Clanker Cloud is a local-first desktop app for infrastructure operations. Tencent Cloud support means you can use the app as the workspace for questions about CVM, VPC, security groups, databases, COS, TKE, CLB, EIPs, CBS volumes, SSL certificates, CAM users, Redis, MongoDB, CynosDB, CDN, EdgeOne, WAF, Anti-DDoS, Cloud Monitor, CLS, and Cloud Audit.
The important part is the trust boundary. Tencent credentials stay on the machine running Clanker Cloud. The Tencent implementation is powered by the open-source Clanker engine and talks to Tencent Cloud APIs directly through the Tencent SDK, so you do not need a separate Tencent CLI just to give the app context.
1. Create a Tencent Cloud CAM credential
Create a CAM user or role credential with the least privilege needed for the job. Read-only permissions are enough for inventory, security review, cost questions, and topology context. Maker workflows need the specific create, update, or delete permissions required by the reviewed plan.
Configure the machine that runs Clanker Cloud with Tencent credentials:
export TENCENTCLOUD_SECRET_ID="AKID..."
export TENCENTCLOUD_SECRET_KEY="..."
export TENCENTCLOUD_REGION="ap-singapore"
You can also use ~/.clanker.yaml:
tencent:
secret_id: "AKID..."
secret_key: "..."
region: ap-singapore
If you launch the desktop app from a GUI and shell environment variables are not visible to it, use the config file path. Do not paste Tencent secrets into chat.
2. Ask Clanker Cloud about Tencent Cloud
Once credentials are available locally, use Clanker Cloud for grounded infrastructure questions:
- "What Tencent CVM instances are running in ap-singapore?"
- "Which security groups expose SSH, RDP, MySQL, PostgreSQL, Redis, or MongoDB to the internet?"
- "Show me TKE clusters, node counts, and kubeconfig next steps."
- "Find idle EIPs, unencrypted CBS volumes, expiring SSL certificates, and Cloud Audit gaps."
- "Summarize Tencent Cloud spend by product for this month."
Clanker Cloud gathers live provider context before answering, so the response is anchored in the resources the credential can see. If one Tencent service is missing permission, the rest of the context can still be useful and the missing service should show up as a warning rather than silently becoming a guess.
3. Use the app for review-first operations
The practical workflow is read first, plan second, apply only after review. For example, you can ask Clanker Cloud to inspect public exposure, explain why a TKE workload is failing, or draft a Tencent Cloud change plan. High-impact changes should remain explicit and reviewed before anything touches production.
This works well for teams that run Tencent Cloud alongside AWS, GCP, Azure, Kubernetes, Cloudflare, GitHub, Hetzner, Railway, or model-provider workflows. The app gives you one local control surface while the credentials and API calls stay local.
4. When to drop to the CLI
For automation, scripts, cron, or raw JSON output, use the CLI directly:
clanker tencent list cvm --region ap-singapore
clanker tencent security all --region ap-singapore
clanker ask --tencent "Which Tencent resources look risky?"
The full command reference is in the Tencent Cloud CLI docs: https://docs.clankercloud.ai/cli/cloud/tencent
Run a local security and drift review
Use Clanker Cloud to inspect live cloud and Kubernetes state with local credentials, then review findings before any infrastructure change runs.