https://github.com/atensecurity/pulumi-thoth
Official Pulumi provider for Thoth headless control-plane workflows
https://github.com/atensecurity/pulumi-thoth
gitops provider pulumi security thoth
Last synced: about 2 months ago
JSON representation
Official Pulumi provider for Thoth headless control-plane workflows
- Host: GitHub
- URL: https://github.com/atensecurity/pulumi-thoth
- Owner: atensecurity
- License: apache-2.0
- Created: 2026-04-23T00:21:43.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2026-05-02T20:30:21.000Z (about 2 months ago)
- Last Synced: 2026-05-02T20:31:02.927Z (about 2 months ago)
- Topics: gitops, provider, pulumi, security, thoth
- Language: Go
- Homepage: https://docs.atensecurity.com/docs/pulumi-provider/
- Size: 85.9 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# pulumi-thoth
Official Pulumi provider for Aten Security Thoth headless AI Governance Control Plane.
- Pulumi Registry package: `thoth`
- Terraform upstream: `atensecurity/terraform-provider-thoth`
- Source repository: `github.com/atensecurity/pulumi-thoth`
- Aten Security docs: https://docs.atensecurity.com/docs/pulumi-provider/
## Capabilities
The provider exposes Thoth control-plane resources for:
- Tenant governance settings
- Browser providers, policies, and enrollments
- MDM providers and sync operations
- API key management
- Policy sync, approvals, pack assignment, webhook tests, evidence backfill triggers,
decision-field backfills, and decision-evidence SLO reads
Runtime evidence-chain export is surfaced by GovAPI/CLI endpoints:
- `GET /:tenant-id/thoth/evidence/chain`
- `GET /:tenant-id/thoth/sessions/:sessionId/evidence-bundle`
- `thothctl evidence chain --tenant-id --json`
## Configuration
Provider inputs mirror Terraform provider behavior:
- `tenantId` (required)
- `adminBearerToken` or `adminBearerTokenFile`
- `apexDomain` (defaults to `atensecurity.com`)
- `apiBaseUrl` (optional override; derived from tenant when omitted)
When `apiBaseUrl` is omitted, endpoint is derived as:
`https://grid..`
## Local development
```bash
cd platform/public/pulumi-thoth
make tfgen
make schema
make build
make test
```
## Examples
- Node.js: `examples/nodejs`
- Python: `examples/python`
## Release
Releases are published from signed tags via `.github/workflows/release.yml`
and `.goreleaser.yml`.