One command
Add DigitalOcean to any Ashlr Stack project with a single command. Stack runs the auth flow, verifies the credential, and writes every secret slot into Phantom.
stack add digitalocean
Or describe what you're building and let Claude pick it up via stack recommend:
stack recommend "raw cloud infrastructure for scale"Auth flow
Paste a personal access token (PAT) once. Stack verifies it against the provider's API before writing to Phantom.
How-to: Create a personal access token at https://cloud.digitalocean.com/account/api/tokens.
Secret slots
stack add digitalocean writes these 1 secret
slot into your Phantom vault:
DIGITALOCEAN_TOKEN
The values never leave Phantom in plaintext. Your .env file references slot
names, and stack exec -- <cmd> swaps them in at process-spawn time via
Phantom's local proxy.
Related providers in Cloud
- AWS — S3, Lambda, RDS. IAM access keys stored in Phantom.
- GCP — Google Cloud Platform. Service-account JSON + project ID stored in Phantom.
- Hetzner — Affordable European cloud servers. API token verified via /v1/locations.
FAQ
Do I need a DigitalOcean account to use it with Stack?
Yes — Stack provisions DigitalOcean on your behalf, but it authenticates as you. Paste a personal access token (PAT) once. Stack verifies it against the provider's API before writing to Phantom. If you don't have a credential yet, create one at https://cloud.digitalocean.com and paste it once.
Where does Stack store my DigitalOcean credentials?
In Phantom Secrets, an E2E-encrypted local vault. Stack writes the secret slot names (DIGITALOCEAN_TOKEN) into .stack.toml — the actual values live only in Phantom and never touch disk in plaintext.
Can I rotate or revoke this integration later?
Yes. Run `stack remove digitalocean` to pull the DigitalOcean service back out (Phantom secrets deleted, MCP entry removed, .stack.toml cleaned up). Rotate the underlying DigitalOcean credentials in their dashboard — https://cloud.digitalocean.com — and Stack's next `doctor --fix` will pick up the new values.