.png&w=96&q=75){kind=small}
Manage account secrets in one place, easier database setup and monitor your VMs automatically
Account Credentials, PostgreSQL/MongoDB auto-deploy, Nodes page, and more updates
Hey, we have shipped a lot since the last update. Here are the highlights you'll actually notice in Quave ONE.
Account Credentials - one place for every secret
There's a new Credentials tab under My Account. It's the single place to store the sensitive material your apps and environments need at runtime:
- Container Registry logins (used at image-pull and during Docker builds)
- HTTP Basic Auth users (gate an environment's public ingress)
- TLS Certificates (custom uploaded certs for a host)
- ACME Wildcard configurations (auto-issue wildcards via Cloudflare, Route 53, Azure DNS, GCP, or a webhook)
What you get out of the box:
- Encrypted in our db - sensitive fields are never returned by APIs and only re-shown behind an explicit reveal action.
- Per-region sync - every credential is automatically pushed to the regions the account uses, with a sync status indicator per region and a Sync now button if you ever need to nudge it.
- Pickable from selects on the App page (image-pull / build-pull), on Hosts (custom certificate) and on Environment Settings (basic auth).
- Audit trail - create / update / delete / set-default / sync events are all recorded, and so are reveals of sensitive values.
The legacy private registry configuration is now gone - Container Registry credentials replace it cleanly, with the first one you create automatically promoted to the account-wide default.
A new public API and MCP tools ship alongside the UI, so you can manage credentials from CI, scripts or directly from your editor.
- Docs: Account Credentials
- API: Credentials API
PostgreSQL auto-deploy
PostgreSQL now has the same one-click deploy flow as MongoDB. Pick PostgreSQL on the New Database screen and we'll provision the database, wire the connection string, and hand it to your app - including HA-aware URL generation when you're on a multi-node setup.
If you're still on the legacy PostgreSQL flow and want to migrate, reach out to support so you will have the freedom to apply changes to your db without us.
MongoDB auto-deploy
MongoDB auto-deploy was previously gated. As of this release it's open to all accounts, and the legacy MongoDB option has been retired from the UI to make the choice obvious.
If you're still on the legacy MongoDB flow and want to migrate, reach out to support so you will have the freedom to apply changes to your db without us.
Standalone Nodes page - Connect only
Nodes, aka VMs, are out of the back-office and into the product:
- A dedicated Nodes page with a multi-account selector.
- Per-node data and live metrics now exposed through MCP - your editor / agent can ask "what's CPU on node X right now?" and get an answer.
Now on the Connect plan you can see and understand your VMs usage in detail and ask for optimizations if needed. Remember the example with Cursor Automations to find prod errors on logs everyday? You should have an automation to find optimization opportunities on your VMs as well now.
Quave ONE Root CA
Quave ONE now operates a unified internal Root CA that signs every TLS certificate used by managed services (Postgres, Mongo, Redis, internal HTTPS endpoints, cluster-to-cluster traffic, VPN…). Trust this one root and your clients validate every internal service.
The doc has copy-pasteable install instructions for Linux, macOS, Windows, Node.js, Python, Go, Java, Ruby, .NET, curl and Docker, plus the SHA-256 fingerprint to verify the download:
- Docs (with download link + fingerprint): Quave ONE Root CA
If you start seeing unable to get local issuer certificate or x509: certificate signed by unknown authority against an internal endpoint, this is the page you want.
Cloudflare in front of Quave ONE
We added a proper guide for putting Cloudflare's WAF / CDN / DDoS in front of your Quave ONE app environments while keeping HTTPS end-to-end. The flow: generate a Cloudflare Origin CA certificate, upload it to your host as a custom certificate, point DNS through Cloudflare with the proxy enabled, and set SSL/TLS to Full (strict).
- Docs: Cloudflare as a proxy
That's the lot. As always, if any of this trips on something specific to your setup, hit reply - we read every response and reply to everyone fast.
Have a great weekend.