Integrations
Connecting SecureSlate & Hetzner
SecureSlate connects to Hetzner Cloud through the Hetzner Cloud API, using read-only access. We retrieve servers, SSH keys, and firewalls for asset inventory and automated compliance tests. SecureSlate does not create, modify, or delete resources in your Hetzner account.
To use this integration, you need a Hetzner Cloud API token with Read permissions for the project(s) you want to monitor.
What SecureSlate syncs
| Data | Where it appears | Purpose |
|---|---|---|
| Servers | Asset Management → Others → Compute instances | Inventory servers with name, region, type, status, IP address, and labels |
| SSH keys | Stored on the connected integration | Track SSH key inventory for compliance |
| Firewalls | Stored on the connected integration | Evaluate firewall coverage and SSH exposure rules |
SecureSlate also creates a Hetzner vendor record under Vendor Risk when you connect.
Automated controls and tests
Once connected, SecureSlate runs automated tests against your synced Hetzner data:
- Cloud infrastructure linked to SecureSlate
- Inventory items have active owners
- Inventory items have descriptions (name, labels, or instance type)
- Hetzner servers have firewalls applied
- Hetzner SSH access is not open to the public internet
- Hetzner SSH keys are inventoried
These tests support Inventory and Network Security use cases mapped to frameworks such as ISO 27001:2022 and SOC 2.
Prerequisites
Before you connect SecureSlate, confirm you have:
- Administrator or project access in Hetzner Cloud Console to create API tokens.
- At least one Hetzner Cloud project with the servers you want to monitor.
- Permission to create integrations in SecureSlate (typically Admin).
Generate a Hetzner Cloud API token
Open API Tokens
- Sign in to console.hetzner.cloud.
- Select the project you want SecureSlate to monitor.
- In the left sidebar, open Security → API Tokens.
Create a read-only token
- Click Generate API token.
- Description: Enter a name you will recognize, for example
SecureSlate Read-Only. - Permissions: Select Read (not Read & Write).
- Scope: Limit the token to the project(s) SecureSlate should access, or grant access to all projects if that matches your compliance scope.
- Click Generate API token.
- Copy the token immediately — Hetzner shows the full token only once.
Store the token securely (for example, in your password manager). You will paste it into SecureSlate in the next section.
Important: SecureSlate only needs Read access. Do not grant write permissions unless your security policy explicitly requires them for another purpose.
Connect Hetzner to SecureSlate
Open the integration
- In SecureSlate, open Integrations from the left sidebar.
- Go to the Available tab.
- Search for Hetzner.
- Click Connect on the Hetzner card.
Review the integration details:
- Category: Cloud providers
- Use cases: Inventory, Network Security
- Permissions: Read-only access to servers, SSH keys, and firewalls via the Hetzner Cloud API
- Access type: API token with Read permissions
Enter your API token
- Continue through the setup flow to Connect Hetzner to SecureSlate.
- Paste your Hetzner Cloud API token.
- Click Connect.
SecureSlate validates the token against the Hetzner API, fetches your project data, and syncs servers into inventory.
Note: To change the API token later, disconnect Hetzner and reconnect with a new token.
Verify the integration
After a successful connection:
- The Hetzner integration appears under Connected on the Integrations page.
- Servers sync to Asset Management → Others → Compute instances.
- SSH keys and firewall metadata are stored on the integration for automated tests.
- A Hetzner vendor entry is created under Vendor Risk.
- Automated tests begin running against the synced data.
Initial sync time depends on how many servers are in your project.
Disconnecting Hetzner
If you disconnect Hetzner from SecureSlate:
- The integration record and API token are removed.
- Synced server assets linked to the integration are removed from Asset Management.
- The Hetzner vendor record is removed from Vendor Risk.
- Hetzner automated tests are removed from your workspace.
Troubleshooting
If the connection fails or data does not appear:
- Confirm the API token has Read permissions (not expired or revoked).
- Confirm the token is scoped to the correct Hetzner Cloud project.
- Confirm you copied the full token when it was generated (tokens cannot be viewed again after creation).
- If the token was rotated or deleted in Hetzner, generate a new token and reconnect.
- Confirm your project has servers for SecureSlate to sync (an empty project can still connect, but inventory tests may fail until resources exist).
- If you see Invalid API token, verify the token in Hetzner Console and try disconnecting and reconnecting.
Invalid or random text entered as a token will not connect — SecureSlate validates the token with Hetzner before saving the integration.
