Private Hub
The Orvanta Hub is the community website for sharing Scripts, Flows, Apps and Resource types. On Enterprise Edition and Whitelabelling plans, you can deploy your own Private Hub to control which items are approved and shared within your Orvanta instances.
Docker
Section titled “Docker”- Clone the Private Hub repository
- Configure the
.envfile with database password, Orvanta instance URL, and license key - Run
docker-compose up -dto start the hub and database - Update the hub base URL in instance settings to point to your Private Hub
If users access Orvanta from different URLs (internal vs. public), set APP_ACCESSIBLE_URL in the .env file so the Hub redirects correctly.
The docker-compose.yml and Caddyfile include commented examples for enabling HTTPS via Let’s Encrypt or custom certificates.
Kubernetes
Section titled “Kubernetes”Helm chart values support deploying the Private Hub in Kubernetes clusters.
Authentication requirements
Section titled “Authentication requirements”Authentication happens through the Orvanta instance. Both services must share the same root domain (e.g., orvanta.example.com and hub.example.com). Set the COOKIE_DOMAIN environment variable on the Orvanta server to the root domain. Log out and back in after making this change.
Custom CA certificates
Section titled “Custom CA certificates”For self-signed or internal CA certificates, set NODE_EXTRA_CA_CERTS environment variable and mount the certificate file.
Docker example:
environment: - NODE_EXTRA_CA_CERTS=/certs/ca.pemvolumes: - ./certs/ca.pem:/certs/ca.pem:roDebugging
Section titled “Debugging”- Enable debug logs with
DEBUG_LOG=true - Access the debug page at
/debugfor configuration and status information - Share logs and debug output with Orvanta support if needed
Multiple Orvanta instances
Section titled “Multiple Orvanta instances”A single Private Hub can serve multiple instances. Designate one as the main instance for authentication. Additional instances simply configure their hub base URL — no further setup required.
Restricting access
Section titled “Restricting access”Set the API_SECRET environment variable on the Hub. Configure the same value in instance settings under “Private Hub api secret” to restrict access to logged-in users or requests with the X-api-secret header.
First steps
Section titled “First steps”Script asks and versions
Section titled “Script asks and versions”Scripts organize around “script asks” containing:
- Summary: what the script does
- Integration: folder/category (use
snake_case)
Each ask has one approved version available on connected instances.
Submit, approve, and edit scripts
Section titled “Submit, approve, and edit scripts”- Click + Add then Submit a new script to create a new ask and version
- Navigate to the script and click Approve to make it available across instances
- Use Edit to modify code; new versions require re-approval
- Previously used versions remain available with unique IDs
Search availability
Section titled “Search availability”After approving scripts, search results update with delays:
- Hub search: up to 1 hour
- Orvanta instance search: up to 1 day
Local syncing
Section titled “Local syncing”Use the CLI with environment variables:
HUB_URL: your Private Hub URLTOKEN: superadmin user token
Commands: orvanta-hub pull and orvanta-hub push
To sync with the public Hub, use orvanta-hub wm-pull to fetch public scripts, remove unwanted integrations, then push to your Private Hub.
Hub scripts search and embeddings
Section titled “Hub scripts search and embeddings”Vector search uses embeddings computed hourly by the Hub and fetched daily by Orvanta instances.
Configure frequencies with environment variables:
EMBEDDINGS_REFRESH_INTERVAL_SECSon Hub (minimum 3600 seconds recommended)HUB_EMBEDDINGS_PULLING_INTERVAL_SECSon Orvanta server(s)