My App

Integrations & infrastructure operations

Connect source providers, registries, servers, Swarm clusters, storage, notifications, and monitoring.

Source integrations

Git providers are configured at the organization level. Applications can select GitHub, GitLab, Bitbucket, Gitea, or generic Git. Repository and branch selectors use provider APIs when credentials allow it; generic Git can use an encrypted SSH key. Watch paths, submodules, auto-deploy, and raw Compose input are resource-level settings.

After a provider is connected, use Manage access on its card to open that provider’s own installation or OAuth permissions page. GitHub opens the specific App installation, GitLab and Gitea open authorized-application settings, and Bitbucket opens app-password management. Changes made there are reflected the next time Upstand refreshes provider access.

Docker registries

Docker registries are reusable organization-level credentials with URL, username, password, and connection testing. Use them for private image resources and registry-backed application deployments. Credentials are not displayed after save; test connectivity from the Docker Registry page before using a private image.

Servers & clusters

Remote Servers manages Docker hosts that can receive builds or deployments. Docker Swarm manages the active manager, workers, node availability, drain/active state, join commands, and join-token rotation. Protect manager ports and keep an odd number of managers for production quorum.

Build concurrency is configured per server so expensive builds do not overwhelm a node. Resource placement constraints in the Advanced tab can further restrict where a service runs.

Storage, backups & notifications

S3 Destinations store backup targets and testable credentials. Resource backup schedules and runs remain resource-scoped, while the Web Server page also supports organization-scoped control-plane backups. A web-server backup streams an Upstand PostgreSQL dump plus the three Caddy runtime/config/data volumes to an organization-owned destination; restore stops Caddy, terminates active database sessions, restores the database and volumes, and starts Caddy again. Restore operations require 2FA, the appropriate backup permission, and an explicit RESTORE_WEB_SERVER confirmation. The SSH_KEY_ENCRYPTION_KEY_V1 installation secret is intentionally not copied into the backup artifact and must be retained separately with the deployment secrets; losing it prevents decryption of stored credentials. For resources assigned to a registered remote server, Docker inspection, dumps, volume archives, and restores run against that server over the configured SSH transport while the S3 stream remains on the control plane. Notifications can deliver deployment, database, volume, web-server backup, and cleanup events through configured channels.

Monitoring & maintenance

Monitoring exposes server/runtime metrics, active containers, Docker storage usage, and network totals. The Web Server page also provides Caddy/server logs, configuration reload/restart controls, and safe Docker cleanup actions. Use the deployment queue and resource locks to diagnose overlapping builds before restarting workers.

Docker volume uploads

The Docker Inventory page can upload an uncompressed .tar archive into a named Docker volume on the selected local or registered remote server. The operation requires organization access, server permission, and a verified second factor when 2FA is enabled. Upstand limits archives to 50 MB, rejects absolute or traversal entries, validates the destination as an absolute path, and extracts through a short-lived helper container. Uploads never accept a host filesystem path or arbitrary shell command.

For tracked resource containers, the Containers tab also accepts a safe uncompressed .tar archive and extracts it into a prompted absolute directory inside the container. The same 50 MB, traversal, link, organization, server permission, and 2FA checks apply. Remote targets transfer the archive over the configured SSH connection and do not expose the host path to the container.

The same Docker Inventory explorer can force-remove unused images and remove volumes or networks. These actions are destructive, require the server update permission and verified 2FA, and always display a browser confirmation before the request is sent. Image references are validated server-side for both local and SSH-backed remote Docker targets.

SCIM provisioning

Organization owners and admins can create a SCIM provider token from the SCIM settings API. The raw upscim_… token is shown only when created or rotated; Upstand stores only its SHA-256 digest. Use the organization-scoped endpoint /api/scim/v2.0/<organizationId> with a bearer token. User create, lookup, update, deactivate, delete, and group membership discovery are supported. Deactivated members are denied normal organization authorization, and deleting a SCIM user removes only that organization membership, preserving the global identity for future provisioning.

Single sign-on

Organization owners and admins can open Settings → Single Sign-On to register an OIDC or SAML provider. Provider configuration is stored through the official Better Auth SSO integration, with client secrets and IdP certificates kept out of list responses. Upstand issues a DNS TXT challenge under _upstand-sso.<domain>; complete that challenge and select Verify DNS before enabling enforcement.

OIDC uses discovery, PKCE, and the openid, email, and profile scopes. SAML enables response correlation, timestamp requirements, and rejection of deprecated signature algorithms. A verified provider can provision users into the organization as members. When Require SSO is enabled, email/password sign-in is rejected for existing members of that organization and the login page's SSO flow routes them through the provider selected by their email domain. SSO callback URLs must be reachable from the identity provider and the Upstand API's configured trusted origins.

AI and MCP operations

UpGal uses the same project, resource, deployment, and server use cases as the dashboard. This keeps assistant actions subject to the platform’s organization ownership checks. Read-only inspection can be automated; mutations require an approval in the dashboard. See the UpGal AI assistant guide for provider keys, MCP scopes, conversation persistence, and incident guidance.

Organization API keys

Create organization API keys from Settings → API Keys. Keys are hashed by Better Auth, shown only once, expire according to the selected policy, and are rate limited through Redis. Use either x-api-key: upk_... or Authorization: Bearer upk_... for supported API and MCP endpoints.

Choose a read-only, deployment, operations, MCP read-only, or full-access preset, or use the advanced permission editor. API keys never create browser sessions and cannot access authentication, 2FA, terminal, or other session-only flows. Revoke a key immediately when an integration is retired or compromised.

On this page