Skip to main content
Declarative Infrastructure Runtime

Run your infrastructure anywhere.

Atmos is the open-source runtime that builds, authenticates, and ships Terraform, Kubernetes, and containers — the same way everywhere. Auth, secrets, vendoring, and CI are built in. Stop stringing together 25 tools.

Run it on your laptopRun it the same in CIRun it with agents
Discover your whole platform
Built for agents

Infrastructure agents can actually reason about

Frontend teams move fast because the framework is consistent and predictable. Atmos brings that to infrastructure. Everything is declarative — the same stack configuration, the same commands, everywhere. Skills teach agents your domain, and every command documents itself. So agents don't string together 25 tools and pray — they operate one provable, end-to-end framework.

From zero to deployed

Ship anything with Atmos

Three steps from config to authenticated infrastructure workflows.

  1. 01

    Model your platform

    Stacks, components, identities, secrets, and stores live in one declarative graph.

  2. 02

    Authenticate once

    Atmos identities feed Terraform, stores, emulators, and CI without bespoke wrapper scripts.

  3. 03

    Run it anywhere

    The same commands build, authenticate, and ship on your laptop and in CI, identically.

Config in, infrastructure out
Everything is configuration

Your environments are just configuration.

Point every environment at the same reusable Terraform root modules and treat the rest as configuration — eliminating code duplication, custom bash scripts, and complicated tooling with one tool to rule them all.

  • Reusable root modules
  • Inherit a shared baseline
  • Override only what changes
  • No glue scripts
  • DRY by default

And it isn't just environments — auth, secrets, workflows, and vendored dependencies are all declared the same way, so the entire platform stays readable, reviewable, and in sync.

Batteries included

Everything you'd otherwise bolt on

Auth, secrets, vendoring, caching, toolchain, workflows, CI, and AI are part of the runtime — not a pile of plugins you wire together.

Terraform & OpenTofu

Run Terraform like a platform team.

Plan and apply across every component in dependency order, with bounded concurrency. Backends and providers are generated for you. Drift is caught automatically.

  • Dependency graph
  • Auto backends
  • Registry cache
  • Drift detectionPro

Atmos lists the Terraform instances and resolved stack values it will pass to Terraform.

Terraform, orchestrated
Kubernetes & Helm

Ship Kubernetes and Helm the same way.

Helmfile is a first-class workload. Atmos models Kubernetes releases beside the rest of your stack, with the same CLI you already use for Terraform.

  • Helmfile native
  • Stack-aware releases
  • Toolchain aware

Atmos starts a local k3s sandbox off camera, installs declared Helm tooling, then deploys the release from the stack.

Helm, the platform way
Containers & Emulators

Build, run, and even emulate the cloud.

Containers and dev containers are workloads too. Spin up cloud emulators locally so your whole stack runs on your laptop — no account required to iterate.

  • Container components
  • Dev containers
  • EmulatorsNew

Develop against a local emulated cloud, then ship the identical config to prod.

A whole cloud on your laptop
Local = CI

Your laptop is the CI. CI is your laptop.

Same command, same auth, same secrets, same toolchain — whether you run it locally or in a pipeline. And Atmos is git-aware: it detects what changed and plans or applies only the affected components, so CI does exactly the work that changed — nothing more.

  • Git-aware affected detection
  • Apply only what changed
  • Reusable across repos
  • Zero-config CI

What works on your machine works in CI — without any additional GitHub Actions or messy bash scripts, because it is literally the same runtime.

atmos terraform apply --affected --ci
Secrets & Stores

Manage secrets without glue code.

Declare required secrets next to a component, initialize or rotate them through Atmos, and inject them into commands only when the component runs.

  • Declared secrets
  • Local and cloud stores
  • Masked reads
  • Runtime injection

Atmos initializes declared secrets, lists their status, rotates a value, and injects it into a component command without printing the secret.

Secrets without glue code
Developer experience

It tells you what to do next.

Forget a flag and Atmos asks which stack and which component you meant. Every command follows the same verb-noun grammar, so the CLI stays discoverable as your platform grows.

  • Interactive prompts
  • Guided selection
  • Consistent CLI
  • Tab completion

A consistent, discoverable CLI that guides you instead of fighting you.

Atmos asks what you meant
Extensible by design

Built by you, or your agents

Everything is pluggable — and your agents can use it the moment it exists. Atmos ships a catalog of agent skills and an MCP server, so any agent can install what it needs and drive your infrastructure directly.

Built for your agents

One runtime for everything you ship.

Free and open source. Run your first stack in minutes.