Below table provides a high level overview of various IaC capabilities and their support by a given provider.

tacos-comparison.md

Capability/Tool	terraform Cloud	terraform Enterprise	Scalr	Env0	Spacelift
Compliance	ISO 27001, SOC 2	ISO 27001, SOC 2	SOC 2 Type I	SOC 2	ISO 27001, SOC 2 Type II
GitLab Integration	✅	✅	✅	✅	✅
Hosting	SaaS	SaaS, On-Prem	SaaS, On-Prem	SaaS	SaaS
Policy as Code	Sentinel, OPA	Sentinel, OPA	OPA	OPA	OPA
Pricing Model	RUM-based (Resources)	RUM-based (Resources)	Usage-based (SaaS), Per workspace (on-prem)	Per environment per day	Per capabilities and workers
Private Agents	✅	✅	✅	✅	✅
Private Module Registry	✅	✅	✅	✅	✅
RBAC	✅	✅	✔️ - hierarchical + custom roles	✔️ - hierarchical	✔️ - also extensible with policies
Remote operations CLI	✅	✅	✅	✅ (@env0/cli)	✅
Remote operations VCS/GitOps	✅	✅	✅	✅	✅
SLA	99.9% for higher tiers	99.9%	99.9% for all paid plans	❓	Bronze/Silver/Gold tiers
SSO	✅ - only in high paid tiers	✅	✅ - available on all plans	✅ - from first paid tier ($49/day)	✅ - OIDC (Free), SAML (Enterprise)
Secrets Management	Internal	Vault integrated	Internal, AWS, GCP, Azure	Internal, AWS, GCP, Azure (with self-hosted agents)	Internal, also file based
Short lived environments support	❌	❌	✅ (via run scheduler)	✅	✅
State Management	✅	✅	✅	✔️ - only hidden state	✅ - also external
terraform Provider	✅	✅	✅	✅	✅
Webhooks	✅	✅	✅	✅	✅
Reporting	✅	✅	✅ - runs queue	✅	✅
Cloud Account Management	Via AWS AFT integration	Via AWS AFT integration	Provider configurations	Cloud credentials management	Spaces + Cloud integrations

Hi @Piotr1215,
Thanks a lot for the detailed review of all the TACOS out there, it's very helpful, I really enjoyed reading it as well.
As the CTO and co-founder of env0, I would like to make a few comments about some items in this table:

1. We do have a private module registry
2. We do have an env0 CLI for remote operations
3. SSO - we, and also Scalr, has SSO integration from the first payed tier which starts at 100$ per month (Scalr starts from 149$ per month), so I don't think it should count as a high paid tier.
4. For secret management, with the Self hosted agents we offer build in support for AWS Secret manager, GCP secret manager and Azure Key vault - You can read more here
5. Short lived environments support - I think you mistakenly put the ✅ on Spacelift instead of env0.

Hope it makes sense.
Again, I want to thank you for this table and the great TACOS blog post you've written.

🙏

Hi @omry-hay
Thank you for reaching out and reading my blog, I'm happy you liked it.
As with all the reviews, it's outdated the moment it's released ;). I have added/changed the details based on your comment.

Keep on rocking
👋

Hi @Piotr1215,

A lot of things happened at Scalr in the last 6 months! Below are a few suggestion that may help the comparison table to stay accurate and up to date for Scalr:

• Compliance: we are now SOC2 Type I compliant
• Pricing model: usage-based on SaaS, per workspace for on-prem
• RBAC: hierarchical + custom roles
• SLA: 99.9% for all paid plans
• SSO: available on all plans (including Free)
• Secrets management: [Internal, AWS, GCP, Azure] (https://docs.scalr.com/en/latest/provider_configuration.html#configuration-types)
• Short-lived environments support: it is possible to create short-lived environments using the run scheduler
• A Reporting capability could be added to the table: our runs queue feature lets you visualize the status of your Terraform runs across workspaces and has gained at lot of traction across our user base.

Thank you very much for the effort you put in this, and don't hesitate to reach out if you have any additional comments!

Disclaimer: I'm a Scalr employee

Hi @Piotr1215 ,
You should update the table, Terraform Cloud do supports OPA (It is still a beta but works)

https://www.hashicorp.com/resources/demo-enforcing-opa-policies-in-terraform-cloud

This has been updated as of June 2025