Hey Team,

A lot shipped this cycle. Kubernetes 1.34 and 1.35 upgrades are fully complete across production clusters, closing out the first half of 2026 on the infrastructure side. On the product side, this release is largely about giving teams more control: over how secrets are managed, over how DNS and certificates are provisioned, and over how the AI Copilot interacts with live infrastructure.

🤖 RDE: Simplified Chat Interface

This one was built together with our customers, and it shows. The preview has been redesigned with non-developers in mind: cleaner toolbar, editable URL field, friendlier empty states, and a one-click "Start preview" CTA when Chat is open. The port selector defaults to your main application automatically, with internal ports accessible by friendly name.

RDE simplified chat interface
RDE simplified chat interface

The in-app Chat tab is now deeply integrated with the editor, with tool chips for common operations, full Markdown rendering, drag-and-drop attachment support including images, and conversations persisted per environment with a 2-day TTL.

Blueprints now support user inputs. Before an environment starts, you can define fields that users fill in to customize it for their specific needs. The same blueprint can serve different use cases without requiring separate configurations for each one, which makes blueprints significantly more useful as a self-service primitive across your organization.

Blueprint user inputs
Blueprint user inputs

🔐 Secret Manager Integration

Production secrets belong in your secret manager. They should not be copied into your deployment platform, manually rotated in two places, or accessible to systems that only need to reference them. Most teams end up in that situation anyway, because their tooling leaves no better option.

Environment variables can now reference a secret stored in your own secret manager directly. The value is fetched at deploy time and injected into the running application. The secret never leaves your cloud boundary, every binding is recorded in the Qovery audit trail, and rotation continues to work exactly as you configured it in your secret manager.

This also closes a real gap for agentic workflows. An agent deploying an application specifies which secret path to use, Qovery resolves the value at deploy time, and the credential never enters the agent's context. The governance properties hold regardless of who or what triggered the deployment.

Read the full announcement

🌐 DNS Provider Selection

Your domain infrastructure already exists. Qovery now connects to it directly rather than asking you to work around it. Bring your Cloudflare or Route53 account, and Qovery will generate domains and provision valid TLS certificates automatically via Let's Encrypt DNS challenge, with no manual steps and no certificate drift. For teams that prefer Qovery to manage DNS entirely, that option remains the default.

Available on Business and Enterprise plans.

DNS provider selection
DNS provider selection

🛡️ AI Copilot: Write Action Confirmation

The AI Copilot is designed to operate within your governance boundaries, not around them. In read-write mode, it now requires explicit confirmation before executing any write action, giving you a review moment for every mutating operation before it happens.

By default, the Copilot operates under the permissions of the authenticated user. If you need tighter boundaries, you can scope its access further using a dedicated token, independently of what the user themselves can do. See how to restrict Copilot access by role.

AI Copilot write action confirmation
AI Copilot write action confirmation

🚀 Kubernetes 1.34 and 1.35 Upgrades Complete

The upgrade cycle for Qovery-managed clusters is done. The final production clusters moved to 1.35 on Monday June 15. The full plan is available in the upgrade changelog. The next upgrades, to 1.36 and 1.37, are planned for end of year and we will share timelines as soon as they are confirmed.

⏭️ Coming Soon

The Qovery agent integration for Linear is landing soon. From a Linear ticket, you will be able to spin up a sandboxed environment directly on your infrastructure, with the ticket context already loaded. Your coding agent runs inside that sandbox, and you interact with it without leaving Linear. The execution stays on your infrastructure, the context comes from your ticket, and the workflow stays in your issue tracker.

If you want to try it early, reach out to your CSM or contact us.

🛠️ Minor updates

  • PostgreSQL 18 container image support. PostgreSQL 18 is now available as a container image for new database services.
  • Skip git submodule clone during builds. A new advanced setting lets you skip submodule cloning at build time, useful for repositories with large or inaccessible submodules. See the advanced settings docs.

The Secret Manager integration is the one to act on if your team is in the middle of a compliance review or planning one. Setup is a one-time operation at the cluster level and it closes the biggest gap teams hit when security audits start asking about secret provenance.

Talk soon, The Qovery Team 🚀