How it works

Let’s understand how Humanitec’s products integrate with the tech and tools you have today, how to configure them, how they work and what interfaces they provide.

How it integrates

Score sits next to your workload source code in your version control system. The Orchestrator receives build notifications from your CI pipeline with every deployment through a curl command at the last step of the build pipeline. The integration to the providers and resources is done through Drivers. Integrations with dedicated CD systems are coming soon. The Orchestrator is designed as “API first”. The API can be used to integrate with developer portals, service catalogs or value stream management systems.

The Orchestrator can connect to your network directly or by using bastion hosts or IP whitelisting. An in-cluster operator for full GitOps support is in beta (contact us for early access). It is possible to run Humanitec in your network (contact us for support).

How it’s configured

There are four key configurations that need to happen for your current setup to be able to utilize Humanitec’s products (does not include advanced RBAC settings, deployment automation rules, web-hooks etc.):

Product Category Details
Score Prep your workloads for Score Convert your current app configs to Score
Platform Orchestrator Set your workload profiles Workload profiles are baseline configs the Platform Orchestrator uses to create app-configs from. In most cases, the default workload profile provided by default is sufficient.
Score Register existing resources, configure how to create new ones. Drivers allow you to register existing resources that are managed individually, or create and manage new resources. Drivers can do this by directly calling cloud APIs or by working in tandem with any IAC.
Platform Orchestrator Set resource definitions Resource definitions tell the Platform Orchestrator how to resolve the abstract request from the workload specification (Score, for instance) to the correct Driver. This configuration can be done through the UI, API or the Terraform Provider (in beta).

How it works

  1. Developers describe what their workloads need in an abstract way. They do this using a workload specification such as Score, the Deployment Set and Delta functionality in the Orchestrator API or the Orchestrator UI. This “description” needs to happen once (at the creation time of the workload) but can be altered to add or remove dependencies from the workload. There is much more capability to make delivery easy for application developers. The introduction for users section provides more detail.
  2. With every deployment, the Platform Orchestrator generates app and, if necessary, infrastructure configurations and deploys them. Read the next section to understand how this works in detail.
  3. Drivers create or update infrastructure resources.

Following a deployment from git push to running

To understand the functionality and the interplay of all components in detail, it’s helpful to follow a deployment from the git-push to the running application. Here is an example of what happens in detail when you deploy a sample workload with a PostgreSQL database in production to AWS using Score, the Platform Orchestrator and Drivers.

Stage Step Tool involved Description
Auth git-push Any CI pipeline The CI receives the push notification from the Version Control System.
Build Build & push container Any CI pipeline CI builds the container and pushes the image to the registry and the build notification + metadata to the Platform Orchestrator
Score conversion Convert Score to Deployment Set Any CI Pipeline, any image registry The CI pipeline runs score-humanitec and converts the raw Score file into a deployment delta that can be interpreted by the Platform Orchestrator.
Deployment Read Phase Platform Orchestrator The Orchestrator interprets the changes to the deployment set (from the Score file) and determines necessary changes to infrastructure. In our example, it would detect that the workload depends on a DB of type PostgreSQL.
Deployment Match Phase Platform Orchestrator Based on the tag or other meta-data provided by the CI pipeline, the Orchestrator matches the correct resource definitions and workload profiles. In our example, the matching criteria would be “an environment of type production”. The resource definition for PostgreSQL for production environments would be matched.
Deployment Create Phase Platform Orchestrator, Drivers, Secrets Manager Based on the matching, the Orchestrator creates app-configs and executes the correct drivers. Once the resources are in the correct state, it injects credentials through secrets at run-time. In our example, the Driver would fetch the credentials for an existing production instance of PostgreSQL
Deployment Deployment phase Platform Orchestrator or any dedicated CD system (coming soon). The Orchestrator deploys all changes or hands over to a dedicated CD system (coming soon) for GitOps based workflows.
Notification, logs and messages Post-deployment Platform Orchestrator, Orchestrator UI The Orchestrator surfaces notifications through the UI or at request per the API. It streams logs and if applicable, error messages to the UI.


Humanitec offers an array of different interfaces to cater to:

  • different use-cases
  • different user-preferences
Product Interface Functionality coverage Common use-case
Score Code Complete Describing workloads and dependencies in an env agnostic way.
Platform Orchestrator API Complete Deployment Sets and Deltas, Deployment Diffs, Resource definitions and matching, Automation, Integrations and more.
Platform Orchestrator Terraform Provider (beta) Medium Most of the functionality of the API.
Platform Orchestrator CLI Most Deploying, rolling back, Debugging, Deployment Diffs, Automation, Spinning up environments and more.
Platform Orchestrator UI Most Debugging, Errors, Deployment Diffs, Roll-back, Visualization of what’s running where, spin up a new environment, add a workload or resource, work with environment variables, resource management.
Drivers Code Complete Drivers are available as code only.
Portal/Service Catalog UI Build yourself Some teams build portals and custom UIs against the Platform Orchestrator API. If you are using Backstage, the community plugin is a good starting point (not officially supported).