Skip to main content
Commands

vg dsn create

Generate HMAC-signed DSN tokens for authenticating dashboard uploads.

Overview

vg dsn create generates HMAC-signed DSN tokens for authenticating uploads to the Vibgrate Cloud API.

What is a DSN? A Data Source Name (DSN) is a secure token that identifies your workspace and authorizes scan uploads.


Usage

vg dsn create --workspace <id> [options]

Options

FlagRequiredDefaultDescription
--workspace <id>Your workspace ID (from dashboard)
--region <code>usData residency: us, eu
--ingest <url>Custom ingest URL (overrides region)
--write <path>Write DSN to a file

DSN Format

vibgrate+https://<key_id>:<secret>@<ingest_host>/<workspace_id>
ComponentDescription
key_idUnique identifier for the token
secretHMAC signing secret
ingest_hostRegional ingest endpoint
workspace_idYour workspace identifier

Examples

Create US Region DSN

vg dsn create --workspace ws-abc123

Output:

vibgrate+https://k_abc123:s_xyz789@us.ingest.vibgrate.com/ws-abc123

Create EU Region DSN

vg dsn create --workspace ws-abc123 --region eu

Write to File

vg dsn create --workspace ws-abc123 --write .vibgrate/.dsn

Warning: Add DSN files to .gitignore!

Custom Ingest Endpoint

# For self-hosted or enterprise deployments
vg dsn create \
  --workspace ws-abc123 \
  --ingest https://vibgrate.internal.company.com

Using the DSN

Environment Variable (Recommended)

# Set in CI secrets
export VIBGRATE_DSN="$(cat .vibgrate/.dsn)"

# Push uses it automatically
vg push

Command Line Flag

vg push --dsn "vibgrate+https://..."

Security Best Practices

PracticeRationale
🔐 Never commit DSNTokens contain secrets
🏢 Store in CI secretsGitHub Actions, Azure DevOps, GitLab
🔄 Rotate periodicallyQuarterly rotation recommended
🎯 Separate environmentsUse different DSNs for dev/staging/prod
📝 Track in secret managerHashiCorp Vault, AWS Secrets Manager

.gitignore Addition

# Vibgrate secrets
.vibgrate/.dsn
*.dsn

CI Setup Examples

GitHub Actions

name: Drift Scan
on: push

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Vibgrate
        env:
          VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
        run: npx @vibgrate/cli scan --push

GitLab CI

vibgrate-scan:
  image: node:22
  script:
    - npx @vibgrate/cli scan --push
  variables:
    VIBGRATE_DSN: $VIBGRATE_DSN

Related Commands

No live demo for this command

vg dsn create mints signed upload credentials (and can provision a workspace over the network), so it is not something we replay in the browser — and its output is secret. The usage above shows the flags.

Related Documentation

Related Help Articles