diff --git a/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql b/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql
new file mode 100644
index 00000000..102695f9
--- /dev/null
+++ b/cameleer-server-app/src/main/resources/db/migration/V11__outbound_connections.sql
@@ -0,0 +1,30 @@
+-- V11 — Outbound connections (admin-managed HTTPS destinations)
+-- See: docs/superpowers/specs/2026-04-19-alerting-design.md §6
+
+CREATE TYPE trust_mode_enum           AS ENUM ('SYSTEM_DEFAULT','TRUST_ALL','TRUST_PATHS');
+CREATE TYPE outbound_method_enum      AS ENUM ('POST','PUT','PATCH');
+CREATE TYPE outbound_auth_kind_enum   AS ENUM ('NONE','BEARER','BASIC');
+
+CREATE TABLE outbound_connections (
+  id                        uuid PRIMARY KEY,
+  tenant_id                 varchar(64) NOT NULL,
+  name                      varchar(100) NOT NULL,
+  description               text,
+  url                       text NOT NULL,
+  method                    outbound_method_enum NOT NULL,
+  default_headers           jsonb NOT NULL DEFAULT '{}',
+  default_body_tmpl         text,
+  tls_trust_mode            trust_mode_enum NOT NULL DEFAULT 'SYSTEM_DEFAULT',
+  tls_ca_pem_paths          jsonb NOT NULL DEFAULT '[]',
+  hmac_secret_ciphertext    text,
+  auth_kind                 outbound_auth_kind_enum NOT NULL DEFAULT 'NONE',
+  auth_config               jsonb NOT NULL DEFAULT '{}',
+  allowed_environment_ids   uuid[] NOT NULL DEFAULT '{}',
+  created_at                timestamptz NOT NULL DEFAULT now(),
+  created_by                uuid NOT NULL REFERENCES users(id),
+  updated_at                timestamptz NOT NULL DEFAULT now(),
+  updated_by                uuid NOT NULL REFERENCES users(id),
+  CONSTRAINT outbound_connections_name_unique_per_tenant UNIQUE (tenant_id, name)
+);
+
+CREATE INDEX outbound_connections_tenant_idx ON outbound_connections (tenant_id);