---
title: "Terraform Cloud Integration Overview"
description: "How the Nirmata Control Hub Terraform Cloud Run Task integration works — key components and data flow."
diataxis: explanation
applies_to:
  product: "nirmata-control-hub"
audience: ["platform-engineer","admin"]
last_updated: 2026-04-16
url: https://docs.nirmata.io/docs/control-hub/settings/integrations/terraformintegration/overview/
---


> **Applies to:** Nirmata Control Hub 4.0 and later

When a Terraform run reaches the **Plan** stage, **Terraform Cloud** triggers a webhook to the **Nirmata Terraform Service**.
This service evaluates the Terraform plan using **NCTL** (Nirmata CLI) and policy sets managed within Nirmata Control Hub.
The results are returned to TFC as pass/fail compliance checks.

## Key Components

| Component | Description |
|------------|-------------|
| **Nirmata Control Hub Webapp & API** | Manages integrations, authentication keys, and displays scan results. |
| **Terraform Service** | Receives webhooks, fetches policy sets, and invokes NCTL scans. |
| **NCTL** | CLI tool that evaluates Terraform plans against Nirmata and Kyverno policy sets. |
| **TFC Run Task** | Executes during Terraform plan runs and triggers compliance scans. |

## Architecture

```text
flowchart TD
    A[TFC Run Task Triggered] --> B[Nirmata Terraform Service (Webhook)]
    B --> C[Policy Fetch (from Nirmata Control Hub / Git)]
    C --> D[NCTL Policy Scan]
    D --> E[Results sent to Terraform Cloud & Nirmata Control Hub]
```

**Flow Summary:**
`Terraform Cloud Run → Webhook (Terraform Service) → Policy Fetch (Nirmata Control Hub/Git) → NCTL Scan → Results → TFC/Nirmata Control Hub`

**Key Notes:**
- Run data, credentials, and findings are securely stored in Nirmata for **auditability**.
- **Observability** is available through integrated logs, metrics, and traces.

## Next Steps

To configure this integration, see [Terraform Cloud Run Task Integration](./) for step-by-step instructions.