Skip to main content
Monk needs a personal access token to provision and manage infrastructure in your DigitalOcean account. This is the simplest credential setup of all four cloud providers.

What You Need

  • Personal Access Token (API token)
  • Optional: default region (e.g., nyc1)

Create Credentials

1

Open the API page

Log into DigitalOcean → API → Tokens.
2

Generate a token

Click Generate New Token. Name it something like monk-deployment. Check both Read and Write scopes.
3

Copy the token

Copy the token immediately — it is shown only once.
4

Provide to Monk

When you deploy to DigitalOcean, Monk requests the token through a secure form in your IDE. You can also tell your agent:
ask Monk to update my DigitalOcean credentials

Required Permissions

The token needs both Read and Write scopes. DigitalOcean tokens are all-or-nothing — there is no fine-grained permission model like AWS IAM.

How Credentials Are Stored

Credentials are encrypted at rest in your IDE’s secret storage and on your Monk cluster using your cloud provider’s KMS — so your infrastructure can manage itself autonomously. They are never sent to Monk servers and never exposed to the LLM. See Security for full details.

Troubleshooting

Token revoked — generate a new token on the API page and update credentials in Monk. Insufficient scopes — make sure the token has both Read and Write. Read-only tokens cannot provision infrastructure. Ask your agent for help: 
ask Monk why my DigitalOcean credentials are not working

Deploy your first app

Credentials ready — now deploy