Kikimora
← all integrations

Cloud Infrastructure

Hetzner

Hetzner Cloud servers, firewalls, and DNS - audited in plain language.

TRY ASKING:

“List our Hetzner cloud firewalls and flag rules that expose SSH to the internet.”

  • “Which Hetzner servers have no cloud firewall attached at all?”
  • “Inventory every load balancer and the DNS zones pointing at it.”
  • “Show SSH keys in the project and which servers each one can reach.”

Kikimora connects to your Hetzner Cloud project so European infrastructure gets the same conversational treatment as the hyperscalers: inventory, firewall rules, and exposure checks in one chat.

Audit Hetzner Cloud security from one conversation

The integration covers the Hetzner Cloud objects that decide whether a server is exposed: the server and resource inventory, cloud firewalls and the rules attached to each machine, load balancers, DNS zones, and SSH keys. For teams that keep workloads in the EU for cost or data-residency reasons, it means the same conversational security review you run on AWS or Azure now reaches your Hetzner estate too. Budget-friendly infrastructure often skips the safety rails that hyperscalers nudge you toward, so a Hetzner server with SSH open to the world is not unusual. The exposure questions that matter are simple but easy to neglect: which servers have no firewall, which firewall rules allow management ports from anywhere, and which DNS records still point at machines you have already torn down. Each is a single question here, answered across every project at once.

What you can do

  • Inventory servers, load balancers, DNS zones, and SSH keys across projects.
  • Review and manage cloud firewall rules conversationally.
  • Catch risky exposure, such as open management ports or missing firewalls, before attackers do.

Things you might ask

  • “List every Hetzner server with SSH open to the internet and propose a tighter firewall rule.”
  • “Which servers in the project have no firewall attached, and what is running on them?”
  • “Show DNS records that point at servers we have already deleted.”

Hetzner rarely runs alone. If you also use Linode (Akamai) for compute, both fold into one cross-cloud posture view, and the AWS integration brings your hyperscaler footprint into the same conversation so a single exposure question answers everywhere.

Connect Hetzner - free Browse all integrations

[ faq ]

What credentials does the Hetzner integration use? +

A Hetzner Cloud API token scoped to the projects you want covered. Reading inventory, firewalls, and DNS is the default, read-only behavior.

Can it change firewall rules, or only read them? +

It reads by default. When a rule needs to change, the agent proposes the exact firewall change and applies it only after you approve it in the conversation.

How long does it take to set up? +

A few minutes. You generate an API token in the Hetzner Cloud console and paste it in. There is nothing to install on your servers.

Does it work across multiple Hetzner projects? +

Yes. Grant access to several projects and ask inventory or exposure questions that span all of them.

More in Cloud Infrastructure

AWS
Azure
Linode