# Deploying to the Onchain Registry
Source: https://docs.chain.link/cre/guides/operations/deploying-to-onchain-registry
Last Updated: 2026-05-06
> For the complete documentation index, see [llms.txt](/llms.txt).
> **NOTE: Early Access required**
>
> Workflow deployment is currently in Early Access. Run `cre account access` or visit app.chain.link/cre/request-access to submit a request. See [Requesting Deploy Access](/cre/account/deploy-access) for details.
The **public onchain registry** is the Workflow Registry contract on Ethereum Mainnet. Deploying to it records your workflow onchain — your linked wallet address becomes the workflow owner and every lifecycle operation (deploy, activate, pause, update, delete) submits a transaction to that contract.
For a lower-friction alternative that requires no wallet or gas for registry management, see [Deploying to the Private Registry](/cre/guides/operations/deploying-to-private-registry).
## Prerequisites
Before deploying to the onchain registry, ensure you have:
- **Early Access approval**: Run `cre account access` to check your status or submit a request. See [Requesting Deploy Access](/cre/account/deploy-access).
- **[Authenticated](/cre/reference/cli/authentication)**: Logged in via `cre login` or using an [API key](/cre/reference/cli/authentication#api-key-authentication) (`CRE_API_KEY`). To verify, run `cre whoami`.
- **[Linked your key](/cre/organization/linking-keys)**: Linked your EOA or multi-sig wallet to your CRE organization by running `cre account link-key`. See [Linking Wallet Keys](/cre/organization/linking-keys) for instructions.
- **A funded wallet**: The account you are deploying from must hold ETH on Ethereum Mainnet to pay gas for the registration transaction.
- **`CRE_ETH_PRIVATE_KEY` in your `.env`**: Your wallet's private key, used by the CLI to sign registry transactions.
- **An Ethereum Mainnet RPC URL in `project.yaml`**: Required for the CLI to submit transactions. Example: `https://ethereum-rpc.publicnode.com`.
- **A workflow project**: An existing project created with `cre init`. See [Part 1: Project Setup](/cre/getting-started/part-1-project-setup-ts) for the TypeScript guide or [Go guide](/cre/getting-started/part-1-project-setup-go).
## The deployment process
The `cre workflow deploy` command handles the entire end-to-end process:
1. **Compiles** your workflow to a WASM binary.
2. **Uploads** the compiled binary and any associated configuration files to the CRE Storage Service.
3. **Registers** the workflow onchain by submitting a transaction to the Workflow Registry contract on Ethereum Mainnet. Your wallet must have ETH for gas fees, and your `project.yaml` must include an RPC configuration for `ethereum-mainnet`. The transaction contains the workflow's name, owner, and artifact URLs.
> **CAUTION: Early Access: Disclaimer**
>
> Chainlink Runtime Environment (CRE) deployment is in the "Early Access" stage of development, which means that CRE currently has functionality which is under development and may be changed in later versions. By using CRE, you expressly acknowledge and agree to accept the Chainlink Terms of Service, which provides important information and disclosures.
### Step 1: Ensure your configuration is correct
Before deploying, ensure your `workflow.yaml` file is correctly configured. The `workflow-name` field is required under the `user-workflow` section for your target environment.
When you run `cre init`, the wizard prompts you to select a deployment registry after entering your workflow name. Selecting `onchain:ethereum-mainnet` writes `deployment-registry: "onchain:ethereum-mainnet"` into the generated `workflow.yaml` automatically. If you chose the onchain registry during init, your config is already set.
If you initialized without selecting a registry, or are adding a new target, add `deployment-registry: "onchain:ethereum-mainnet"` explicitly. The field is optional — when omitted the CLI defaults to onchain — but setting it is recommended to make the intent clear.
```yaml
# workflow.yaml
production-settings:
user-workflow:
workflow-name: "my-workflow-production"
deployment-registry: "onchain:ethereum-mainnet"
workflow-artifacts:
workflow-path: "./main.ts" # Go: "."
config-path: "./config.production.json"
secrets-path: ""
```
If you are deploying from a **multi-sig wallet**, specify your multi-sig address in the `workflow-owner-address` field. If deploying from a standard EOA, leave this field out — the owner is automatically derived from `CRE_ETH_PRIVATE_KEY` in your `.env` file.
For more details on configuration, see the [Project Configuration](/cre/reference/project-configuration) reference.
### Step 2: Run the deploy command
**From your project root directory**, run the `deploy` command with the path to your workflow folder:
```bash
cre workflow deploy [flags]
```
Example command targeting the `production-settings` environment:
```bash
cre workflow deploy my-workflow --target production-settings
```
**Available flags:**
| Flag | Description |
| ---------------- | --------------------------------------------------------------------------------------- |
| `--target` | Sets the target environment from your configuration files (e.g., `production-settings`) |
| `--output` | The output file for the compiled WASM binary (default: `"./binary.wasm.br.b64"`) |
| `--wasm` | Path to a pre-built WASM binary (skips compilation). Useful in CI/CD pipelines |
| `--config` | Override the config file path from `workflow.yaml` |
| `--no-config` | Deploy without a config file |
| `--unsigned` | Return the raw transaction instead of broadcasting it (for multi-sig wallets) |
| `--yes` | Skip confirmation prompts and proceed with the operation |
| `--project-root` | Path to the project root directory |
| `--env` | Path to your `.env` file (default: `".env"`) |
| `--verbose` | Enable verbose logging to print `DEBUG` level logs |
### Step 3: Monitor the output
The CLI provides detailed logs of the compilation, upload, and the onchain registration transaction:
```bash
> cre workflow deploy my-workflow --target production-settings
Deploying Workflow : my-workflow
Target : production-settings
Owner Address :
Compiling workflow...
Workflow compiled successfully
Verifying ownership...
Workflow owner link status: owner=, linked=true
Key ownership verified
Uploading files...
✔ Loaded binary from: ./binary.wasm.br.b64
✔ Uploaded binary to: https://storage.cre.example.com/artifacts//binary.wasm
✔ Loaded config from: ./config.json
✔ Uploaded config to: https://storage.cre.example.com/artifacts//config
Preparing deployment transaction...
Preparing transaction for workflowID:
Transaction details:
Chain Name: ethereum-mainnet
To: 0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
Function: UpsertWorkflow
Inputs:
[0]: my-workflow
[1]: my-workflow
[2]:
[3]: 0
[4]: zone-a
[5]: https://storage.cre.example.com/artifacts//binary.wasm
[6]: https://storage.cre.example.com/artifacts//config
[7]: 0x
[8]: false
Data: b377bfc50000000000000000000000000000000000...
Estimated Cost:
Gas Price: 0.00100001 gwei
Total Cost: 0.00000079 ETH
? Do you want to execute this transaction?:
▸ Yes
No
Transaction confirmed
View on explorer: https://etherscan.io/tx/0x58599f6...d916b
✓ Workflow deployed successfully
Details:
Registry: onchain:ethereum-mainnet
Contract address: 0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5
Transaction hash: 0x58599f6...d916b
Workflow Name: my-workflow
Workflow ID:
Binary URL: https://storage.cre.example.com/artifacts//binary.wasm
Config URL: https://storage.cre.example.com/artifacts//config
```
## Verifying your deployment
After a successful deployment, verify your workflow was registered correctly:
1. **CLI**: Run [`cre workflow list`](/cre/reference/cli/workflow#cre-workflow-list) to see every workflow registered to your organization and its current status.
2. **CRE UI**: View your deployed workflow in the [CRE platform](https://app.chain.link/cre/discover). Navigate to the **Workflows** section to see the workflow's status, ID, and execution history.
3. **Block Explorer**: The CLI output includes the transaction hash. The `WorkflowRegistry` contract is deployed on **Ethereum Mainnet** at `0x4Ac54353FA4Fa961AfcC5ec4B118596d3305E7e5`.
## CI/CD pipeline integration
The `cre workflow build` and `cre workflow deploy` commands can run as independent steps, making it straightforward to integrate CRE deployments into CI/CD pipelines.
The separation gives you two key benefits:
- **Build once, deploy many times** — Compile your workflow to a WASM binary in a build step, then promote that exact binary to staging and production without recompiling. This ensures the artifact you tested is the artifact you deploy.
- **Verify before deploying** — Use `cre workflow hash` after building to record and verify content hashes before submitting a deployment transaction.
### Example: GitHub Actions
The following example shows a two-job pipeline: a `build` job that compiles and uploads the WASM artifact, and a `deploy` job that downloads and deploys that exact binary.
```yaml
# .github/workflows/deploy.yml
name: Deploy Workflow
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install CRE CLI
run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh
- name: Build workflow
run: cre workflow build ./my-workflow --output ./my-workflow/binary.wasm --non-interactive
env:
CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
- name: Display content hashes
run: cre workflow hash ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --non-interactive
env:
CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: workflow-binary
path: ./my-workflow/binary.wasm
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install CRE CLI
run: curl -sSL https://github.com/smartcontractkit/cre-cli/releases/latest/download/install.sh | sh
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: workflow-binary
path: ./my-workflow
- name: Deploy workflow
run: cre workflow deploy ./my-workflow --wasm ./my-workflow/binary.wasm --target production-settings --yes --non-interactive
env:
CRE_API_KEY: ${{ secrets.CRE_API_KEY }}
CRE_ETH_PRIVATE_KEY: ${{ secrets.CRE_ETH_PRIVATE_KEY }}
INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
```
> **NOTE: API key authentication**
>
> Use `CRE_API_KEY` for non-interactive authentication in CI/CD pipelines instead of `cre login`, and pass `--non-interactive` so commands fail instead of prompting. Create an API key from the CRE platform under **Organization → APIs**. See [Authentication](/cre/reference/cli/authentication#api-key-authentication) for setup instructions.
> **NOTE: RPC URLs in CI/CD**
>
> Use `${VAR_NAME}` syntax in your `project.yaml` RPC URLs to inject secrets from your CI/CD environment. See [Environment variable interpolation in RPC URLs](/cre/reference/project-configuration#environment-variable-interpolation-in-rpc-urls) for details.
## Using multi-sig wallets
The `deploy` command supports multi-sig wallets through the `--unsigned` flag. When using this flag, the CLI generates raw transaction data that you can submit through your multi-sig wallet interface instead of sending the transaction directly.
For complete setup instructions, configuration requirements, and step-by-step guidance, see [Using Multi-sig Wallets](/cre/guides/operations/using-multisig-wallets).
## Next steps
- [Deploying Workflows](/cre/guides/operations/deploying-workflows) — Registry overview and comparison
- [Activating & Pausing Workflows](/cre/guides/operations/activating-pausing-workflows) — Control workflow execution state
- [Monitoring Workflows](/cre/guides/operations/monitoring-workflows) — Track your workflow's execution and performance
- [Updating Deployed Workflows](/cre/guides/operations/updating-deployed-workflows) — Deploy new versions of your workflow
- [Using Multi-sig Wallets](/cre/guides/operations/using-multisig-wallets) — Multi-sig wallet setup and transaction signing