Cora logo
Product guide

Cora documentation

This guide walks through every feature currently available in Cora—from signing in with your organization account to uploading Terraform state, managing security controls, and collaborating with your team.

Getting started

Sign in with Google Workspace or GitHub. We block personal @gmail.com addresses so that only company-managed identities create organizations in Cora.

The first person from a domain or GitHub organization automatically creates an organization record. Future teammates who sign in with the same Google domain or GitHub org are routed to the same workspace set.

After authenticating you'll land on /home, the resource explorer. From the global navigation you can jump to Account, API tokens, or Billing.

Tip

Need to test sign-in flows? Use a secondary Google Workspace or GitHub org—Cora keeps organizations separated automatically.

Organizations & access

Every resource in Cora belongs to an organization that maps to your Google Workspace domain or GitHub organization. Uploads performed by signed-in users or API tokens are automatically tagged with the same organization, ensuring complete data isolation inside Neo4j.

  • Shared visibility

    Once an organization exists, any teammate from the same domain/org can view the same resources without extra configuration. Invite them by sharing the /login URL.

  • Workspace segregation

    Resources uploaded by other companies never intersect with yours. All API queries filter by your organization ID so graphs remain private.

Exploring resources in /home

The workspace is an interactive graph that visualizes Terraform-managed infrastructure. Use the search bar at the top to filter nodes, toggle relationship lines, and switch between layout modes tailored to networking, resource groupings, or workspace boundaries.

Key controls

  • Search by resource name, type, or workspace.
  • Toggle Networking, Resource Type, or Workspace layouts.
  • Filter by AWS resource types or show hidden infrastructure (IAM policies, ACM certs, etc.).
  • Control relationship visibility for Terraform dependencies versus inferred links.

Workspace picker

Open the filter drawer to jump between Terraform workspaces. The selection persists while you browse and updates the resource graph in real time. The same dropdown also lets you clear filters with a single click.

If your uploads include a proxy configuration, a “Proxy active” badge confirms Cora is receiving decrypted data from your edge service.

Workspaces & environments

Cora respects the workspace metadata embedded in Terraform state files, but you can override it per upload to organize environments (for example dev, staging, prod).

  • Set the X-Cora-Workspace header when calling the upload API.
  • Or include workspace in the JSON payload.
  • Or append ?workspace=<name> to the upload URL.
  • When no override is provided we fall back to the workspace recorded in the Terraform state file and finally a default workspace.

Uploading Terraform state

Use the POST /api/terraform-state endpoint to sync infrastructure graphs. You can authenticate with a signed-in session (for browser uploads) or an API token (recommended for CI/CD).

New: Terraform Enterprise-compatible backend

Prefer managing state through terraform init and terraform apply? Follow the remote backend guide to point Terraform CLI at Cora using organization-scoped tokens.

CLI example

curl -X POST https://cora.app/api/terraform-state \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'X-Cora-Workspace: my-workspace' \
  -d '@/path/to/state.json'

Swap in your deployed base URL, replace YOUR_TOKEN with an active API token, and point the payload at a Terraform state snapshot. The workspace header is optional but recommended for clarity.

Encryption-aware

If your account requires encryption, submit either a field-encrypted payload or tunnel uploads through your proxy. Plaintext uploads are rejected whenever the requirement is enabled in Account Settings.

Prefer sending tokens separately? Provide the API token with the X-Cora-Token header instead of Authorization—handy for tooling that cannot set bearer headers.

API tokens

Manage tokens from /tokens. Tokens inherit your organization context and let automation upload state without interactive sign-in.

Creating tokens

  • Choose a label to identify the pipeline or integration.
  • Select an expiration (1 hour up to 90 days, or never).
  • Copy the full token immediately after creation—the value is only shown once.

Using tokens

  • Pass the token via Authorization: Bearer <token> or X-Cora-Token.
  • View active tokens, last used time, and revoke access instantly from the same page.
  • Tokens are scoped to your organization—other tenants cannot access your resources even if they guess the identifier.

Account & security controls

Account overview

Visit /account to review resource totals, relationship counts, top resource types, and workspace distribution. It's helpful for auditing ingestion health across environments.

Security settings

Under /settings you can require encrypted uploads and provide a proxy base URL. Changes take effect immediately for new uploads.

Billing & subscriptions

Access /billing to choose a subscription plan powered by Billsby. Checkout opens in-place and automatically returns you to your account once complete.

The customer portal link is also available for updating payment methods or downloading invoices after subscribing.

Support

We're here to help. Email [email protected] for troubleshooting, security questions, or roadmap suggestions. For urgent production issues, include [URGENT] in the subject line to page the on-call engineer.