Skip to main content

Runops Releases #23

The new year is here we want to celebrate with you sharing exciting new features that will make your life a whole lot easier.

Happy 2022 and let's dive in!

Run tasks in the Runops Portal#

Use a large canvas to edit your scripts, logs loading automatically right bellow, and all your history of executions accessible as you run things.

When you are done with a Target, easily switch targets to run different scripts.

Wanna re-run a script from yesterday?

Filter you history to find the script you need and re-execute a task with 2 clicks!

Hit cmd (mac) / win (windows) + enter to run your script from the canvas.

Here is a quick video of Matheus showing all these features in action:

Slack workflows#

No need to copy and paste the same script everyday anymore.

If you have a script you need to run every day like database check or a financial report, you can now use the Runops step in Slack Workflows to schedule the execution of a task with a few clicks, all within Slack.

After the setup you get a message from the Runops bot with the results of your task every day at the configured time.

Check out this video on how to setup:

You can also use the Runops workflow step to create shortcuts.

Use Shortcuts to make scripts such as a report or a db check accessible trough a button available in the Slack chat panel.

The Runops bot speaks SQL!#

If you like running tasks from Slack you will love this one. Now you can chat with the Runops bot using SQL! That is correct, you send SQL or any script in the chat and the bot replies with the results.

Here is how to use it:

  1. List the available Targets by typing targets
  2. Select a target by typing target my-target-name
  3. Start sending your script and get the results back for each message!

Check out this video for more details on how to use it:

Improved Agent reliability#

We released multiple enhancements to the Agent communication with the API.

The latest Agent version has increased capabilities in terms of how long a task can last, the size of scripts and outputs it can handle, and many other enhancements and bug fixes.

If you aren't using the latest version already, we highly recommend you upgrade your agents.

You can find the latest version along with the full details of the changes here:

Welcome NodeJS!#

You can now run NodeJS scripts in Runops. Many of you use Python or Ruby to create more complex automations, but now you can also use NodeJS.

You can see the list of npm packages available here: - feel free to ask for new packages or contribute with suggestions.

Web signup#

New organizations can now signup for Runops from the browser.

Before this release new organizations were only able to signup from our CLI. Many people love the CLI experience, but this is not the case for everyone.

So go ahead and tell your friends from other companies that they should be using Runops and can start here:


That is it for this update.

As always, please let us know of any feedback, suggestion, comment, or anything that comes to mind.

See you next time!

Runops Releases #22

Presenting: The Runops Web App!#

You can now use Runops in the browser! The web app experience is live for a few weeks and the feedback has been fantastic. Here are some of the things users love in the web app:

Tasks Inbox

You can view your Tasks' history in a simple, yet powerful list. In the Tasks' detail view you can see review information, script, and logs!

Admins using the web app can manage users, targets and agents!

  • Create, deactivate, and update users' groups.
  • Create and update Targets.
  • See your organizations' connected agents and metadata.

Welcome groups, farewell #

Now, instead of controlling access to Targets using roles, and reviews with teams, you use only one property:聽groups. Plus, we added the capability of聽controlling access to templates using groups.

Reliability Enhancements#

We made some structural changes in the last few weeks to Runops. Despite the size of the changes, most of you didn't even notice it. This is because we invested a lot of time in improving our reliability. We are not only fixing problems faster when they happen, but even fixing them before you notice. Some of these improvements include:

  • Runops Agent runtime instrumentation. The Runops Agent now loads and exports runtime configurations. This improves our visibility into problems and increases our abilities to fix problems in the agent without involving your team.

  • Central monitoring tool. All our systems now use the same central error monitoring and tracking system. This system makes sure that we get notifications for any problem that happens in any system. Notifications include all the metadata on the problem, including the individual user and organization. This is why you get messages from our team when you have problems even before you think about reaching out.

Welcome Groups, farewell Teams and Roles

We simplified the Runops authorization mechanism!

Now, instead of controlling access to Targets using roles, and reviews with teams, you use only one property: groups.

Plus, we added the capability of controlling access to templates using groups.

What are groups?#

Groups are a simple concept to grasp and will enable us to add even more powerful features in the future. In a nutshell, you add users to one or more groups. Groups can map to your teams, squads, locations, anything you want. With these groups, you then manage access to Target, Reviews, Templates, and more. It's a very light and easy to use RBAC mechanism.

What do you have to do?#

Nothing. We migrated all your teams and roles to the groups property.

You don't have to do anything.

Just use groups the same way you used teams and roles from now on.

What about Roles and Teams?#

The fields team and 'roles` of the user are still there. They are now only metadata about the user to help identify the user in the Slack review card. These fields won't be use for decisions anymore.

When does this ship?#

We are rolling out this feature over the next couple days. We have been using it for a few weeks and it's amazing! Your organization should get it soon.

Where can I learn more?#

Check out the docs to learn more, and please let us know what you think.

See you later!

Append keys to existing Secret in AWS Secrets Manager

The AWS update-secret operation for Secrets Manager replaces all keys of a secret with the new value provided in the --secret-string.

But sometimes we want to add a few extra keys, without replacing values already present in a secret.

In this post we show how to use bash to add keys to a secret without replacing existing values.

What you need#

  • jq installed

1. Prepare the list of secrets you want to add the new keys#

This command generates a file named all-secrets. Run the command and update the file to reflect the list of secrets you want to add the new keys.

# Create `all-secrets` file
aws secretsmanager list-secrets | jq .SecretList | jq '.[]' | jq -r .ARN > all-secrets

Keep only the the secrets you want to add the new keys in the generated all-secrets file

2. Store the new keys in a json file named new-keys.json#

echo '
}' > new-keys.json

3. Run the script#

The script uses the all-secrets and new-keys.json files created in steps 1 and 2.

while read line; do
aws secretsmanager get-secret-value \
--secret-id $line | \
jq -c '.SecretString | fromjson' > current-keys.json
jq -s '.[0] * .[1]' current-keys.json new-keys.json > merge.json
aws secretsmanager update-secret --secret-id $line --secret-string file://merge.json > updated
done <all-secrets

For each line in the all-secrets file, the script:#

  • Gets current secret value and save to current-keys.json file
  • Merges current-keys.soj and new-keys.json into merge.json
  • Updates the secret value with the merge.json file contents as the secret-string

Runops Releases #21

Runops REPL!#

No more typing the same boilerplate when running Tasks. Targets without reviews return the logs of a Task right the way. We added a new command to the CLI:聽runops tasks repl聽 -, where you can start an interactive session with your Target. In the REPL session, you only type the script option and get the results. It's simple. The REPL also supports multiline scripts. Here is a preview of how it works:

You can read more here:聽

CSV output#

You can now configure different output formats for Mysql and Postgres database Targets. These types show tabular results by default, great for quick consumption in Slack or the CLI. However, for more advanced analysis, it's best to be able to open the results in a spreadsheet. So you can use the configuration聽FIELD_SEPARATOR聽to set different separators for the output. For instance: setting the separator to: ","聽- will generate a beautiful CSV ready to be open in Excel or other spreadsheet apps.

Custom type for Templates#

You can set the type of the Task for a Template using the file name. Runops will try to match the extension of the file to a valid type. For example, the file "my-query.MySQL"聽as a Template creates a Task of type聽MySQL聽even if the Target is of type "AWS"聽or "python". This is a great way to simplify Templates execution for Targets that support multiple integration types. Also, with the type attached to the Template, you don't have to set it when running a Template from Slack or the CLI.

New integrations#

Hashicorp Vault You can now use Runops to interact with Hashicorp Vault. This is great for automating one-off tasks such as creating database users for new applications. Using a Template, you enable everyone to run sensitive operations in Vault that only executes after review. So, instead of doing everything yourself, you become a reviewer, taking way less of your time while still keeping security and compliance in place.

Kubernetes + Rails Use the k8s-rails type to enable access to the Rails console of applications running on Kubernetes. Then, using the Runops REPL, you authenticate with Google and get an experience similar to the Rails console. Zero hassle and risks of distributing SSH keys, Kubernetes credentials, VPNs, and other things required to get a shell running side-by-side with your production application.

Version checker in the CLI#

You will get a message when a new version of the CLI is available. This is because the CLI checks the latest version in the most used commands. The check happens in parallel, so there is no impact on the execution latency of your commands. The message stops showing up after you update the CLI.

PII data redact configuration#

You can now disable the automatic redacting of PII data for specific Targets. Set the聽redact聽option in the Target to "none"聽to remove redacting, or聽"all"聽to remove all sensitive data. The "all" option聽is the default. For now, only聽all聽and聽none聽are available. You will be able to fine-tune redact specific data types in the future.

Other Enhancements#

We removed the tutorial from "runops login"聽command. It only shows up in the聽runops signup聽option now. You can use the PUT users API endpoint using the email to identify the user. This is useful for integrations to activate/deactivate users from your internal systems without the Runops user id. The new Runops agent is now the default for the hosted and self-hosted options when creating new Targets.

Runops Releases #20

We are excited to announce many of the top requested features that we released over the last few weeks. Let's dive in!

Runops API is out#

You can start using the Runops API to build automations and integrate them with your existing tools. The list of endpoints and their specification is available in the docs ( One use case requested by many of you was the user management API to integrate existing employee credentials provisioning systems, and we released it!

User management#

You can now add, update, and remove users using the Runops CLI. The create users option is an additional way to bring new members to Runops, in addition to the self-register option from Slack and CLI. You can also update user's status to activate/deactivate accounts and change users' teams and roles.

Role-based access control#

Control who can access what Targets. You can now group Targets into roles and attach these roles to users. A user only sees the Targets allowed by their roles.

Kubernetes Secrets support#

You can now store secrets and configurations in your Kubernetes Cluster secrets. In addition to Hashicorp Vault and AWS Secrets Manager, this new secrets storage mechanism makes it easier to get started before you move to a proper Secrets Manager.

馃帹 Improved outputs in the CLI#

You won't see JSON outputs as the result of commands anymore. The CLI now displays all outputs as tables. When creating Targets or running Tasks with reviews, the CLI displays all the information you need in an easy-to-read table.

鉁旓笍Improved validations for Tasks execution#

You will get a detailed error message when a specific secret or configuration is missing for a given Target type. The agent now performs an extensive set of validations before running a Task. Works both when creating a Target or running Tasks.

馃攲 New integrations#

You can use a range of new integrations in Runops. Use bash for running arbitrary shell commands. With k8s-apply you provide a YAML, and Runops applies it to Kubernetes clusters (we are using this one internally). Use rails to access a Rails application and rails-console get a Rails console experience, but with all the controls of Runops. You can check the complete list of integration in the docs:

馃搼 Revamped docs#

You will have a better navigation experience in the documentation. Find dedicated sections to end-users and operators in the menu. The docs also got additional guides detailing the Kubernetes Secrets support. Check it out:聽

馃悰 Bug fixes#

Fixed bug in redact logic that broke emails format.

Runops Releases #19

We have been working hard the past couple of weeks to get this release out, and it's finally here! The new Runops agent is available, and it brings huge improvements to the Runops experience. We also launched a new version of the web app to get metrics and graphs on the Tasks executed and manage users' status. Let's dive in!

馃弾 10x improvement to execution time: from 50 to 5 seconds#

The new Runops agent brings the execution time from 50 to 5 seconds. The experience in the CLI got closer to the interactive experience of directly accessing a database or container. Slack users won't even notice a delay anymore.

馃洶 Simplified deployment model#

One instance of the new agent can execute Tasks from N Targets. This means that there is no need to set up a new agent for every new Target you add to Runops. Using a tagging system, you can configure which Targets run on which agents. A typical pattern is setting up one agent per environment and then using these same agents every time you need to add a new Target to Runops.

馃攼 Secret Managers integrations#

You can now keep your secrets in the Secrets Management solution of your choice. There is no need to add Secrets to Runops anymore. Your secrets stay in your vault, and the new Runops agent will pull a temporary credential to execute Tasks. We already support Hashicorp Vault and AWS Secrets Managers, with GCP Secrets Manager and other providers coming soon.

馃搱 Metrics, Graphs, and Users Management in the web app#

The revamped admin app has metrics and graphs that enable you to understand how your company uses Runops to access infrastructure. You get average review times and which teams are more active, besides the complete picture of Tasks and their details. Now you can also activate or deactivate users in the Users Management section.

馃悶 Error logs in Slack#

We fixed a bug that prevented you from seeing the result logs of Tasks that failed in Slack. The logs were sent as binary, and you had to download them and open them on your computer to see why the Task failed. Now we send results as text. You will see what happened in case of success or failure directly in Slack.

Hands Tied Engineers

The worst thing that can happen to an engineer is to get paged out-of-hours only to realize they can't fix the problem on their own. They did all the hard work of waking up, debugging the problem, and finding a solution. But when it's time to apply the fix, they don't have access. Time to call a DevOps engineer to get permission or have them run the patch.

DevOps means developers run their own code, but how can a developer operate a piece of software if she can't access the database, the cloud provider, or the Kubernetes cluster? Only a handful of people has access to these resources at most companies today.

This problem is not just bad on out-of-hour pages. DevOps teams centralizing raw access to production are bottlenecks to the whole engineering team. A simple query in the database to troubleshoot a problem can take hours for the busy and sad DevOps team to process the request in their queue.

It's not ok to keep making direct updates to the database or change things in the AWS console all the time. CI/CD and infrastructure as code are great tools. But direct access will happen no matter how much automation a company has. Restricting raw access to a few engineers results in bad culture incentives and an environment with low trust and autonomy.

Runops democratize access to production to enable DevOps. We fix this problem by adding security and compliance into easy-to-use clients. Runops enable any engineer to make production access with security and reliability.

Runops is a client to databases, AWS, Kubernetes, and others. Users access Runops from Slack and a CLI. We make accessing cloud resources easier than installing multiple clients and using VPNs. Runops also improves security and GDPR compliance.

Runops Releases #18

馃摎 Revamped documentation website#

We completely revamped the Runops documentation website. It's now easier to navigate and has a better design. We also enabled the chat support widget to the docs. Now you can reach out anywhere in the docs to talk to us. The new website is also hosting our blog, where the Releases and other articles are shared.

馃檹 Thanks#

That is it for this week, we'll see you next week with more Releases.

As always, please let us know of any feedback or comments you might have on Runops.


Runops Releases #17

馃幆 Select Task type in Slack#

You can now override the type of a Task in Slack. We added a new menu option that you can use to change the type from what is set in the Target when creating a Task in Slack. It's an optional field, so if you don't provide it, the type set in the Target is used.

馃檹 Thanks#

That is it for this week, we'll see you next week with more Releases.

As always, please let us know of any feedback or comments you might have on Runops.