Integrations
Integrations Overview
Connect cloud providers and Git accounts to enable infrastructure provisioning.
Integrations
The Integrations page manages connections to cloud providers (AWS, GCP, Azure) and Git providers (GitHub, GitLab, Bitbucket). All connections must be established before provisioning infrastructure.
How It Works
Integrations are displayed as cards organized by category:
| Category | Providers |
|---|---|
| Cloud Providers | AWS, GCP, Azure |
| Git Providers | GitHub, GitLab, Bitbucket |
Each card shows:
- Provider icon and name
- Connection status: Connected (green), Needs Reconnection (amber), or Not Connected
- Connected account identifier (AWS Account ID, GCP Project, GitHub username)
- Action button (Connect / Disconnect / Reconnect)
Connection Status
| Status | Meaning |
|---|---|
| Connected | Credentials valid and verified |
| Needs Reconnection | Git token expired, automatic refresh failed |
| Not Connected | No credentials on file |
| Coming Soon | Provider supported but not yet implemented |
Cloud Provider Connections
Cloud connections use the platform's zero-credential model — no static keys are stored. Each provider uses a federation mechanism:
AWS
Cross-Account IAM Role with External ID
GCP
Workload Identity Federation with OIDC
Azure
Federated Identity via Entra ID
After connecting, Trellis queues a CONNECTION_TEST job to verify the credentials and discover existing resources (VPCs, subnets, DNS zones). See Job Queue Pattern.
Git Provider Connections
Git connections use standard OAuth. See Git Providers for details.
Disconnecting
- Cloud providers: Removes the
cloud_identitiesrecord. Existing vines referencing that identity can no longer run jobs. - Git providers: Removes the
provider_tokensrecord and revokes the OAuth grant.