we access, and your deployment options
How It Works
infra.new uses AI-powered blueprints to generate production-ready infrastructure code:
- Blueprint selection - Agent analyzes your requirements and selects appropriate blueprint
- Code generation - Generates Terraform using public modules and provider documentation
- Optional security scanning - Scans for misconfigurations if state backend monitoring is enabled
- Export or deploy - Export to Git or deploy via runners
Cloud Credentials
Connecting cloud credentials is optional and not required for code generation. Credentials are used for advanced features like importing existing infrastructure, drift detection, and fixing policy violations.
No Credentials Required
Generate infrastructure code and export to Git without connecting cloud accounts.
Read-Only Access (Optional)
Required for advanced features:
- Import existing infrastructure
- Drift detection
- Policy violation detection
- Track resource changes across environments
Write Access (Optional)
Only needed if you want the agent to run workflow commands to deploy infrastructure directly. Recommended for dev/testing only.
š” Best practice: Start without credentials, export to Git, and deploy via GitOps workflows (GitHub/GitLab).
What We Access
With cloud credentials connected, infra.new can:
- Import existing infrastructure to generate Terraform code
- Read Terraform state files for drift detection
- Deploy infrastructure (only if you explicitly run deployments with write access)
Data & Auditing
How we handle your data:
- Workflow runs - Retained for auditing agent actions and troubleshooting
- Generated code - Stored until you delete the chat session
Self-Hosted Option
For maximum security and control, deploy infra.new in your own environment:
- Deploy with Helm chart - Run in your Kubernetes cluster
- Use any LLM provider - OpenAI, Anthropic, or self-hosted models
- Keep all data in your environment - No data leaves your infrastructure
- Private module support - Connect Spacelift and Terraform Cloud registries
Interested in self-hosting? Book a call at /demo to learn more.
Security & Architecture
How infra.new works, what we access, and your deployment options
How It Works
infra.new uses AI-powered blueprints to generate production-ready infrastructure code:
- Blueprint selection - Agent analyzes your requirements and selects appropriate blueprint
- Code generation - Generates Terraform using public modules and provider documentation
- Optional security scanning - Scans for misconfigurations if state backend monitoring is enabled
- Export or deploy - Export to Git or deploy via runners
Cloud Credentials
Connecting cloud credentials is optional and not required for code generation. Credentials are used for advanced features like importing existing infrastructure, drift detection, and fixing policy violations.
No Credentials Required
Generate infrastructure code and export to Git without connecting cloud accounts.
Read-Only Access (Optional)
Required for advanced features:
- Import existing infrastructure
- Drift detection
- Policy violation detection
- Track resource changes across environments
Write Access (Optional)
Only needed if you want the agent to run workflow commands to deploy infrastructure directly. Recommended for dev/testing only.
š” Best practice: Start without credentials, export to Git, and deploy via GitOps workflows (GitHub/GitLab).
What We Access
With cloud credentials connected, infra.new can:
- Import existing infrastructure to generate Terraform code
- Read Terraform state files for drift detection
- Deploy infrastructure (only if you explicitly run deployments with write access)
Data & Auditing
How we handle your data:
- Workflow runs - Retained for auditing agent actions and troubleshooting
- Generated code - Stored until you delete the chat session
Self-Hosted Option
For maximum security and control, deploy infra.new in your own environment:
- Deploy with Helm chart - Run in your Kubernetes cluster
- Use any LLM provider - OpenAI, Anthropic, or self-hosted models
- Keep all data in your environment - No data leaves your infrastructure
- Private module support - Connect Spacelift and Terraform Cloud registries
Interested in self-hosting? Book a call at /demo to learn more.