Set Up Managed Services
Managed services are databases and storage systems that Temps provisions as Docker containers on your server. You create them once, link them to projects, and Temps handles credential generation, networking, environment variable injection, and backups.
Available service types
| Service | Default Image | Use case |
|---|---|---|
| PostgreSQL | gotempsh/postgres-walg:18-bookworm | Primary database with WAL-G streaming backups |
| Redis | gotempsh/redis-walg:8-bookworm | Caching, sessions, pub/sub, and queues |
| MongoDB | gotempsh/mongodb-walg:8.0 | Document database |
| S3 Storage | rustfs/rustfs:1.0.0-beta.6 | S3-compatible object storage (powered by RustFS) |
Temps also provides higher-level abstractions built on these services:
| Service | Backed by | Purpose |
|---|---|---|
| KV | Redis | Key-value storage accessible via the Temps SDK |
| Blob | RustFS | File/blob storage accessible via the Temps SDK |
Create a service
Create a service
- 1
In the sidebar, click Services.
- 2
Click Create Service.
- 3
Select the service type (PostgreSQL, Redis, MongoDB, or S3 Storage).
- 4
Enter a name and adjust parameters if needed.
- 5
Click Create.
Checkpoint: Run bunx @temps-sdk/cli services list and confirm the new service appears with status running before linking it.
From the API
curl -X POST "https://your-temps-instance/api/external-services" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-postgres",
"service_type": "postgres",
"parameters": {
"port": "5432",
"max_connections": "200"
}
}'
Configuration by service type
PostgreSQL:
| Parameter | Default | Editable after creation |
|---|---|---|
port | Auto-assigned from 5432 | Yes |
docker_image | gotempsh/postgres-walg:18-bookworm | Yes |
max_connections | 100 | Yes |
ssl_mode | disable | Yes |
database | postgres | No (read-only) |
username | postgres | No (read-only) |
password | Auto-generated (16 chars) | No (read-only) |
Redis:
| Parameter | Default | Editable after creation |
|---|---|---|
port | Auto-assigned from 6379 | Yes |
docker_image | gotempsh/redis-walg:8-bookworm | Yes |
password | Auto-generated | No (read-only) |
MongoDB:
| Parameter | Default | Editable after creation |
|---|---|---|
port | Auto-assigned from 27017 | Yes |
docker_image | gotempsh/mongodb-walg:8.0 | Yes |
database | admin | No (read-only) |
username | admin | No (read-only) |
password | Auto-generated | No (read-only) |
S3 / RustFS:
| Parameter | Default | Editable after creation |
|---|---|---|
port | Auto-assigned from 9000 | Yes |
console_port | Auto-assigned from 9001 | Yes |
docker_image | rustfs/rustfs:1.0.0-beta.6 | Yes |
access_key | Auto-generated | No (read-only) |
secret_key | Auto-generated | No (read-only) |
All ports are bound to 127.0.0.1 only — they are not publicly accessible from outside the server. Application containers communicate with services over the Docker network using container names as hostnames.
Link a service to a project
Linking injects the service's connection credentials as environment variables into your project's containers at deploy time.
Link a service to a project
- 1
Open your project.
- 2
Click Services in the project sidebar.
- 3
Click Link Service.
- 4
Select the service.
- 5
Click Link.
Checkpoint: On the next deploy, the connection credentials are injected as environment variables; confirm with bunx @temps-sdk/cli services env --id 12 -p my-app.
From the API
curl -X POST "https://your-temps-instance/api/external-services/{service_id}/projects" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"project_id": 1
}'
What happens when you link
- Per-project isolation — For PostgreSQL, a dedicated database is created named
{project_slug}_{environment_slug}. For Redis, a database number (0-15) is assigned. For S3, a dedicated bucket is created. - Environment variables — Connection credentials are generated using the Docker container name as the hostname (for internal networking) and injected on the next deploy.
- One per type — Only one service of each type can be linked to a project. To switch PostgreSQL instances, unlink the current one first.
Preview environment variables
To see what variables will be injected without deploying:
# Preview variable names
curl "https://your-temps-instance/api/external-services/{service_id}/preview-environment-names" \
-H "Authorization: Bearer YOUR_TOKEN"
# Preview with masked values
curl "https://your-temps-instance/api/external-services/{service_id}/preview-environment-masked" \
-H "Authorization: Bearer YOUR_TOKEN"
# Get actual values for a project
curl "https://your-temps-instance/api/external-services/{service_id}/projects/{project_id}/environment" \
-H "Authorization: Bearer YOUR_TOKEN"
Unlink a service
Unlink a service from a project
- 1
Open your project and click Services in the project sidebar.
- 2
Find the linked service in the list.
- 3
Choose Unlink for that service.
- 4
Confirm the unlink.
Checkpoint: Unlinking does not delete the data inside the service; you can re-link later. Confirm the project no longer appears under bunx @temps-sdk/cli services projects --id 12.
curl -X DELETE "https://your-temps-instance/api/external-services/{service_id}/projects/{project_id}" \
-H "Authorization: Bearer YOUR_TOKEN"
Unlinking does not delete the database or data inside the service — it only stops injecting environment variables. You can re-link later.
Import an existing container
If you already have a PostgreSQL or Redis container running on your server, you can import it into Temps instead of creating a new one.
Import an existing container
- 1
Go to Services.
- 2
Click Import Container.
- 3
Temps scans for running Docker containers that match known service types.
- 4
Select the container to import.
- 5
Provide the connection credentials (Temps cannot read them from the container).
Checkpoint: Run bunx @temps-sdk/cli services list and confirm the imported service is listed.
From the API:
# List importable containers
curl "https://your-temps-instance/api/external-services/available-containers" \
-H "Authorization: Bearer YOUR_TOKEN"
# Import one
curl -X POST "https://your-temps-instance/api/external-services/import" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"container_id": "abc123...",
"name": "existing-postgres",
"service_type": "postgres",
"parameters": {
"host": "localhost",
"port": "5432",
"database": "postgres",
"username": "postgres",
"password": "your-existing-password"
}
}'
Manage service lifecycle
Start and stop
Services can be started and stopped independently:
Start or stop a service
- 1
Open the service from the Services list.
- 2
Use the Stop control to take it offline (the Docker volume and data persist).
- 3
Use Start to bring it back online.
- 4
Applications linked to a stopped service fail to connect until it is started again.
Checkpoint: Run bunx @temps-sdk/cli services show --id 12 and confirm the status reads running after starting.
# Stop a service (keeps data)
curl -X POST "https://your-temps-instance/api/external-services/{id}/stop" \
-H "Authorization: Bearer YOUR_TOKEN"
# Start it again
curl -X POST "https://your-temps-instance/api/external-services/{id}/start" \
-H "Authorization: Bearer YOUR_TOKEN"
Stopping a service does not delete any data — the Docker volume persists. Applications linked to a stopped service will fail to connect until the service is started again.
Health check
curl "https://your-temps-instance/api/external-services/{id}/health" \
-H "Authorization: Bearer YOUR_TOKEN"
Delete a service
Delete a service
- 1
Always back up important data before deleting a service.
- 2
Open the service from the Services list.
- 3
Choose Delete for the service.
- 4
Confirm deletion.
Checkpoint: Deleting removes the Docker container; confirm the service no longer appears in bunx @temps-sdk/cli services list.
curl -X DELETE "https://your-temps-instance/api/external-services/{id}" \
-H "Authorization: Bearer YOUR_TOKEN"
Warning: Deleting a service removes the Docker container. Data in the Docker volume may be preserved depending on your Docker configuration, but this should not be relied upon. Always back up important data before deleting a service.
Upgrade a service
Upgrade a service
- 1
Always back up the service before upgrading.
- 2
Go to the service details page.
- 3
Click Upgrade.
- 4
Specify the target Docker image (e.g. gotempsh/postgres-walg:18-bookworm).
- 5
Confirm the upgrade. Major version upgrades may require a dump and restore.
Checkpoint: Run bunx @temps-sdk/cli services show --id 12 and confirm the version reflects the new image.
To update the Docker image (e.g. from PostgreSQL 17 to 18):
curl -X POST "https://your-temps-instance/api/external-services/{id}/upgrade" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"docker_image": "gotempsh/postgres-walg:18-bookworm"
}'
Or from the dashboard, go to the service details page and click Upgrade.
Major version upgrades (e.g. PostgreSQL 16 to 17) may require data migration. Always back up the service before upgrading. For PostgreSQL, major version upgrades typically require a dump and restore — the Docker image swap alone may not be sufficient.
PostgreSQL HA clusters
A PostgreSQL service can run as a high-availability cluster instead of a single standalone container. Cluster services have topology = "cluster" and service_type = "postgres", and run on the gotempsh/postgres-ha:18-bookworm-walg image. A cluster is made up of a pg_auto_failover monitor plus one or more data members tracked in the service_members table. Applications connect through the cluster's virtual address — <cluster>.temps.local — using a libpq connection string with target_session_attrs=read-write, which always lands writes on the current primary.
Cluster backups and restore use WAL-G physical backups (basebackup plus continuous WAL archiving) rather than the per-engine pg_dump/pg_dumpall path used for standalone services.
Cluster backup
Back up a cluster
- 1
Open the cluster service and click its Backup button (or use the standard backup API).
- 2
Temps finds the current writable primary via pg_auto_failover.
- 3
It writes a walg.env credentials file to every running data member so archiving survives a failover.
- 4
It runs wal-g backup-push against the primary to upload the basebackup to S3.
- 5
It enables continuous WAL archiving on the primary.
Checkpoint: WAL archiving does not start until the next restart; confirm the basebackup landed with bunx @temps-sdk/cli services list-backups --s3-source-id 3.
When you back up a cluster (from the service's Backup button or the standard backup API), Temps routes through ExternalServiceManager::backup_postgres_cluster instead of the standalone path. That method:
-
Finds the current writable primary by asking pg_auto_failover for the member whose live state is
primaryorsingle. -
Writes a
/var/lib/postgresql/walg.envcredentials file to every running data member (not the monitor). Writing it everywhere means archiving keeps working after a failover promotes a different member to primary. -
Runs
wal-g backup-push /var/lib/postgresql/pgdataagainst the primary to upload the basebackup to S3. WAL segments are lz4-compressed by default. -
Enables continuous WAL archiving by running, against the primary:
ALTER SYSTEM SET archive_command = '. /var/lib/postgresql/walg.env && wal-g wal-push %p'; ALTER SYSTEM SET archive_mode = 'on'; ALTER SYSTEM SET wal_level = 'replica'; SELECT pg_reload_conf();
Because archive_command is stored in postgresql.auto.conf — which is part of pgdata and is streamed to replicas — the setting survives a failover. A new primary inherits it without an operator re-running anything, so WAL keeps flowing to the same S3 prefix.
WAL archiving doesn't start until the next restart. archive_mode is a postmaster setting that requires a server restart to take effect. Until the primary restarts — either operator-triggered or pg_auto_failover-driven — archive_command is set but the archiver is not yet enabled, so WAL accumulates locally without being shipped to S3. The basebackup itself is already safely on S3; only continuous WAL shipping waits on the restart.
In-place cluster restore
Restore a cluster in place
- 1
Confirm every cluster member lives on the control plane (in-place restore is single-host only in this MVP).
- 2
Phase 1 Teardown: Temps removes every member, deleting DNS records, containers, and data volumes, while keeping the parent service row so the URL and credentials survive.
- 3
Phase 2 Pre-seed primary: a one-shot helper container runs wal-g backup-fetch and writes recovery.signal plus a restore_command.
- 4
Phase 3 Rebuild: initialize_cluster re-runs with the original member specs, PostgreSQL recovers from WAL, and replicas re-basebackup from the new primary.
Checkpoint: Run bunx @temps-sdk/cli services restore-runs --id 12 and confirm the run status is completed; application connections reconnect transparently once the cluster is back up.
An in-place restore of a cluster backup routes through ExternalServiceManager::restore_postgres_cluster. It first snapshots the existing member topology (names, ordinals, roles, node assignments), then runs in three phases:
| Phase | What it does |
|---|---|
| 1. Teardown | Removes every member: deletes DNS records, force-removes each container, removes each {container}_data volume, drops the role/VIP DNS records, and deletes the service_members rows. The parent external_services row is kept on purpose, so the service URL, credentials, and UI bookmarks survive. |
| 2. Pre-seed primary | Runs a one-shot helper container (same gotempsh/postgres-ha:18-bookworm-walg image, bind-mounting the primary's volume) that runs wal-g backup-fetch "$PGDATA" LATEST, writes recovery.signal, and writes a postgresql.auto.conf with restore_command = '. /var/lib/postgresql/walg-restore.env && wal-g wal-fetch %f %p'. |
| 3. Rebuild | Re-runs initialize_cluster with the original member specs. PostgreSQL recovers from WAL, pg_auto_failover rebuilds the cluster, and replicas re-basebackup from the new primary. |
Because container names derive deterministically from ordinal (postgres-<cluster>-<ordinal>) and the cluster connection string targets <cluster>.temps.local, the rebuilt cluster keeps the same names, ordinals, and DNS. Application connections reconnect transparently once the cluster is back up.
Single-host only in this MVP. If any cluster member has a node_id (i.e. it lives on a remote worker), an in-place restore is refused with: MVP: cluster restore is single-host only (no remote members yet). Move all members to the control plane or wait for the multi-host restore path. Move every member to the control plane first. This restriction applies only to restore — cluster backup has no single-host limitation. Restore is always to the latest backup; the point-in-time recovery_target argument is reserved but currently ignored.