Use Case

Enterprise security with SaaS convenience

You need the ease of a managed platform but your security requirements prohibit sending cloud credentials to a third party. Fully self-hosted solutions require managing the entire control plane yourself.

Planton splits orchestration (SaaS) from execution (your cloud). Runner executes IaC and operations in your VPC with your cloud provider's native IAM. The control plane never touches your credentials.

How the split architecture works

Orchestration in the cloud, execution in your boundary.

1

Control Plane (SaaS)

Console UI
API Gateway
Workflow Engine
State Management

2

Encrypted Tunnel

Outbound-only
Verified identity
Automatic rotation

3

Runner (Your Cloud)

IaC Execution
CI/CD Pipelines
Native IAM
Your Credentials

Security without compromise

Every layer designed for teams with strict security and compliance requirements.

Split Architecture

Control plane (SaaS) handles orchestration, UI, and workflow management. Runner (your cloud) handles execution with your credentials.

SaaS control plane manages state, scheduling, and user interface

Runner executes IaC, builds, and deployments inside your VPC

Clean boundary — orchestration logic and sensitive execution never share a runtime

Runner

Zero Credential Exposure

Runner uses IRSA, Workload Identity, or Managed Identity. No long-lived credentials cross the boundary between your cloud and the control plane.

Cloud-native identity federation — no static keys to rotate

Credentials resolved at execution time inside your cloud boundary

Control plane never sees, stores, or proxies your cloud credentials

Runner
Security

Encrypted Tunnel

Outbound-only connection from Runner to the control plane. No inbound firewall rules required. Cryptographic identity verification on every connection.

Runner initiates all connections — no open ports in your network

Encrypted end-to-end with verified identity on both sides

Automatic credential rotation and renewal

Runner

Compliance

Full audit trail, RBAC, and secrets encrypted at rest. Designed for organizations with strict security, data residency, and regulatory requirements.

Every operation logged with actor, timestamp, and resource context

Fine-grained, relationship-based access control

Data residency — execution happens in your cloud region of choice

Security

Planton Operator

For teams that need full self-hosting, the Planton Operator runs the entire platform on your Kubernetes cluster — no external dependencies.

Single Helm chart installs the complete Planton control plane

All data stays within your cluster and network boundary

Same API, same CLI, same console — just fully self-hosted

Planton Operator

Your cloud, your rules

Keep credentials in your boundary

Get the convenience of a managed platform with the security posture your organization requires. Start with the SaaS control plane or go fully self-hosted.

Connect with us:

Product

InfraHubServiceHubRunnerSecurityAgent FleetCLI

Explore

All ProductSolutionsTour

Open Source

OpenMCFInfra Charts

GET STARTED

Sign UpPricingBook a Demo

Resources

DocumentationTutorialsBlogChangelog
StatusPrivacyTerms

©2026 Planton Cloud Inc. All Rights Reserved.