Introducing Substrate — AI-powered compute optimization and lifecycle managementLearn more

Environments

One workspace per team, project, or stage

Group your clusters, instances, secrets, IPs, and domains into Environments. Give each team the exact access they need — nothing more. Audit every change.

Start free View quickstart

Resource Grouping

Organize infrastructure the way your teams work

Production, staging, sandbox — or one Environment per customer, team, or cost center. Every cluster, instance, secret, elastic IP, and domain you provision lives inside an Environment, so you always know what belongs to what.

  • Clusters, instances, secrets, IPs, and domains in one view
  • Tag and search by Environment across your org
  • Lifecycle states: active, inactive, archived
  • Move resources between Environments without recreating them

production

8 resources · 4 members

Active

prod-eks-east

Cluster

Healthy

orders-rds-primary

Database

Healthy

api-worker-01

Instance

Running

api-worker-02

Instance

Running

203.0.113.42

Elastic IP

Attached

api.example.com

Domain

Active

stripe-live-key

Secret

In use

datadog-api-key

Secret

In use
Terminal

# Grant scoped access

$ substrate environments members add \

--environment production \

--email alex@example.com \

--role ENVIRONMENT_USER

Member added. Permissions inherited from role.

Scope: production environment only.

Scoped Permissions

Least-privilege without the YAML

Environment-level permissions override organization defaults so a developer can have full access to staging but read-only access to production. Roles are reusable across Environments and audited centrally.

  • Inherits org defaults, overrides per Environment
  • Built-in roles + custom role support
  • Permission level visible at a glance (global / org / environment)
  • Add or remove access without redeploys

Everything that lives in an Environment

Built for production-grade isolation

Resource grouping

One pane for every cluster, VM, database, secret, IP, and domain assigned to the Environment.

Member management

Add and remove members with email or account ID. No IAM JSON, no console diving.

Role-based access

Reuse built-in roles or create custom ones with the exact permission keys your team needs.

Full audit trail

Every member change, permission edit, and resource move is logged and queryable per Environment.

Per-stage isolation

Keep production credentials out of staging — by structure, not by convention or naming.

Lifecycle states

Active, inactive, or archived. Archive completed projects without losing history; restore when you need them.

Permission Visibility

See who has access — and why — at a glance

Every member's permission level shows whether their access is granted at the global, organization, or environment scope. No more guessing where a permission came from.

Member
Role
Permission level
Added

Alex Morgan

alex@example.com

ENVIRONMENT_USER
ENVIRONMENT
2 days ago

Priya Shah

priya@example.com

ORG_ADMIN
ORGANIZATION
3 weeks ago

Sam Okafor

sam@example.com

ENVIRONMENT_VIEWER
ENVIRONMENT
1 month ago

Jordan Reyes

jordan@example.com

GLOBAL_ADMIN
GLOBAL
6 months ago

Give every team its own Environment

Set up your first Environment in under a minute. No credit card required for the free tier.

Start free