dumont

Configuration

Name remotes, reference secrets safely, and preflight with remote test.

Remotes live in ~/.config/dumont/config.yaml (override the location with XDG_CONFIG_HOME or DUMONT_CONFIG).

Remotes

Each entry under remotes: defines a scheme. Its type chooses the backend; the rest of the keys configure that backend.

remotes:
  aws:                           # → aws://bucket/key
    type: s3
    region: us-east-1
    credentials:
      access_key_id:     env:AWS_ACCESS_KEY_ID
      secret_access_key: keychain:dumont/aws
  r2:                            # → r2://bucket/key
    type: s3
    endpoint: https://<acct>.r2.cloudflarestorage.com
    region: auto
    path_style: true             # required for most non-AWS stores
    credentials:
      access_key_id:     env:R2_ACCESS_KEY_ID
      secret_access_key: env:R2_SECRET_ACCESS_KEY
  cdn:                           # Bunny Edge Storage → cdn://path
    type: bunnystorage
    zone: my-storage-zone
    emulate: true                # opt-in: read-modify-write random write/append
    credentials:
      password: env:BUNNY_STORAGE_PASSWORD
  vid:                           # Bunny Stream → vid://collection/title
    type: bunnystream
    library_id: "<your-library-id>"
    cdn_host: vz-xxxx.b-cdn.net
    credentials:
      api_key: env:BUNNY_STREAM_KEY

See the backend pages for every option each type accepts.

Credentials

Secrets are never inline. Credentials are references resolved on first use, so your config file is safe to commit and share:

ReferenceResolves from
env:VARthe environment variable VAR
file:/paththe contents of a file (which must be mode 0600)
keychain:service/accountthe OS keychain entry

Local folders

local_folders maps an alias to a base directory. Addressed as local://<alias>/path, access is sandboxed to that directory — symlinks that point outside the base are contained, so an alias can't be used to reach arbitrary paths.

local_folders:                   # → local://<alias>/path
  docs:   ~/Documents
  photos: /Volumes/media/photos

Preflight: remote test

dumont remote test aws

This resolves a remote's credential references and runs a cheap liveness probe — turning a typo in an env:/keychain: reference into an explicit preflight error instead of a confusing failure on your first real operation.

dumont remote ls           # list configured remotes + aliases (no secrets printed)

Addressing

How a URI scheme maps to a backend, and the built-in schemes.

Commands

Every verb, its flags, and what it does.

On this page

RemotesCredentialsLocal foldersPreflight: remote test