ceven

Northflank

Automates the deployment and lifecycle of your cloud workloads, manages secret rotation across projects, and syncs infrastructure state with your project management tools.

Try Northflank in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Northflank integration

    • Describe the outcome and Ceven picks the right Northflank calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Northflank data, across all 20 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Northflank access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Northflank, when, and on whose behalf.
    • The agent pauses and asks when Northflank is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Northflank.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Northflank action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Northflank, and when to use it.

Create or Update Project
Use this to ensure a project exists with a specific configuration regardless of whether it was already created.
Create Secret
Store encrypted environment variables that services and jobs can inherit at runtime.
Delete Project
Permanently remove a project including all builds, deployments, jobs, and addons.
Get DNS ID
Pull the DNS identifier for the account to generate entries for services and domains.
Get Project
Pull detailed project configuration, region, and networking settings by project ID.
Get Secret
Retrieve the actual secret values and metadata for a specific secret group.
List Addon Types
Pull a list of supported addon types and their features to determine what to provision.
List Node Types
Pull supported cloud provider node types across AWS, GCP, Azure, Civo, and Oracle Cloud.
List Regions
Pull available geographic regions for deploying projects and resources.
List Pipelines
Pull all pipelines configured in a specific project to check deployment status.
List Projects
Pull all projects in the team with pagination support for large organizations.
List Services
Pull all services belonging to a project to audit resource usage.
Patch Secret
Modify specific properties of an existing secret group without sending all fields.
Update Project
Change project settings such as description, color, or advanced networking configuration.
Update Secret
Modify existing secret variables or add new variables to a secret group.
List Secrets
Pull all secret groups configured in a project using cursor based pagination.
Create or Update Secret
Tool to create or update a secret group in a Northflank project. Use when you need to store encrypted runtime variables or build arguments that can be inherited by services and jobs.
Create Project
Tool to create a new project in Northflank. Use when you need to set up a new project with specific ID, name, region, and configuration.
Get Secret Details
Tool to view a secret with details about its linked addons from a Northflank project. Use when you need to understand addon dependencies and detailed metadata for a specific secret.
List Cloud Provider Node Types
Tool to retrieve supported cloud provider node types available on Northflank. Use when you need to see available node types across various cloud providers including AWS, GCP, Azure, Civo, Oracle Cloud, and CoreWeave.
List Cloud Provider Regions
Tool to retrieve supported cloud provider regions available on Northflank. Use when you need to see available regions across various cloud providers including AWS, GCP, Azure, Civo, Oracle Cloud, and CoreWeave.
List Plans
Tool to retrieve available billing/resource plans in Northflank. Use when you need to see available plan options and their specifications.

22 actions · scroll to see them all

Frequently asked questions

Ceven interacts with Northflank secrets using the official API which ensures that sensitive values are encrypted at rest. When the agent creates or updates a secret, it passes the values over a secure TLS connection directly to Northflank. The agent does not log the actual values of secrets in its internal workflow history. If you use a read action to get a secret, the value is held in volatile memory only for the duration of that specific step to perform the required task and is then purged. You can further restrict access by using Northflank team permissions to limit which API tokens the agent uses.
Yes. Ceven leverages the Northflank abstraction layer to manage workloads across multiple providers. By using the list cloud provider node types and list regions actions, the agent can determine the best location for your workload. Whether you need to deploy to AWS, GCP, Azure, Civo, or Oracle Cloud, the agent simply specifies the provider ID and region during the project or service creation process. This allows you to build multi cloud failover strategies where Ceven can automatically shift workloads between providers if a specific region experiences an outage.
If a delete project call fails, Ceven enters a retry loop with exponential backoff to handle transient API errors. If the failure persists, the agent flags the project as a zombie resource in your tracking system and alerts the team via Slack or email. Because Northflank deletions are permanent and remove all associated addons and builds, the agent performs a pre check to ensure no critical production services are linked to the project ID before executing the final delete command. This prevents accidental data loss during automated cleanup workflows.
Yes. For accounts with hundreds of projects or secrets, Ceven uses cursor based pagination. When the agent calls list projects or list secrets, it checks for the presence of a next page token in the response. The agent will automatically iterate through every page of results to ensure the full dataset is captured before processing the logic. This ensures that your audits or cleanup scripts do not miss resources simply because they were on the second or third page of the API response, providing a complete view of your infrastructure.
Yes. Northflank enforces rate limits on its API to ensure platform stability. If Ceven triggers a massive burst of requests, such as updating secrets across fifty projects at once, you may encounter 429 Too Many Requests errors. Ceven handles this by implementing a request queue and respecting the retry after headers provided by Northflank. Additionally, some advanced networking features or specific node types are gated behind Northflank billing plans. If the agent attempts to provision a resource that your current plan does not support, Northflank returns a permission error which Ceven reports back as a plan limitation.
Ceven can manage the lifecycle of Northflank addons by using the list addon types and secret management tools. While the agent focuses on the project and service level, it can provision a database addon and then immediately pull the connection strings from the resulting secret group to inject them into a service. This allows for a fully automated setup where a new project is created, a PostgreSQL addon is added, and the application service is deployed with the correct credentials already configured in its environment variables.
Ceven uses a combination of patch and update actions to modify projects. For minor changes like updating a project description or changing a project color, the agent uses the patch secret or update project tools to avoid overwriting other configurations. For structural changes, such as moving a project to a different region or changing networking rules, the agent performs a read first to capture the current state, calculates the delta, and then pushes the update. This state aware approach prevents the agent from accidentally resetting critical settings to default values.
Absolutely. While Northflank has built in Git integrations, Ceven adds a layer of logic on top. For example, you can set up a workflow where a specific Git tag triggers a project update in Northflank to change the resource plan for a production release. The agent can coordinate the timing so that the Northflank project is scaled up before the deployment pipeline starts and scaled back down after the smoke tests pass, optimizing your cloud spend while ensuring performance during high load events.

Alternatives to Northflank

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Railway logoRailwayRender logoRenderFly.io logoFly.ioHeroku logoHeroku

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Northflank and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free