Novu operates in a multi environment setup. Currently Novu Supports 2 environments:

  • Development - This is the environment where the development team works on workflows.
  • Production - This is the environment that is used to trigger workflows to your customers.

Pushing changes to Cloud

Echo operates in a GitOps model. This means that the source of truth for your workflows and configurations are located in your Git as Code.

The general workflow for pushing changes to Cloud is as follows:

  • Create a feature branch
  • Develop workflows locally with Echo Studio
  • Sync changes to the Development environment to test e2e
  • Merge the feature branch to your dev branch
    • This will trigger a CI/CD pipeline that will deploy the changes to the Development environment
  • Test the changes in the Development environment
  • Merge the dev branch to the main branch
    • This will trigger a CI/CD pipeline that will deploy the changes to the Production environment


Novu Cloud workers will need to be able to communicated with your Echo Endpoint. You will need to ensure that your firewall rules allow traffic from the internet. Due to the autoscaling nature of Novu Cloud, we don’t have a set of IP Addresses that you can whitelist.


Novu Cloud workers are GDPR, SOC2 type II and ISO 27001 compliant. We take security very seriously and have implemented a number of security measures to ensure that your data is safe. The Echo SDK have a builtin security mechanism that ensures that the requests are authentic from Novu Cloud using an HMAC signature.

To enable HMAC Verification please enable on your Echo SDK

export const echo = new Echo({
  apiKey: YOUR_API_KEY,
  devModeBypassAuthentication: false,

For local development with Studio devModeBypassAuthentication should be set to true.

The X-Novu-Signature header included in each signed event contains a timestamp and one or more signatures that we verify. The timestamp is prefixed by t=, and each signature is prefixed by a scheme. Schemes start with v, followed by an integer. Currently, the only valid live signature scheme is v1.

Handling the signature verification is done by the Echo SDK, you don’t need to perform any action.

CI/CD Integrations

Novu currently supports the following CI integrations:

Direct integration with other CI/CD tools is on our roadmap. If you would like to see a specific CI/CD tool integrated, please reach out to us.