Tags, environments, secrets, webhooks, and dependencies are supporting resources you define alongside monitors and alert channels.
Tags organize monitors for filtering and alert routing:
tags :
- name : production
color : "#10b981"
- name : api
color : "#3b82f6"
- name : database
Field Type Required Description namestring Yes Tag name, unique within the organization colorstring — Hex color code (e.g., #10b981)
Reference tags by name in monitors:
monitors :
- name : API Health
type : HTTP
config :
url : https://api.example.com/health
method : GET
tags : [ production , api ]
Environments
Environments represent deployment stages with variable substitution:
environments :
- name : Production
slug : production
isDefault : true
variables :
BASE_URL : https://api.example.com
TIMEOUT : "30"
- name : Staging
slug : staging
variables :
BASE_URL : https://staging-api.example.com
TIMEOUT : "60"
Field Type Required Description namestring Yes Human-readable name slugstring Yes URL-safe identifier (lowercase, hyphens, underscores) isDefaultboolean — Whether this is the default environment variablesmap — Key-value pairs for variable substitution
Reference environments by slug in monitors:
monitors :
- name : API Health
type : HTTP
config :
url : https://api.example.com/health
method : GET
environment : production
Secrets
Secrets store sensitive credentials in the DevHelm vault. Define them in YAML and reference them in monitor auth blocks:
secrets :
- key : API_TOKEN
value : ${API_TOKEN}
- key : BASIC_CREDS
value : ${BASIC_AUTH_CREDENTIALS}
Field Type Required Description keystring Yes Secret name (used to reference in auth blocks) valuestring Yes Secret value (use ${VAR} to inject from environment)
Reference secrets by key in monitor authentication:
monitors :
- name : Protected API
type : HTTP
config :
url : https://api.example.com/internal
method : GET
auth :
type : bearer
secret : API_TOKEN
Secret values are write-only. The CLI compares SHA-256 hashes for drift detection — actual values are never read back from the API.
Webhooks
Platform webhooks push events from DevHelm to your HTTP endpoints:
webhooks :
- url : https://hooks.example.com/devhelm
subscribedEvents : [ monitor.created , incident.created , incident.resolved ]
description : Event forwarder
enabled : true
Field Type Required Description urlstring Yes Endpoint URL (also used as the unique identifier) subscribedEventsstring[] Yes Event types to subscribe to (e.g. monitor.created, incident.created, incident.resolved, service.status_changed) descriptionstring — Human-readable description enabledboolean — Whether the webhook is active (default: true)
Dependencies
Track third-party services from the Status Data catalog:
dependencies :
- service : github
alertSensitivity : INCIDENTS_ONLY
- service : aws-s3
alertSensitivity : MAJOR_ONLY
component : us-east-1
Field Type Required Description servicestring Yes Service slug from the catalog alertSensitivitystring — ALL, INCIDENTS_ONLY, MAJOR_ONLY, or AWARENESS. Defaults to AWARENESS (silent tracking — incident appears on the dashboard but no alert channels fire). Set one of the paging modes to opt in to alerts.componentstring — Specific service component to monitor
Next steps
Monitors Define monitors that use tags, environments, and secrets.
File format Full YAML schema overview.