8.6 KiB
XPipe Vault (Keep this repository private!)
This repository contains all connection information that is designated to be shared.
You can sync with this repository in all XPipe application instances the same way, every change you make in one instance will be reflected in the repository.
Category list
- Connections
- Scripts
- Identities
Connection list
All connections / Proxmox Kladow
empty
All connections / Proxmox Kladow / VM
All connections / Proxmox Kladow / Hosts
All connections / Proxmox Kladow / Container
All connections / Proxmox Hetzner
empty
All connections / Proxmox Hetzner / VM
All connections / Proxmox Hetzner / Hosts
All connections / Proxmox Hetzner / Container
- docker-baikal
- docker-ip-symcon
- docker-proxy
- docker-vaultwarden
- dolibarr
- ecomailz
- gitea
- Influxdb
- Lizenzserver
- proxmox mailgateway
All connections / local
empty
All connections / Default
empty
All connections / Boot
empty
All scripts / Custom
All identities / Synced
empty
Secret encryption
You have the option to fetch any sensitive information like passwords from outside sources like password managers or enter them at connection time through a prompt window. In that case, XPipe doesn't have to store any secrets itself.
In case you choose to store passwords and other secrets within XPipe, all sensitive information is encrypted when it is saved using AES with either:
- A dynamically generated key file
vaultkey(The data can then only be decrypted with that file present) - A custom passphrase that can be set for your user in the settings menu, combined with the vaultkey file (This option can only as secure as the password you choose)
By default, general connection data is not encrypted, only secrets are. So things like hostnames and usernames are stored without encryption, which is in line with many other tools. There is an available vault setting in the settings menu to encrypt all connection data if you want to do that.
Cloning the repository on other systems
Nowadays, most providers require a personal access token (PAT) to authenticate from the command-line instead of traditional passwords. You can find common (PAT) pages here:
- GitHub: Personal access tokens (classic)
- GitLab: Personal access token
- BitBucket: Personal access token
- Gitea:
Settings -> Applications -> Manage Access Tokens sectionSet the token permission for repository to Read and Write. The rest of the token permissions can be set as Read.
Even if your git client prompts you for a password, you should enter your token unless your provider still uses passwords.
If you don't want to enter your credentials every time, you can use any git credentials manager for that. For more information, see for example:
- https://git-scm.com/doc/credential-helpers
- https://docs.github.com/en/get-started/getting-started-with-git/caching-your-github-credentials-in-git
Some modern git clients also take care of storing credentials automatically.
Troubleshooting
Adding connections to the repository
By default, no categories are set to shared so that you have explicit control on what connections to commit.
To have your connections of a category put inside your git repository,
you either need to right-click the category or click on the ⚙️ icon when hovering over the category
in your Connections tab under the category overview on the left side.
Then click on Add to git repository to sync the category and connections to your git repository.
This will add all shareable connections in that category to the git repository.
Local connections are not synced
Any connection located under the local machine can not be shared as it refers to connections and data that are only available on the local system.