Overview
vg dsn create generates HMAC-signed DSN tokens for authenticating uploads to the Vibgrate Cloud API.
What is a DSN? A Data Source Name (DSN) is a secure token that identifies your workspace and authorizes scan uploads.
Usage
vg dsn create --workspace <id> [options]
Options
| Flag | Required | Default | Description |
|---|---|---|---|
--workspace <id> | ✅ | — | Your workspace ID (from dashboard) |
--region <code> | us | Data residency: us, eu | |
--ingest <url> | — | Custom ingest URL (overrides region) | |
--write <path> | — | Write DSN to a file |
DSN Format
vibgrate+https://<key_id>:<secret>@<ingest_host>/<workspace_id>
| Component | Description |
|---|---|
key_id | Unique identifier for the token |
secret | HMAC signing secret |
ingest_host | Regional ingest endpoint |
workspace_id | Your workspace identifier |
Examples
Create US Region DSN
vg dsn create --workspace ws-abc123
Output:
vibgrate+https://k_abc123:s_xyz789@us.ingest.vibgrate.com/ws-abc123
Create EU Region DSN
vg dsn create --workspace ws-abc123 --region eu
Write to File
vg dsn create --workspace ws-abc123 --write .vibgrate/.dsn
Warning: Add DSN files to .gitignore!
Custom Ingest Endpoint
# For self-hosted or enterprise deployments
vg dsn create \
--workspace ws-abc123 \
--ingest https://vibgrate.internal.company.com
Using the DSN
Environment Variable (Recommended)
# Set in CI secrets
export VIBGRATE_DSN="$(cat .vibgrate/.dsn)"
# Push uses it automatically
vg push
Command Line Flag
vg push --dsn "vibgrate+https://..."
Security Best Practices
| Practice | Rationale |
|---|---|
| 🔐 Never commit DSN | Tokens contain secrets |
| 🏢 Store in CI secrets | GitHub Actions, Azure DevOps, GitLab |
| 🔄 Rotate periodically | Quarterly rotation recommended |
| 🎯 Separate environments | Use different DSNs for dev/staging/prod |
| 📝 Track in secret manager | HashiCorp Vault, AWS Secrets Manager |
.gitignore Addition
# Vibgrate secrets
.vibgrate/.dsn
*.dsn
CI Setup Examples
GitHub Actions
name: Drift Scan
on: push
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Vibgrate
env:
VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
run: npx @vibgrate/cli scan --push
GitLab CI
vibgrate-scan:
image: node:22
script:
- npx @vibgrate/cli scan --push
variables:
VIBGRATE_DSN: $VIBGRATE_DSN
Related Commands
- vg push — Upload scans with DSN
- Vibgrate Cloud Guide — Understanding the web interface
- Privacy & Security — Data handling details