Heroku

May 24, 2026

Connect Heroku to monitor your apps, dynos, and add-ons for compliance-relevant configuration and activity evidence.

What is Heroku?

Heroku is a cloud platform that makes it easy to deploy and run applications. If your organization uses Heroku to host services, this integration lets Imara collect evidence about your application configurations, team access, and deployment practices — all common requirements in security audits.

What Imara collects from Heroku

  • Application and dyno configurations
  • Team member access and permission levels
  • Add-on usage (databases, monitoring tools, log management)
  • Environment variable keys (values are never read or stored)
  • Pipeline and deployment configurations

Required permissions

Imara connects using a Heroku API token from an account with View (read-only) access to your team. Generate a token in Heroku → Account Settings → API Key.

How to connect

  1. In Heroku, go to Account Settings → API Key and copy your API key.
  2. In Imara, go to Integrations and select Heroku.
  3. Paste the API key and click Connect.
  4. Imara will validate the key and begin the initial sync.

Frameworks supported

SOC 2, ISO 27001.

What to expect

Imara maps your Heroku configuration to controls related to change management, access control, and deployment practices. Evidence is collected automatically and updated on each sync.

Heroku | Imara Documentation