Skip to main content

Create a Data Source with vg dsn create

Generate an HMAC-signed DSN token so non-interactive environments can upload to Vibgrate Cloud. Learn how vg dsn create works and how to use --dsn safely in CI.

Vibgrate Docs

Vibgrate Help

Interactive developers sign in with vg login, but build agents cannot open a browser. For those environments you authenticate uploads with a data source name (DSN) — an HMAC-signed token that proves a scan belongs to your workspace. This guide covers creating and using one.

Overview

vg dsn create generates an HMAC-signed DSN token for authenticating dashboard uploads. You store the token as a secret and pass it to push commands with --dsn so the upload is authenticated without an interactive login.

Prerequisites

  • A Vibgrate Cloud workspace.
  • Permission to create a DSN for that workspace.

Step-by-step

Generate the token:

vg dsn create

Treat the output as a secret. Store it in your CI provider's secret manager (for example a masked CI variable), never in source control.

Use it when pushing by passing --dsn:

vg scan --push --dsn "$VIBGRATE_DSN"

Referencing an environment variable (rather than pasting the literal token) keeps the secret out of your command history and logs.

Examples

Push previously scanned artifacts with a DSN:

vg push --dsn "$VIBGRATE_DSN"

Combine with a stable repository name so results land under the right repo:

vg scan --push --dsn "$VIBGRATE_DSN" --repository-name org/my-service

Security notes

The DSN authenticates uploads, so anyone holding it can push to your workspace. Rotate it if it leaks, scope it to CI use, and always inject it via a secret rather than a literal.

Troubleshooting

If uploads are rejected with an authentication error, regenerate the DSN and confirm the secret is set in the job. See Troubleshooting Push and Authentication.

Related

Push from CI Pipelines and Push Scan Results to Vibgrate Cloud.

Related Commands