Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Rails Support
      • Working with Bundler
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with the Play Framework
      • Java Advanced Topics
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
    • Kotlin
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
    • Single Sign-on (SSO)
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Deployment
  • ›
  • Deployment Integrations
  • ›
  • Slug Checksums

Slug Checksums

Last updated 12 September 2017

Table of Contents

  • Supported algorithms
  • Computing and setting a checksum
  • Reading a checksum

Checksum verification is currently only supported by apps in Private Spaces.

To protect the integrity of slugs on the Heroku Platform, slug metadata includes a checksum. The checksum is automatically calculated and set for slugs when deploying with Git; however, the checksum can also be manually set when creating slugs via the Platform API. When releasing a slug with a checksum, the checksum is verified before the dyno is launched. If the verification fails, an R17 error will occur and the dyno will be blocked from starting.

Supported algorithms

Currently, only the SHA256 algorithm is supported.

Computing and setting a checksum

The checksum is automatically calculated and set for slugs when deploying with Git. When creating a slug directly with the Platform API, the checksum can be computed and manually set for the slug. After creating the compressed slug file, use a tool such as shasum to compute the checksum:

$ shasum --algorithm 256 slug.tgz
f34f97e65fd1f78cdab0a8c8552bd82c67441a08303e4b479f8824e5a8ec9b13  slug.tgz

The Heroku checksum format is <ALGORITHM> ":" <VALUE>. For example, the checksum computed above should be formatted as SHA256:f34f97e65fd1f78cdab0a8c8552bd82c67441a08303e4b479f8824e5a8ec9b13.

The checksum is then included in the request to create the slug:

$  curl -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/vnd.heroku+json; version=3' \
-d '{"process_types":{"web":"bin/web"}, "checksum":"SHA256:f34f97e65fd1f78cdab0a8c8552bd82c67441a08303e4b479f8824e5a8ec9b13"}' \
-n https://api.heroku.com/apps/example/slugs

Reading a checksum

The read the checksum of an existing slug via Platform API:

$  curl -X GET \
-H 'Accept: application/vnd.heroku+json; version=3' \
-n https://api.heroku.com/apps/example/slugs/$SLUG_ID
{
  ...
  "checksum":"SHA256:f34f97e65fd1f78cdab0a8c8552bd82c67441a08303e4b479f8824e5a8ec9b13",
  ...
}

Keep reading

  • Deployment Integrations
  • Deploying with Git
  • Creating Slugs from Scratch
  • Slug Compiler

Feedback

Log in to submit feedback.

GitHub Integration (Heroku GitHub Deploys)Using Terraform with Heroku

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies