/stack

The tools we actually use

Every tool on this page we use in production with real clients. Each one has a reason. We do not add tools because they are new or because a vendor reached out.

CI/CD

Where we build, test, and deploy

>_
GitHub Actions

Most of our clients already use GitHub. Tight integration, good secrets management, reliable.

>_
GitLab CI

For clients on GitLab or who need self-hosted runners and more control over the executor environment.

>_
ArgoCD

GitOps delivery for Kubernetes. Declarative, auditable, and the right default for anything running on k8s.

>_
Tekton

When we need Kubernetes-native pipelines without a separate SaaS dependency.

Infrastructure as Code

How we provision and manage cloud resources

>_
Terraform

Default choice. Mature, wide provider support, and most engineers already know it.

>_
Terragrunt

For complex multi-environment Terraform setups where DRY matters.

>_
Pulumi

When clients want to write infrastructure in TypeScript or Python instead of HCL.

>_
Helm

Kubernetes package management. We write and maintain Helm charts for client services.

Kubernetes

Orchestration, scaling, and service mesh

>_
EKS

Our most common Kubernetes environment. AWS is where most of our clients run their workloads.

>_
GKE

Second most common. Autopilot mode reduces operational overhead for teams without dedicated DevOps.

>_
AKS

For clients on Azure, often due to existing Microsoft agreements or compliance requirements.

>_
Karpenter

Node autoscaling on EKS. Replaces Cluster Autoscaler for almost every new engagement.

>_
Istio

Service mesh for clients who need mTLS, fine-grained traffic control, or detailed telemetry between services.

Monitoring & Observability

What we use to know when something breaks

>_
Prometheus

Metrics collection. We deploy it via the kube-prometheus-stack Helm chart in almost every engagement.

>_
Grafana

Dashboards. Every client gets a base set of dashboards for cluster health, deployment frequency, and error rates.

>_
Loki

Log aggregation. Works well alongside Prometheus and Grafana, no separate log infrastructure to manage.

>_
OpenTelemetry

Distributed tracing instrumentation. Vendor-neutral so clients are not locked into a specific backend.

>_
PagerDuty

Alerting and on-call rotation. For clients who need 24/7 incident response.

Secrets Management

How we keep credentials out of code and out of repos

>_
HashiCorp Vault

The default for clients who need a full secrets management platform with dynamic credentials.

>_
External Secrets Operator

Syncs secrets from AWS Secrets Manager, GCP Secret Manager, or Vault into Kubernetes Secrets.

>_
AWS Secrets Manager

Simpler option for clients already deep in the AWS ecosystem who do not need Vault's complexity.

>_
Infisical

For smaller teams who want a Vault alternative without the operational overhead.

Cloud

Where we run everything

>_
AWS

Most common. We use EKS, RDS, S3, CloudFront, IAM, and the full standard stack.

>_
GCP

GKE, Cloud SQL, Cloud Run, BigQuery for data-heavy clients.

>_
Azure

For clients in regulated industries with Microsoft agreements or Azure AD requirements.

Compliance

Tools we use for ISO 27001, SOC2, and HIPAA work

>_
Drata

Compliance automation. Connects to your cloud and code repos to collect evidence automatically.

>_
Vanta

Alternative to Drata. Used when clients are already in the Vanta ecosystem.

>_
Trivy

Container and IaC vulnerability scanning. Runs in CI, catches issues before they reach production.

>_
Falco

Runtime security for Kubernetes. Detects anomalous behaviour at the container level.

Working with an existing stack?

We work with what you have. If you are already on a tool that is not on this list, we will use it. We only migrate when migration is genuinely the better option.

Book a free audit