Integrations
Hetzner Cloud
Configuring Hetzner Cloud integration
Tidal Control's Hetzner Cloud integration monitors your cloud infrastructure's security configuration for compliance purposes. All access is read-only — Tidal Control never creates, modifies, or deletes anything in your Hetzner project.
What this integration monitors:
- Servers: Configuration and exposure of cloud servers
- Firewalls: Rules and applied resources
- Networks: Private network configuration
- Load balancers: Services and TLS configuration
- Certificates: Managed certificates and expiry
- Volumes: Block storage configuration
- Floating & Primary IPs: Public IP assignments
- DNS zones: Zone configuration
- SSH keys: Registered public keys
- Images: Snapshots and backups
Requirements:
- Super User role in Tidal Control
- A Hetzner Cloud project with permission to create API tokens
Configuration step-by-step plan
What we're going to do: We'll create a read-only Hetzner Cloud API token for the project you want to monitor, then add the connection in Tidal Control.
Configuration steps:
- Create a read-only API token
- Configure the integration in Tidal Control
Step 1: Create a read-only API token
- Log in to the Hetzner Cloud Console
- Select the project you want to monitor
- Go to Security → API Tokens
- Click Generate API token
- Enter a description (e.g.
Tidal Control) - Set the permission to Read — Tidal Control only needs read access
- Click Generate API token
- Copy the token — it is only shown once
Save the token immediately. Hetzner only shows the full token value once at creation. If you close the dialog without copying it, you will need to generate a new token.
API tokens are project-scoped. Each Hetzner Cloud API token grants access to a single project. To monitor more than one project, create a separate token per project and add one Tidal Control integration for each.
Step 2: Configure the integration in Tidal Control
- Go to Settings → Integrations in Tidal Control
- Click the plus icon next to Hetzner Cloud
- Fill in the configuration:
- Name: A descriptive name, e.g.
Hetzner Cloud - API Token: The read-only token from step 1
- Name: A descriptive name, e.g.
- Click "Create" to save the integration
Configuration fields explained
Name:
- A descriptive name for this connection
- For example:
Hetzner Cloud,Hetzner Production
API Token:
- The read-only Hetzner Cloud API token
- Created in step 1
- Scoped to a single Hetzner Cloud project
- Keep this value secure
Verification
Check integration status:
- Settings → Integrations shows "Connected" status for Hetzner Cloud
- Hetzner Cloud tests are available in the Tests section
- Test refresh delivers results without authentication errors
Frequently asked questions
Does Tidal Control make changes to my Hetzner project? No. The integration is read-only and only reads configuration data.
Can I use one token for multiple projects? No. Hetzner Cloud API tokens are scoped to a single project. Create one token and one integration per project you want to monitor.
Do I need a read & write token? No. A Read token is sufficient and recommended — it grants only the access Tidal Control needs.
Common problems
"API Token is required"
- Make sure you pasted the token value from step 1
- The token is only shown once — if you did not copy it, generate a new one
Tests show no data for certain resource types
- Confirm those resources exist in the project the token belongs to
- Remember that each token covers only one project
Authentication errors after refresh
- The token may have been revoked or regenerated in the Hetzner Cloud Console — generate a new token and update the integration
Still can't figure it out?
Send an email to support@tidalcontrol.com, and we'll get back to you as soon as possible.
Gather support info: Note which browser you're using, exact error messages, and which steps you've already tried. This speeds up the solution considerably.