Northflank

@northflank list all projects in our account and show me which region each one is deployed to

Based on your Northflank account, here are your active projects: • **api-production** (europe-west) - Created 3 months ago, 12 services running • **staging-env** (us-east) - Created 2 weeks ago, 5 services running • **ml-pipeline** (europe-west) - Created yesterday, 2 jobs configured All projects are using shared networking. The europe-west region hosts your primary workloads while us-east handles your staging environment.

This example demonstrates read-only project discovery across your infrastructure. Requires API key with project:read scope. The MCP returns current state at query time — project counts and configurations change as your team deploys. Useful for auditing regional distribution or finding a specific project ID.

@northflank create a new secret group called 'stripe-keys' in the api-production project with our test API key

I've created the secret group 'stripe-keys' in your api-production project. The secret is now stored encrypted in Northflank and can be inherited by any service or job in that project. **Secret Group ID:** `stripe-keys` **Project:** api-production **Variables added:** 1 (STRIPE_API_KEY) To use this secret, reference it in your service's environment configuration. The actual key value remains encrypted and won't appear in logs or the Northflank UI.

This write operation creates persistent infrastructure state. Requires API key with secret:write scope. The MCP doesn't validate your secret values — ensure you're using test keys in non-production projects. Once created, secrets are inherited by services automatically if configured, so verify project scope before writing.

@northflank check our staging-env project configuration and tell me if we're missing any recommended security settings

I've reviewed your staging-env project configuration. Here's what I found: **Current setup:** • Region: us-east • Networking: Shared (default) • Secret groups: 2 configured **Recommendations:** 1. No dedicated VPC configured — consider isolated networking for staging to match production patterns 2. DNS settings use default subdomain — you may want custom domain configuration 3. Project has public service endpoints — verify if all 5 services need external access Your secret management looks solid with encrypted groups in place.

This synthesis example combines the MCP's project read capability with the AI's security reasoning. The analysis is based on Northflank's configuration options, not a security scanner. Recommendations depend on your team's threat model — staging environments often intentionally differ from production. Use this as a starting point for architectural review.

When Northflank MCP fits teams shipping staging and prod in parallel

A 6-person engineering team ships features to staging every morning and promotes to production twice a week. They need to spin up ephemeral preview environments for each pull request, manage secrets across three environments, and tear down stale projects when branches merge. The Northflank MCP handles this well because the create/update project tools let you script environment provisioning in Switchy workflows, and the secret management tools keep API keys and database credentials out of chat history. The 21-tool scope covers the full deploy lifecycle without needing multiple integrations. This breaks down if your team runs more than 15 active projects—Northflank's API rate limits start causing slowdowns, and you'll want a dedicated CI/CD tool instead. If you're deploying twice a day or less and need fast environment setup without leaving Switchy, this MCP is the right call.

Why this MCP helps on-call engineers diagnose routing issues fast

Your on-call rotation gets paged at 2am because a customer-facing service is unreachable. The engineer needs to check if the DNS entry is correct, verify the project's networking config, and possibly delete and recreate the deployment to force a new DNS assignment. The Northflank MCP's Get DNS ID and Get Project tools surface this info in Switchy without context-switching to the Northflank dashboard or digging through Terraform state. The delete project tool is a nuclear option, but it's there when you need it. This scenario works because the MCP exposes read-heavy operations that map to diagnostic questions, not just write-heavy deploy actions. It's less useful if your infrastructure spans multiple cloud providers—Northflank is a single-vendor platform, so cross-cloud DNS issues require other tools. For teams running entirely on Northflank, this MCP turns incident triage into a conversational workflow.

When support teams need to clone production configs for debugging

A 3-person support team fields bug reports that require reproducing customer environments. They need to create a temporary project that mirrors production secrets and networking settings, test the reported issue, then delete the project to avoid runaway costs. The Northflank MCP's create/update project and secret tools let support reps script this in Switchy without needing deploy permissions in the main production account. The API key auth means you can scope a read-write key to a sandbox organization and hand it to support safely. This falls apart if your secrets are stored in Vault or AWS Secrets Manager—Northflank's secret groups are the only secret backend this MCP touches, so hybrid setups need extra tooling. If your support workflow is 'clone prod, test, destroy' and you're all-in on Northflank, this MCP cuts replication time from 20 minutes to 2.