Below table provides a high level overview of various IaC capabilities and their support by a given provider.

Capability/Tool	terraform Cloud	terraform Enterprise	Scalr	Env0	Spacelift
Compliance	ISO 27001, SOC 2	ISO 27001, SOC 2	SOC 2 Type I	SOC 2	ISO 27001, SOC 2 Type II
GitLab Integration	✅	✅	✅	✅	✅
Hosting	SaaS	SaaS, On-Prem	SaaS, On-Prem	SaaS	SaaS
Policy as Code	Sentinel, OPA	Sentinel, OPA	OPA	OPA	OPA
Pricing Model	RUM-based (Resources)	RUM-based (Resources)	Usage-based (SaaS), Per workspace (on-prem)	Per environment per day	Per capabilities and workers
Private Agents	✅	✅	✅	✅	✅
Private Module Registry	✅	✅	✅	✅	✅
RBAC	✅	✅	✔️ - hierarchical + custom roles	✔️ - hierarchical	✔️ - also extensible with policies
Remote operations CLI	✅	✅	✅	✅ (@env0/cli)	✅
Remote operations VCS/GitOps	✅	✅	✅	✅	✅
SLA	99.9% for higher tiers	99.9%	99.9% for all paid plans	❓	Bronze/Silver/Gold tiers
SSO	✅ - only in high paid tiers	✅	✅ - available on all plans	✅ - from first paid tier ($49/day)	✅ - OIDC (Free), SAML (Enterprise)
Secrets Management	Internal	Vault integrated	Internal, AWS, GCP, Azure	Internal, AWS, GCP, Azure (with self-hosted agents)	Internal, also file based
Short lived environments support	❌	❌	✅ (via run scheduler)	✅	✅
State Management	✅	✅	✅	✔️ - only hidden state	✅ - also external
terraform Provider	✅	✅	✅	✅	✅
Webhooks	✅	✅	✅	✅	✅
Reporting	✅	✅	✅ - runs queue	✅	✅
Cloud Account Management	Via AWS AFT integration	Via AWS AFT integration	Provider configurations	Cloud credentials management	Spaces + Cloud integrations

Piotr1215/tacos-comparison.md