Integrations

Hetzner Cloud

Configuring Hetzner Cloud integration

Tidal Control's Hetzner Cloud integration monitors your cloud infrastructure's security configuration for compliance purposes. All access is read-only — Tidal Control never creates, modifies, or deletes anything in your Hetzner project.

What this integration monitors:

  • Servers: Configuration and exposure of cloud servers
  • Firewalls: Rules and applied resources
  • Networks: Private network configuration
  • Load balancers: Services and TLS configuration
  • Certificates: Managed certificates and expiry
  • Volumes: Block storage configuration
  • Floating & Primary IPs: Public IP assignments
  • DNS zones: Zone configuration
  • SSH keys: Registered public keys
  • Images: Snapshots and backups

Requirements:

  • Super User role in Tidal Control
  • A Hetzner Cloud project with permission to create API tokens

Configuration step-by-step plan

What we're going to do: We'll create a read-only Hetzner Cloud API token for the project you want to monitor, then add the connection in Tidal Control.

Configuration steps:

  1. Create a read-only API token
  2. Configure the integration in Tidal Control

Step 1: Create a read-only API token

  • Log in to the Hetzner Cloud Console
  • Select the project you want to monitor
  • Go to Security → API Tokens
  • Click Generate API token
  • Enter a description (e.g. Tidal Control)
  • Set the permission to Read — Tidal Control only needs read access
  • Click Generate API token
  • Copy the token — it is only shown once
Warning

Save the token immediately. Hetzner only shows the full token value once at creation. If you close the dialog without copying it, you will need to generate a new token.

Info

API tokens are project-scoped. Each Hetzner Cloud API token grants access to a single project. To monitor more than one project, create a separate token per project and add one Tidal Control integration for each.

Step 2: Configure the integration in Tidal Control

  • Go to Settings → Integrations in Tidal Control
  • Click the plus icon next to Hetzner Cloud
  • Fill in the configuration:
    • Name: A descriptive name, e.g. Hetzner Cloud
    • API Token: The read-only token from step 1
  • Click "Create" to save the integration

Configuration fields explained

Name:

  • A descriptive name for this connection
  • For example: Hetzner Cloud, Hetzner Production

API Token:

  • The read-only Hetzner Cloud API token
  • Created in step 1
  • Scoped to a single Hetzner Cloud project
  • Keep this value secure

Verification

Check integration status:

  • Settings → Integrations shows "Connected" status for Hetzner Cloud
  • Hetzner Cloud tests are available in the Tests section
  • Test refresh delivers results without authentication errors

Frequently asked questions

Does Tidal Control make changes to my Hetzner project? No. The integration is read-only and only reads configuration data.

Can I use one token for multiple projects? No. Hetzner Cloud API tokens are scoped to a single project. Create one token and one integration per project you want to monitor.

Do I need a read & write token? No. A Read token is sufficient and recommended — it grants only the access Tidal Control needs.

Common problems

"API Token is required"

  • Make sure you pasted the token value from step 1
  • The token is only shown once — if you did not copy it, generate a new one

Tests show no data for certain resource types

  • Confirm those resources exist in the project the token belongs to
  • Remember that each token covers only one project

Authentication errors after refresh

  • The token may have been revoked or regenerated in the Hetzner Cloud Console — generate a new token and update the integration

Still can't figure it out?

Send an email to support@tidalcontrol.com, and we'll get back to you as soon as possible.

Info

Gather support info: Note which browser you're using, exact error messages, and which steps you've already tried. This speeds up the solution considerably.

Previous
OVHcloud
Next
Aikido