Connecting an existing server

You don't have to let LaunchPad provision a new Hetzner server — you can connect any Linux server you already run. LaunchPad talks to it over SSH for deploys, databases, backups, and health checks.

Prerequisites

• A Linux server with Docker installed and running. Connecting verifies Docker and fails with a clear error if it's missing — LaunchPad installs Docker only on servers it provisions itself.
• Root SSH access (or a user with full Docker and system access). Deploys, database provisioning, and maintenance scans all run over this connection.
• An unencrypted private key. Paste the private key contents into the form. Passphrase-protected keys can't be used for unattended operations — generate a dedicated key with ssh-keygen -t ed25519 -N "" and add its public half to the server's authorized_keys.
• A reachable IPv4 address with the SSH port open to the LaunchPad host.

What happens when you connect

1. LaunchPad opens an SSH session and pins the server's host key (trust-on-first-use; a changed key later is refused and flagged).
2. It verifies Docker is installed and running.
3. It detects CPU, memory, and disk specs.
4. It scans for existing Kamal-deployed apps and Docker resources, so anything already running shows up as imported inventory.

What LaunchPad will and won't change

• Connecting is read-only apart from host-key pinning — nothing is installed or reconfigured.
• Maintenance scans are opt-in per server; automatic security patching stays off until you enable it.
• Provisioned servers (created via your Hetzner token) are the ones LaunchPad bootstraps with Docker, UFW, fail2ban, and swap.

Credentials and security

The private key is encrypted at rest with AES-256 (Active Record Encryption) and only used server-side to open SSH sessions. You can also store per-server Backblaze credentials if this server's backups should land in a different bucket than your default.