Learn more about our native MCP
Deployments

Security

Access control, permissions, and credential protection for the Deployment module.

The Deployment module uses Directus native permissions to control access. This works the same way as other built-in modules like Flows and Insights.

Access Control

The Deployment module is visible to any user with read access on the directus_deployments collection. All operations are enforced through standard Directus permissions, so users can only perform actions their role allows.

Permissions

Deployment permissions are spread across three system collections:

  • directus_deployments
  • directus_deployment_projects
  • directus_deployment_runs

Configure them through Settings > Access Policies.

The table below maps each user action to the permissions it requires.

ActionRequired PermissionsFilterable Fields
View projects and dashboard• Read on directus_deployments
• Read on directus_deployment_projects		provider, name
Trigger a deployment• Read on directus_deployments
• Read on directus_deployment_projects
• Create on directus_deployment_runs		project
View deployment history and logs• Read on directus_deployments
• Read on directus_deployment_projects
• Read on directus_deployment_runs		project, status
Cancel a deployment• Read on directus_deployments
• Read on directus_deployment_projects
• Update on directus_deployment_runs		project
Manage project selection• Read on directus_deployments
• Create/Delete on directus_deployment_projects		name
Update provider settings• Read + Update on directus_deploymentsprovider
Delete provider integration• Read + Delete on directus_deploymentsprovider

Scoping with Filters

Each permission can include access policy filters to limit what a user can see or do within that collection. This is useful for restricting roles to a specific provider or set of projects.

For example:

  • Filter provider = vercel on directus_deployments to give a role access to Vercel deployments only
  • Filter name on directus_deployment_projects to limit access to specific projects by name

When filtering by provider or project, apply matching filters across all three collections to keep access consistent.

Credential Protection

Provider API tokens (Vercel Personal Access Token, Netlify Personal Access Token) are:

  • Encrypted at rest in the database
  • Masked in the UI so they cannot be read back after saving
  • Restricted to users with Update access on directus_deployments through the integration settings

Best Practices

  1. Use appropriate roles - give users only the permissions they need
  2. Separate deployment roles - create a dedicated access policy for deployment users rather than granting broad admin access
  3. Test in development - verify your permission setup before applying to production

Next Steps

Vercel Integration

Set up and configure the Vercel integration.

Netlify Integration

Set up and configure the Netlify integration.

Get once-a-month release notes & real‑world code tips...no fluff. 🐰

Overview

Trigger, monitor, and manage frontend deployments directly from Directus.

AI + Directus

Use AI to interact with Directus - either through the built-in AI Assistant or by connecting external AI tools via MCP.