If you’re already using Infrahub, your infrastructure data is unified and clean, and you can easily push that data to downstream tools like Ansible, Nornir, or Terraform for execution. That works great when you’re the one running the automation.

But what happens when other teams need to trigger your scripts?

The network team writes solid Ansible playbooks but the server team needs to run them. You’ve got great Terraform modules but the security team needs to execute them for compliance checks.

Suddenly you’re either giving everyone access to your toolchain or becoming the bottleneck who runs everything manually.

That’s where adding Infrahub’s new integration with Kriten can help.

Instead of each team needing to know how to run your specific tools or manage credentials, Kriten turns your automation into simple API endpoints that anyone can call with proper permissions.

The integration creates a complete pipeline: Infrahub manages your data and generates configs, then Kriten makes that automation accessible across teams with built-in security and audit trails.

Here’s how it works and what it could mean for making your current automation more collaborative.

Kriten: Turning your scripts into secure APIs

Kriten is an API-first automation engine that transforms your containerized scripts into secure, reusable REST API endpoints. Open source and Kubernetes-native, it helps you run automation tasks reliably and at scale without needing to build or maintain custom execution layers.

The platform operates on three simple building blocks:

• Runners define a Git repository and container image used to package and run your automation code, including all required libraries and dependencies.
• Tasks specify the command to run, input schema (OpenAPI), and optional secrets. They map to a runner and control how jobs are executed, including synchronous or asynchronous behavior.
• Jobs trigger execution of a task with user-provided input and run as Kubernetes workloads with parameters passed as environment variables.

What makes Kriten especially powerful is its language-agnostic approach: any script, in any language, becomes an API endpoint. Combined with granular RBAC and secrets management, it creates a secure foundation for automation across infrastructure domains.

Kriten supports both synchronous and asynchronous execution, meaning you can use it for real-time API calls or long-running infrastructure jobs. It auto-generates OpenAPI schemas for your tasks, allowing for input validation, integrates with enterprise auth (including Active Directory), and offers full audit logging.

Infrahub: Your infrastructure data foundation

Infrahub is a data management platform purpose-built to store infrastructure data and relationships.

On the backend, it uses a graph database so you can define your infrastructure components—devices, services, networks, environments—in a completely customizable schema.

Infrahub’s Git-like version control supports CI/CD integrations, branching, merging, and validation workflows, just like a code repository but for infrastructure data.

More importantly, Infrahub can generate configuration artifacts in various formats (e.g., Terraform, Kubernetes manifests, YAML/JSON, Ansible inventories) using Python or Jinja2 templates.

In the Infrahub + Kriten integration, Infrahub acts as the data producer. It holds the infrastructure data and transforms it into validated artifacts ready for deployment.

How the Infrahub + Kriten integration works

The integration between Infrahub and Kriten forms an event-driven pipeline:

Infrahub (Modeling + Artifact Generation) → Webhook/API → Kriten (Execution) → Target Infrastructure

Here’s the flow:

1. Infrahub stores infrastructure data and generates artifacts using templates and transforms.
2. When a relevant change occurs (e.g., updated device config or merged branch), Infrahub triggers a webhook.
3. Kriten receives the webhook, validates inputs using OpenAPI schemas, and spins up a job to execute the desired script or tool using the provided artifacts.
4. Results are returned via REST APIs, and logs are recorded for audit purposes.

Service-to-service calls are authenticated using shared secrets with SHA256 signatures, and both platforms use RBAC, secrets management, and enterprise SSO integrations to enforce policy and governance.

Technical workflow details

On the Infrahub side, artifact generation follows a structured process:

• Data extraction: Relevant objects and relationships are pulled from the graph database.
• Template processing: Data is turned into deployment artifacts using Python scripts or Jinja2 templates.
• Validation: Following CI/CD steps, artifacts are validated against rules or schemas.
• Versioning: Artifacts are version-controlled and tied to data snapshots using Git-like branching.

On the Kriten side, execution involves:

• Task definition: Automation logic is wrapped in a container image and registered as a task with a runner.
• Input validation: Infrahub payloads are validated using automatically generated OpenAPI schemas.
• Job creation: A Kubernetes job runs the task using the artifacts and inputs.
• Result handling: Output (typically JSON via stdout) is captured and accessible through an API or UI.

This clear separation between data modeling and task execution simplifies troubleshooting and auditing.

Real-world use cases for the Infrahub + Kriten integration

Here are a few scenarios where the Infrahub + Kriten pairing shines:

Configuring network devices at scale

Store device metadata and config templates in Infrahub, then use Kriten to execute Ansible playbooks that push configs across network segments. Updates can be peer-reviewed and tested in Infrahub before any action is taken. Different teams can trigger the same network automation without needing to understand Ansible or manage credentials.

Provisioning multi-cloud infrastructure

Define cloud infrastructure in a vendor-neutral format in Infrahub. On approval, trigger Kriten tasks that run Terraform modules specific to AWS, Azure, or GCP. This allows you to centralize policy while decentralizing execution. The platform team maintains the Terraform code but project teams can provision resources through simple API calls.

GitOps for infrastructure

Use pull requests in Infrahub to propose infrastructure changes. Merge events can trigger CI validation and eventually invoke Kriten for deployment. RBAC on both sides ensures changes are reviewed and only authorized users can execute deployments. This creates a full audit trail from proposal to production.

Explore a code example

In the Kriten community toolkit, you’ll find example code for using Kriten to push data from Infrahub into Nornir for execution.

Benefits of the Infrahub + Kriten integration

Bringing Infrahub and Kriten together solves a real operational challenge: making your infrastructure automation accessible across teams without compromising security or control.

Key benefits of the integration include:

• Separation of concerns: Infrahub models what, Kriten handles how.
• Cross-domain automation: Automates across network, server, storage, and cloud without duplicating logic or requiring each team to become experts in every tool.
• Enterprise-ready security: Fine-grained RBAC, audit trails, and secure auth mean you can share automation safely.
• Horizontal scaling: Kriten’s Kubernetes-native supports large-scale execution without you having to worry about infrastructure.
• Unified governance: You can track changes from data to deployment, making compliance and troubleshooting much easier.

In short, integrating Kriten with Infrahub gives you a robust pipeline that turns infrastructure data modeling into actionable automation that teams can actually use, without sacrificing control, security, or scalability.

It’s a powerful foundation for modern DevOps, whether you’re automating networks, deploying cloud resources, or enforcing GitOps workflows across organizational boundaries.

Free open-source installs:

• Get Infrahub
• Get Kriten