Hyphen Hyphen
Log In

Introduction

Deploy

ENV Secrets Management

Feature Flags

URL Shortening

Net.Info

Integrations

GitHub Actions

Policies

Projects

A comprehensive guide to understanding and managing Projects in Hyphen, including environments, access control, and role-based permissions.

A Project in Hyphen is a container that groups related apps, environments, and secrets, allowing teams to manage them together under a unified workflow. Projects provide a way to organize and control access to multiple apps and their environments, ensuring that secrets and configurations are securely stored and accessible to the appropriate team members.

Each project is linked to an Organization and can be accessed by users who have the appropriate permissions within that organization.

Table of Contents

Environments

Within each project, you can define multiple Environments to segregate configurations and secrets specific to different stages of the app lifecycle. Each environment has a type that determines its role in the project:

  • Development: Used during the active development of an app. Secrets and configurations in this environment might include development-specific databases, API keys, and testing services. Each project can have at most one development environment.
  • Production: The live environment where the app runs in real-world use, with production-specific secrets and configurations. Each project can have at most one production environment.
  • Custom: For any specialized workflow that doesn't fit the development or production lifecycle stage. Projects can have multiple custom environments.

Environments allow for flexibility and separation of concerns. Secrets and settings can be isolated per environment to ensure that, for example, development credentials do not affect the production system.

Each environment maps to exactly one deployment setting. This one-to-one relationship means deployment behavior is fully predictable per environment — to deploy to multiple environments, create a separate deployment for each.

Access

Projects are managed using role-based access control (RBAC), which allows you to define what each team member can do within a specific project. This ensures that sensitive operations (like modifying production secrets) can only be performed by users with the appropriate permissions.

Project Roles

Project roles allow you to fine-tune access to different parts of a project, including the ability to view, modify, or manage secrets, apps, and environments. These roles may differ from organization-level roles, allowing flexibility in team collaboration.

  • Project Owner: Has full control over the project, including managing users, apps, environments, and secrets. The Project Owner can invite or remove members, modify project settings, and manage access to secrets and resources across all environments.
  • Project Collaborator: Can actively contribute to the project and manage apps, integration connections, project environments and work with secrets. However, a collaborator may not manage project access by adding or removing members.
  • Project Viewer: Can view the resources within a project, including apps, environments, but cannot view secrets or make any changes. This role is useful for team members who need to monitor the project without directly contributing.