Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Users and authentication

Every API request requires a bearer token. Create separate identities for people and CI systems so access can be revoked without disrupting everyone.

Create a token

sudo -u vsync vsync-server token create ali

The token is shown once and only its hash is stored by the server. Send it to the user through a private channel. They sign in with:

vsync login --server https://builds.example.com

List and revoke tokens

sudo -u vsync vsync-server token list
sudo -u vsync vsync-server token revoke ali

Revoking a name immediately invalidates every token currently held by that name, including tokens on other machines and admin-panel sessions.

Administrator tokens

sudo -u vsync vsync-server token create ali --admin

Admin tokens can use the normal clients and sign in to /admin. Give them only to people who should manage access, retention, streams, and build status.

CI tokens

Create a distinct identity for each automation system. Store its token in the CI secret store and expose it only to trusted jobs:

VSYNC_SERVER=https://builds.example.com
VSYNC_TOKEN=vs_...

Never commit a token or print it in build logs.

Perforce login

Set the exact Perforce endpoint in server.toml:

p4 = "ssl:perforce.example.com:1666"

Install the p4 CLI on the server and trust the server fingerprint as the vsync user:

sudo -u vsync p4 -p ssl:perforce.example.com:1666 trust

Users need a live all-hosts ticket:

p4 login -a
vsync login --server https://builds.example.com --p4

The Vsync token issued through Perforce expires after seven days. A disabled Perforce account cannot obtain another token. Use token revoke <name> when access must end immediately.