Deploying Cased Shell on Heroku

How to get Cased Shell up and running in minutes on Heroku.


The following serves as a step-by-step guide on how to create a Heroku application that contains Cased Shell, a SSH daemon that authenticates against Heroku, and the Heroku CLI. The result allows you to use the Heroku CLI in a secure, auditable fashion.


  1. 1.
    Create a new Heroku app.
  2. 2.
    Create a new Cased Shell instance with a matching hostname. On the Settings tab, enable Certificate Authentication.
  3. 3.
    Fork and clone this repo.
  4. 4.
    Run the following commands to deploy Cased Shell to Heroku:
export APP_NAME=your-heroku-app-name
heroku git:remote -a $APP_NAME
heroku stack:set container
heroku labs:enable runtime-dyno-metadata
heroku config:add CASED_SHELL_HOSTNAME=$
heroku config:add CASED_SHELL_SECRET=<obtain from your Shell Instance's Settings tab on>
# Create a new Heroku OAuth client. Used to authenticate and authorize connections to the Heroku CLI.
heroku plugins:install heroku-cli-oauth
heroku clients:create "$" https://$
heroku config:add HEROKU_OAUTH_ID=<set to `HEROKU_OAUTH_ID` from command output above>
heroku config:add HEROKU_OAUTH_SECRET=<set to `HEROKU_OAUTH_SECRET` from command output above>
heroku config:add COOKIE_SECRET=`openssl rand -hex 32`
heroku config:add COOKIE_ENCRYPT=`openssl rand -hex 16`
git push heroku main
5. Open https://$ in your browser and login.

Configuring your shell

To change the prompts displayed by your shell, edit jump.yaml, commit, and push to Heroku. See for documentation covering the format of jump.yaml.