Clanker CLI supports Tencent Cloud through the clanker tencent command tree, the clanker ask --tencent natural-language path, and Tencent maker plans. The implementation calls Tencent Cloud APIs directly through the Tencent SDK, so you do not need to install a separate Tencent CLI.
Configure credentials
Create a Tencent Cloud CAM credential with the permissions required for your workflow. Then use either environment variables:
export TENCENTCLOUD_SECRET_ID="AKID..."
export TENCENTCLOUD_SECRET_KEY="..."
export TENCENTCLOUD_REGION="ap-singapore"
or ~/.clanker.yaml:
tencent:
secret_id: "AKID..."
secret_key: "..."
region: ap-singapore
Clanker also supports the legacy aliases TENCENT_SECRET_ID, TENCENT_SECRET_KEY, and TENCENT_REGION. If no region is set, the fallback is ap-singapore.
Run inventory commands
Use direct commands when you want raw provider data:
clanker tencent list cvm
clanker tencent list vpc --region ap-singapore
clanker tencent list security-groups --all-regions
clanker tencent list tke --format json
Aliases are available too:
clanker tc list cvm
clanker tencentcloud regions
Supported inventory includes CVM, VPCs, subnets, security groups, MySQL/CDB, PostgreSQL, COS, TKE, CLB, EIP, CBS, SSL certificates, CAM users, Redis, MongoDB, CynosDB, CDN, EdgeOne, WAF, Anti-DDoS, NAT, VPN, CCN, Direct Connect, Cloud Monitor alarms, CLS topics, and Cloud Audit tracks.
Ask questions in natural language
Use --tencent when you want Clanker to gather Tencent Cloud context and answer against it:
clanker ask --tencent "What CVMs are running?"
clanker ask --tencent "Which security groups expose SSH to the internet?"
clanker ask --tencent "Show me TKE clusters and their node counts"
The context collector always includes CVM inventory and fetches additional Tencent services when the question asks for them.
Run security, expiry, TKE, and cost workflows
Security checks:
clanker tencent security public-exposure --region ap-singapore
clanker tencent security db-exposure --region ap-singapore
clanker tencent security cert-expiry --days 14
clanker tencent security all --region ap-singapore
TKE kubeconfig export:
clanker tencent kubeconfig cls-abc123 --region ap-singapore > ~/.kube/tencent
KUBECONFIG=~/.kube/tencent kubectl get nodes
Expiry and renewal checks:
clanker tencent expiry
clanker tencent expiry --regions=ap-singapore,ap-jakarta --threshold=14 --format=json
clanker tencent expiry --include-ssl --threshold=30
Billing commands:
clanker tencent cost by-product --month 2026-05
clanker tencent cost top --month 2026-05 --limit 20
clanker tencent cost vouchers
Billing APIs may require separate CAM permissions from inventory APIs.
Generate reviewed Tencent plans
Tencent Cloud is available in the maker pipeline:
clanker ask --maker --tencent "Create a VPC named clanker-demo in ap-singapore"
clanker ask --maker --tencent "Create a security group that allows HTTPS" > plan.json
clanker ask --apply --plan-file plan.json
Destructive actions are blocked unless you explicitly generate and apply with --destroyer:
clanker ask --maker --destroyer --tencent "Delete the unused test CVM"
clanker ask --apply --destroyer --plan-file plan.json
Run a local security and drift review
Use Clanker Cloud to inspect live cloud and Kubernetes state with local credentials, then review findings before any infrastructure change runs.