Capability · Integrations

Click. Connect. Done.

A picker grid replaces the old env file. Six tiles, one for each external service Engager talks to. Click a tile, fill the form, hit Test. The validation runs against the live API. The credential is encrypted with your workspace key before storage.

Telegram

Bot tokens for the alert and report fanout

Resend

SMTP free email transport for every report kind

GitHub

PATs for the operational tracker

Paddle

Revenue source for the SaaS revenue reports

Jira

Engineering throughput for the users and engineering report

Backblaze B2

Optional SQLite hot path backup

Test before save

The credential validation hits the live API.

Engager probes the cheapest authenticated route on each provider before letting you save. GitHub gets /user. Paddle gets /event-types. Jira gets /myself. Resend gets /domains. Telegram sends an actual test message.

The result lands in the modal as a green pill or a red pill with the upstream error string. No silent saves of broken credentials.

engager.rookhq.com / @realm / integrations

Telegram

Connected

Email · Resend

Connected

GitHub

Connected

Paddle

Not connected

Jira

Connected

Backblaze B2

Not connected

Watchdog

The credential that worked yesterday might not today.

Every two hours Engager re validates every saved credential. A failed validation surfaces on the integration row, on the dashboard, and as a critical kind notification on every channel that subscribes to credential watchdog.

Rotate, save, retest. The system tells you the moment a token decays.

Stored secret · GitHub PAT

github_pat_•••••••••••••••••••

Layer 1 · payload

AES 256 GCM ciphertext + 16 byte tag

Layer 2 · DEK

32 byte data key, wrapped per row

Layer 3 · KEK (Azure Key Vault)

RSA OAEP 256 · Engager never reads

Where the credentials live

Envelope encryption with a Key Vault root.

AES 256 GCM body

Each credential ciphertext is sealed with a per row data encryption key. Twelve byte nonce, sixteen byte tag, byte for byte verifiable.

Wrapped DEK

The DEK is wrapped with a Key Vault key, never read by Engager. The wrapped bytes live alongside the ciphertext.

Rotate without downtime

Rotate the master key whenever you want. Engager re wraps each row without re reading the ciphertext.

  • No env file

    The thirty plus environment variables the legacy engager required are gone. Every credential is a workspace row.

  • Per workspace isolation

    A second workspace cannot see, decrypt, or even reference the first workspace credentials.

  • Audit on every change

    Every add, edit, rotate, delete recorded with actor and timestamp.

Wire your first integration in under thirty seconds.

Open Integrations