Users and authentication
Every API request requires a bearer token. Create separate identities for people and CI systems so access can be revoked without disrupting everyone.
Create a token
sudo -u vsync vsync-server token create ali
The token is shown once and only its hash is stored by the server. Send it to the user through a private channel. They sign in with:
vsync login --server https://builds.example.com
List and revoke tokens
sudo -u vsync vsync-server token list
sudo -u vsync vsync-server token revoke ali
Revoking a name immediately invalidates every token currently held by that name, including tokens on other machines and admin-panel sessions.
Administrator tokens
sudo -u vsync vsync-server token create ali --admin
Admin tokens can use the normal clients and sign in to /admin. Give them only
to people who should manage access, retention, streams, and build status.
CI tokens
Create a distinct identity for each automation system. Store its token in the CI secret store and expose it only to trusted jobs:
VSYNC_SERVER=https://builds.example.com
VSYNC_TOKEN=vs_...
Never commit a token or print it in build logs.
Perforce login
Set the exact Perforce endpoint in server.toml:
p4 = "ssl:perforce.example.com:1666"
Install the p4 CLI on the server and trust the server fingerprint as the
vsync user:
sudo -u vsync p4 -p ssl:perforce.example.com:1666 trust
Users need a live all-hosts ticket:
p4 login -a
vsync login --server https://builds.example.com --p4
The Vsync token issued through Perforce expires after seven days. A disabled
Perforce account cannot obtain another token. Use token revoke <name> when
access must end immediately.