RUNBOOKS

Reusable templates. Safe defaults. Full audit trail.

Create parameterized templates for common operations, store them in Git, and let your team execute with validated inputs. Every run passes through guardrails, masking, and approval workflows automatically.

See runbooks in action →Get started free →
hoop

HOW IT WORKS

Template. Store. Configure. Execute.

Four steps from SQL file to validated, audited, production-safe operation.

01

Create template

Write a runbook template with placeholders for parameters. Use Go template syntax with built-in validation functions.

02

Store in Git

Commit templates to your Git repository. Hoop syncs automatically. Version control, code review, and branch protection apply.

03

Configure Hoop

Point Hoop to your repository with one CLI command or through the web UI. SSH key or token authentication.

04

Execute

Users select the runbook, fill in parameters through a validated form, and run. Guardrails, masking, and audit apply automatically.

Full lifecycle in action

hoop.dev
Runbooks
app.hoop.dev/runbooks
main
team/dba/ops/restart-service.runbook.sh
team/finops/sql/fetch-customer.runbook.sql
team/sre/k8s/rollout-deploy.runbook.sh
Git Sync
Select Runbook
Fill Parameters
Approval
Execute
Audit Trail

TEMPLATE SYNTAX

Go templates with built-in validation.

Parameters use {{ .parameter_name }} syntax. Chain functions with pipes for validation, type hints, and safe quoting.

Parameter Functions

FunctionDescriptionExample
descriptionHelp text for the inputdescription "Customer ID"
requiredError message if emptyrequired "This field is required"
defaultDefault value if not provideddefault "US"
typeInput type for UItype "number"
patternRegex validationpattern "^[0-9]+$"
optionsDropdown optionsoptions "active" "inactive"
squoteWrap value in single quotessquote
dquoteWrap value in double quotesdquote
asenvPass as environment variableasenv "DB_PASSWORD"

Input Types

textStandard text input
numberNumeric input
emailEmail validation
dateDate picker
timeTime picker
selectDropdown (use with options)

File Extensions

.runbook.sqlSQL queries
.runbook.shBash scripts
.runbook.pyPython scripts
.runbook.rbRuby scripts

Live preview

Template on the left, validated form on the right. Parameters update in real time.

Runbooks
Select runbook
Engineer writes
.runbook.sql
-- customer-lookup.runbook.sql
SELECT
customer_id, name, email, status
FROM customers
WHERE
customer_id = {{ .customer_id }}
Team runs
Waiting
Customer ID required
Access Review
Guardrails passed
Data masking on
Policy approved
Results
1 row · 42ms
IDNameEmailStatus
40192Acme Corpa●●●@acme.ioactive
Recorded·Audited·Masked

EXAMPLES

SQL, Bash, Python, Kubernetes. Any language.

SQLCustomer Lookup
customer-lookup.runbook.sql
SELECT
    customer_id, name, email, status, created_at
FROM customers
WHERE customer_id = {{ .customer_id
    | description "Customer ID"
    | required "Customer ID is required"
    | type "number"
    | squote }}
BashService Restart
restart-service.runbook.sh
#!/bin/bash
SERVICE_NAME={{ .service
    | description "Service to restart"
    | type "select"
    | options "nginx" "postgres" "redis" "myapp"
    | required "Service name is required" }}

echo "Restarting $SERVICE_NAME..."
sudo systemctl restart $SERVICE_NAME
sudo systemctl status $SERVICE_NAME
KubernetesScale Deployment
scale-deployment.runbook.sh
# {{ .namespace | description "Namespace" | default "default" | asenv "NAMESPACE" }}
# {{ .deployment | description "Deployment" | required | asenv "DEPLOYMENT" }}
# {{ .replicas | description "Replicas" | type "number" | required | asenv "REPLICAS" }}

kubectl scale deployment/$DEPLOYMENT \
    --replicas=$REPLICAS \
    --namespace=$NAMESPACE

kubectl rollout status deployment/$DEPLOYMENT \
    --namespace=$NAMESPACE
PythonData Export
export-report.runbook.py
# {{ .start_date | description "Start date (YYYY-MM-DD)" | required | asenv "START_DATE" }}
# {{ .end_date | description "End date (YYYY-MM-DD)" | required | asenv "END_DATE" }}
# {{ .format | type "select" | options "csv" "json" | default "csv" | asenv "FORMAT" }}

import os, pandas as pd

start = os.environ['START_DATE']
end = os.environ['END_DATE']
fmt = os.environ['FORMAT']
print(f"Exporting data from {start} to {end} as {fmt}")

PARALLEL EXECUTION

One runbook. Every connection. Simultaneously.

Execute the same runbook across multiple databases, clusters, or environments in parallel. One click. Full audit trail for each.

app.hoop.dev/runbooks
Parallel
Runbooks
Rotate DB Credentials
security
Scale Production Pods
kubernetes
Restart Service Fleet
operations
Flush Redis Cache
database
Select a runbook
Scales deployment replicas across selected resource roles
Parameters
Replicas
5
Namespace
production
Timeout
120s
Select Resources
prod-api-east-1
server
prod-api-east-2
server
prod-api-west-1
server
prod-db-primary
database
prod-db-replica-1
database
k8s-cluster-east
kubernetes
Execute Runbook
All resources completed
4/4
Scaled to 5 replicas across all selected clusters and servers
hoop.dev

SECURITY

Safe by default.

Input Validation

Use pattern to enforce regex on every parameter. Only numeric IDs, valid emails, or your custom format. Injection attempts rejected before execution.

Environment Variables

Use asenv to pass sensitive values as environment variables instead of inline. Passwords never appear in command strings or session logs.

Safe Quoting

squote and dquote properly escape and quote string values, preventing SQL injection in parameterized templates.

INTEGRATIONS

Works with everything.

FeatureHow it works with Runbooks
Access RequestsRunbook execution can require approval
GuardrailsRules apply to runbook-generated queries
Live Data MaskingResults are masked automatically
Session RecordingAll executions are recorded
Parallel ModeRun runbooks across multiple connections

WHO USES RUNBOOKS

Same template. Different teams. One audit trail.

A DBA creates the template once. Support, SREs, and on-call engineers execute with validated inputs. Every run recorded, every parameter logged, every result masked.

Runbooks
Template
E
Engineer writes
customer-lookup.runbook.sql
Template
-- customer-lookup.runbook.sql
SELECT customer_id, name, email, status
FROM customers
WHERE
customer_id = {{ .customer_id | required | type "number" }}
T
Team runs
No SQL knowledge needed
Form
Customer ID required · number
Returns
customer_idnameemailstatus
Access Review
Guardrails passed
Data masking enabled
Approved by policy
Results
1 row · 42ms
IDNameEmailStatus
40192Acme Corpa●●●@acme.ioactive
Recorded·Audited·Masked

ORGANIZATIONAL IMPACT

From automated workflows to compliance proof.

Every runbook execution generates an auditable event chain. Your compliance team gets continuous evidence that controls are not just defined but actively enforced across your infrastructure.

Approval workflows reduced from 47 min to 34 seconds
920 engineering hours returned per month at scale
Every runbook execution generates audit evidence
Approval Workflow ROILast 30 days
Manual Process
Engineer requests access0:00
Slack message to manager...
Manager sees notification+12 min
Escalation to security team+28 min
Manual review & approval+47 min
With Hoop
Command detected by gateway0:00
Slack notification sent+2s
Context + risk level shown+3s
One-click approve/reject+34s
1,200 approval cycles × 46 min saved = 0 hours returned to engineering

Stop retyping queries. Start sharing runbooks.

Connect your Git repository and give your team validated, audited templates in under 10 minutes.

Get a demo →Get started free →