Skip to main content

The Short Version

You’ve got environments. You’ve got clusters. You’ve got teammates who shouldn’t touch production. Project Organization is where those three things connect. No config files. No manual wiring. You tell Monk the rules, and it enforces them.

Cluster Assignment

Every environment maps to one cluster. That’s the boundary. 
link staging to my-digitalocean-cluster
link prod to my-aws-cluster
Multiple environments can share a cluster — Monk separates them with tags. Or give each environment its own cluster. Either way, you set it once and deployments route automatically. Change a link anytime. Existing deployments aren’t affected.

Team Secrets

Secrets are environment-scoped. Staging gets its own DATABASE_URL. Production gets a different one. They don’t leak across boundaries. 
add DATABASE_URL as a team secret for staging
Team secrets require two things:
  • An organization context
  • An environment linked to an org cluster
Once that’s in place, every org member with the right permissions sees the same secrets for that environment. Monk stores them on the cluster.

Environment-Scoped RBAC

You can lock down access per environment. A junior dev gets deploy rights to staging. Production stays off-limits. Permissions use path-based scoping:
  • /environments/staging/templates/** — staging templates only
  • /environments/*/secrets/** — secrets across all environments
That’s it. Define the role, assign it, and Monk handles enforcement. 
create a role called staging-deployer with deploy access to /environments/staging/templates/**

Putting It Together

A typical setup looks like this: 
link dev to my-local-cluster
link staging to my-digitalocean-cluster
link prod to my-aws-cluster
Dev, staging, and prod each hit different infrastructure. Secrets stay isolated per environment. RBAC controls who can touch what. You manage the whole thing in chat or the Clusters panel.

Multiple Environments

Creating, deploying, and managing environment lifecycles.

Access Control & Security

RBAC roles, permissions, and audit logging.