Interactive developers sign in with vg login, but build agents cannot open a browser. For those environments you authenticate uploads with a data source name (DSN) — an HMAC-signed token that proves a scan belongs to your workspace. This guide covers creating and using one.
Overview
vg dsn create generates an HMAC-signed DSN token for authenticating dashboard uploads. You store the token as a secret and pass it to push commands with --dsn so the upload is authenticated without an interactive login.
Prerequisites
- A Vibgrate Cloud workspace.
- Permission to create a DSN for that workspace.
Step-by-step
Generate the token:
vg dsn create
Treat the output as a secret. Store it in your CI provider's secret manager (for example a masked CI variable), never in source control.
Use it when pushing by passing --dsn:
vg scan --push --dsn "$VIBGRATE_DSN"
Referencing an environment variable (rather than pasting the literal token) keeps the secret out of your command history and logs.
Examples
Push previously scanned artifacts with a DSN:
vg push --dsn "$VIBGRATE_DSN"
Combine with a stable repository name so results land under the right repo:
vg scan --push --dsn "$VIBGRATE_DSN" --repository-name org/my-service
Security notes
The DSN authenticates uploads, so anyone holding it can push to your workspace. Rotate it if it leaks, scope it to CI use, and always inject it via a secret rather than a literal.
Troubleshooting
If uploads are rejected with an authentication error, regenerate the DSN and confirm the secret is set in the job. See Troubleshooting Push and Authentication.
Related
Push from CI Pipelines and Push Scan Results to Vibgrate Cloud.