I'm Not a Developer, and I Went to Fleet's GitOps Event
By Nick Huang, Growth Advisor at Treeline
There's a difference between knowing what something does and understanding how it actually works, and that difference can show up the moment you're sitting across from someone technical. I'm on the sales team at Treeline, which means I spend my days talking to founders and leadership teams about their IT infrastructure, security, and compliance. For a while I'd been wanting a much deeper, practical understanding of the technical aspects of what I discuss daily.
So when the opportunity came up to take part in Fleet's four-hour GitOps workshop I gladly took it. The environment was collaborative and the Fleet team was genuinely welcoming, which made the experience not only informative but enjoyable. I'll be honest, going in I knew GitOps involved coding but not much else about how it worked under the hood. I walked away with a much clearer understanding that I could confidently bring to the conversations I'm having every day.
Who Is GitOps For?
Most GitOps explainers are written for engineers. This one isn’t. If you're looking for a plain-language explanation from someone on the business side, or are just curious to know more, this is for you. No technical background required. (Already deep in the details? Fleet's own documentation is probably a better starting point).
So What Is GitOps?
Every company has devices, laptops, servers, phones, and someone has to decide what software lives on them, what they're allowed to do, and who has access to what. The traditional way to manage employee laptops and devices is hands-on. Someone physically or remotely goes into each device, sets it up the way it needs to be, and then moves on to the next one. When a policy changes, someone goes back and updates each device again. Think about something as common as making sure every work laptop is running the same operating system version, since one outdated device can be all it takes for a security breach. It works when you have ten employees but starts breaking down when you have fifty or more.
GitOps solves that by treating your device configurations like software code. Think of it as a blueprint that tells your devices exactly how to behave and what boundaries to follow. Instead of configuring things on the fly, you write down the rules once in a central file, and the system automatically ensures every laptop or server matches that standard, all the time. You define it once and everything enforces itself; this is the intuitive way many of us non-technical people might assume automated device management has worked all along.
What We Built and Covered
The Fleet workshop was hands-on from the start, which made the abstract concepts concrete quickly. We worked through setting up a real GitOps workflow using GitHub Actions as the engine that connects your configuration file to your actual devices. In plain terms, when someone updates the policy file, GitHub Actions automatically pushes those changes out to Fleet, which pushes them out to every device. Changing a security policy across your entire company becomes a file update, with no one manually touching each device and no lag between when a decision gets made and when it takes effect.
We also touched on Apple's declarative device management, aka DDM, which is worth understanding as context. Before DDM, device management was reactive, meaning the server constantly had to check in with each device to make sure it was still configured correctly. DDM flipped that model so the device itself becomes responsible for maintaining its own state. You define what a device should look like, and the device makes sure it stays that way without waiting to be told. GitOps builds on that idea by adding version control, so every change is tracked, auditable, and automatic.
The workshop worked toward Fleet's GitOps certification, walking through the full workflow setup from the beginning. By the end we had configured device profiles, wired up the GitHub Actions workflow, and tested that changes actually applied correctly across devices.
What the Workshop Made Clear
I haven't personally managed devices the old way, but sitting in that workshop made me realize how painful it must have been. If IT teams used to configure every device manually, the amount of manual work must have been enormous, and that's before accounting for human error. The logic behind it clicked pretty quickly.
What also became clear is that the execution layer, setting up the YAML files (the files that tell each device what to do and how to behave), connecting GitHub Actions, getting the workflow running correctly, requires a real technical perspective. It's not something you'd want to figure out on the fly, but once it's configured correctly, it largely runs itself from there.
What It Actually Means for a Growing Company
If your company is growing quickly, managing devices across a distributed or remote team, or working toward compliance requirements like SOC 2, this is worth understanding sooner rather than later. With manual device management, you're essentially hoping everything is configured correctly rather than knowing it is, and at a certain point that's not a risk worth taking.
GitOps gives your security and compliance policies the same treatment you'd give software code. You build the template once and it rolls out and enforces itself across every device automatically, with different configurations for different roles. A finance employee's laptop can be locked down differently than a developer's, without anyone manually making those changes. Fleet is what makes that possible in practice, and if a laptop falls out of compliance or misses a critical security patch, the system catches it instantly rather than waiting for someone to notice. For companies working toward device compliance for SOC 2, device management is one of the first areas auditors examine, and having a system that enforces and documents compliance automatically makes that process significantly easier to navigate.
For a business, that brings two advantages. First, your IT team stops spending hundreds of hours on employee device management. Second, you get continuous, audit-ready compliance and security without the ongoing overhead, which is exactly what matters most for a growing company trying to stay secure.
That was my take on the practical side of it. Personally, Fleet's GitOps workshop took my understanding of how device management actually works to a different level, and it's made my conversations with growing companies even more authentic and informed.
If you want to talk through any of this, book a call or find me on LinkedIn.
GitOps FAQs: Things I Didn't Think to Ask Until Now
What is GitOps? GitOps is a way of managing IT infrastructure using the same principles developers use to manage code. You define the desired state of your systems in a central file and an automated process makes sure everything stays in line with that file continuously.
What is GitOps for device management? GitOps for device management means applying that same approach to the laptops, servers, and devices your team uses every day. Instead of someone manually configuring each device one by one, you define the rules once and the system enforces them automatically across every device, every time.
What is Fleet MDM? Fleet is an open-source device management platform built around GitOps principles. Unlike most device management tools, the code is fully open, meaning anyone can see exactly how it works under the hood. It gives IT teams visibility and control over every device through a centralized, code-based system.
What is DevOps? DevOps is a way of working that helps companies build and run their technology faster and with fewer errors. You know how your banking app gets updates without ever going down? That's DevOps at work. GitOps takes that same approach and applies it specifically to how you manage the devices and systems your team uses every day.
What is the difference between GitOps and DevOps? DevOps is the philosophy of breaking down silos and moving faster. GitOps is a specific method of doing that, using Git as the single source of truth for managing infrastructure and configurations.
What is declarative device management? Declarative device management, introduced by Apple in 2021, is an approach where you define the desired state of a device and the device itself maintains that state automatically rather than waiting for a server to send instructions. It currently applies to Apple devices running iOS 15, iPadOS 15, macOS 13, and later. For Windows and Linux devices, a similar outcome can be achieved through GitOps-based tools like Fleet.
What is configuration as code? Configuration as code is a widely used industry practice for managing IT policies and device security the same way developers manage software: by writing them into a file that can be version-controlled, tracked, and automatically applied across every device in your company. Fleet is one of the tools that puts this approach into practice for device management
Do I need GitOps if I'm not a tech company? If you're growing, handling sensitive data, or working toward compliance like SOC 2, then yes. The underlying principles matter regardless of industry. The advantages of GitOps extend to any environment where you want audit control and the ability to track or roll back device changes, which is increasingly every organization.
How does Fleet use GitHub Actions? GitHub Actions is the automation layer that applies configuration changes to Fleet. When you update your device policies in the central file, Actions automatically pushes those changes out to your devices with no manual steps required.


