Skip to main content
Render is live, but it is not the first demo lane. Use it when your real stack is on Render and you want the same governed Keycli flow:
  • scoped connection
  • live env var mutation
  • approval when needed
  • audit at the end
Render matters as an adapter under the hosted control plane, not as the first public wedge.

What is live

  • create a Render connection
  • test service access
  • mutate a service env var through the Render API
  • expose readiness through capabilities

What is not live

  • Render deploy or restart flows are not implemented yet

What to run

1. Start the hosted API

npm run api:hosted

2. Create a scoped Render connection

export RENDER_API_KEY=...

curl -s -X POST http://localhost:8788/v1/connections \
  -H "authorization: Bearer $KEYCLI_TOKEN" \
  -H 'content-type: application/json' \
  -d '{
    "provider": "render",
    "label": "main",
    "authMethod": "api_token",
    "credentialRef": "env:RENDER_API_KEY",
    "scope": {
      "provider": "render",
      "serviceId": "srv-demo"
    }
  }'

3. Test the connection

export KEYCLI_RENDER_CONNECTION_ID=conn_...
export KEYCLI_RENDER_SERVICE_ID=srv-demo

curl -s -X POST "http://localhost:8788/v1/connections/$KEYCLI_RENDER_CONNECTION_ID/test" \
  -H "authorization: Bearer $KEYCLI_TOKEN" \
  -H 'content-type: application/json' \
  -d "{\"serviceId\":\"$KEYCLI_RENDER_SERVICE_ID\"}"
You want:
  • ok: true
  • liveExecutionAvailable: true

What Keycli does on apply

For Render secret/env changes Keycli uses the Render API to:
  • read service env vars
  • update service env vars

When to use Render

Use Render when:
  • your real app is on Render
  • you need service-scoped env var mutation
  • you do not need deploy/restart from Keycli yet

Next reads