Skip to main content
Monk needs an API token to provision and manage infrastructure in your Hetzner Cloud account. Like DigitalOcean, this is a simple token-based setup.

What You Need

  • Hetzner Cloud API Token
  • Optional: default region (e.g., eu-central)

Create Credentials

1

Open the Hetzner Cloud Console

Log into Hetzner Cloud Console and select the project you want Monk to manage.
2

Go to API Tokens

In the left sidebar, navigate to Security > API Tokens.
3

Generate a token

Click Generate API Token. Name it something like monk-deployment. Select Read & Write permissions.
4

Copy the token

Copy the token immediately — it is shown only once and cannot be retrieved later.
5

Provide to Monk

When you deploy to Hetzner, Monk requests the token through a secure form in your IDE. You can also tell your agent:
ask Monk to update my Hetzner credentials

Required Permissions

The token needs Read & Write permissions. Hetzner tokens are scoped to a single project — one token cannot access resources in other projects. There is no fine-grained permission model; Read & Write grants full access to all resources within the project.

How Credentials Are Stored

Credentials are encrypted at rest in your IDE’s secret storage and on your Monk cluster using your cloud provider’s KMS — so your infrastructure can manage itself autonomously. They are never sent to Monk servers and never exposed to the LLM. See Security for full details.

Troubleshooting

Token revoked — generate a new token from Security > API Tokens in the Hetzner Cloud Console and update credentials in Monk. Wrong project — Hetzner tokens are project-scoped. Make sure you generated the token in the correct project. Insufficient permissions — make sure the token has Read & Write. Read-only tokens cannot provision infrastructure. Ask your agent for help: 
ask Monk why my Hetzner credentials are not working

Deploy your first app

Credentials ready — now deploy