Back to plugin list


The CloudQuery Heroku plugin extracts your Heroku data and loads it into any supported CloudQuery destination



Latest version




Date Published

Price per 1M rows

Starting from $15

monthly free quota

1M rows

Set up process #

brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync heroku.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview #

The CloudQuery Heroku plugin extracts your Heroku data and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Example Configuration #

kind: source
  name: heroku
  path: cloudquery/heroku
  registry: cloudquery
  version: "v5.7.1"
  tables: ["*"]
  destinations: ["postgresql"]

    # required
    token: "${HEROKU_TOKEN}"

Authentication #

The CloudQuery Heroku plugin requires an OAuth token. After creating it, you will need to copy the token into your heroku.yml file.
The value can also be exported as an environment variable (e.g. HEROKU_TOKEN), and used like this:
   token: ${HEROKU_TOKEN}

Option 1: Generate a token with the Heroku CLI #

A token can be generated using the Heroku CLI.
  1. Install the Heroku CLI: Follow the official instructions to install the Heroku CLI.
  2. Generate an OAuth token: With the Heroku CLI installed, use your terminal to run:
heroku authorizations:create --short --description="CloudQuery token" --scope="read,identity"
(For additional options for this command, such as expiry, see the Heroku CLI commands documentation)

Option 2: Generate a token with the Heroku API #

It is also possible to manage OAuth tokens directly through the Heroku API. For more information, see the Heroku documentation.

A Note about OAuth Scopes #

CloudQuery needs to be authenticated with your Heroku account's token in order to fetch information about your Heroku resources. CloudQuery requires only read permissions (we will never make any changes to your Heroku account or apps). Following the principle of least privilege, it is recommended to grant it read-only permissions. The --scope="read,identity" parameter suggested above achieves this.
However, certain Heroku resources require a global scope, even for reading. At the time of writing, these resources are:
  • app_webhook_deliveries
  • app_webhook_events
  • app_webhooks
  • credits
  • invoices
  • keys
  • oauth_authorizations
  • oauth_clients
  • permission_entities
  • team_features
  • team_invitations
  • team_invoices
  • team_members
  • team_spaces
If you are interested in fetching any of these resources, a global scope will be necessary. See the Heroku documentation for more information about OAuth scopes on Heroku.

Configuration Reference #

This is the (nested) spec used by the Heroku source plugin.
  • token (string) (required)
Heroku API token. See the Authentication section on how to generate it.
  • concurrency (integer) (optional) (default: 10000)
Number of resources to sync in parallel.

© 2024 CloudQuery, Inc. All rights reserved.