The Cortex Developer Portal powers engineering teams from the day a service is created using the Scaffolder, through production readiness, ongoing reliability initiatives, security standards, and even operating during incidents. With the introduction of Actions, the Cortex Developer Portal is expanding the possibilities of self-serve and daily workflows that are possible through a Developer Portal.
Actions allow you to configure no-code… actions 😅… with customizable input fields, entity metadata, etc. that send custom payloads from Cortex to any API (internal, external, or webhook) in a secure manner. Here’s how it works:
- Create a new action in Cortex and give it a name and description, for example “Deploy service”
- Define the HTTP configuration, including the target URL, headers, and payload. The URL and payload are templated using Mustache, giving you dynamic flexibility over the request. The headers are encrypted at rest, so they can contain secrets/tokens for your services.
- Select whether this is a standalone action, or whether it’s associated with entities (for example, the deploy action might be meant for deploying backend services).
- Optionally define a Mustache template with markdown that gives the user a human-readable version of the Action response.
- Publish your action (or save as a draft).
- Run it! You can run actions from the Catalog pages for Services or Resources, or you can head directly to the Actions tab. Cortex provides visibility into the execution history so you can debug and track Actions that were triggered. The history is also encrypted at rest for security purposes.
While this may sound simple, it enables lots of powerful workflows from within the Cortex Developer Portal, including:
- 1-click deployment of services
- Creating temporary access keys
- Provisioning resources in your cloud environment
- Filing Jira bugs for escalations
- Automatic new developer onboarding
- Much more
Security is (and should be) the foremost priority for a feature as powerful as Actions. We’ve taken some steps to ensure the security of Actions in Cortex:
- All requests coming from Cortex are signed using a user-provided secret defined in your workspace Settings. The signature and the request timestamp are added to the request headers – the signature can be used to verify that the request originated from Cortex, and the timestamp header can be used to prevent replay attacks.
- The headers in the Action configuration are encrypted at rest (treated like any of your other integration tokens), so that you can use secrets in your headers with confidence.
- Execution history (payloads and responses) are also encrypted at rest.
By centralizing daily operations in the Developer Portal and making it easier for developers to manage all of their services from a single place, Actions supercharges engineering teams while improving developer productivity and efficiency.
We’re excited to see what our users build on top of Actions, and to be enabling the future of developer productivity through the Cortex Developer Portal!