Skip to main content

Overview

Platform teams deploying Signadot to remote development environments (RDEs) can now use devboxes to enable signadot local connect workflows without requiring manual LocalMachineID configuration.

New

Devboxes are available in v1.4.0+ of the Signadot CLI.

Previously, when platform teams deployed Signadot to RDEs, oftentimes they would have the same machine-id. So they needed to work around this by writing /etc/machine-id or setting an environment variable, even though these values may have been used to other ends elsewhere.

Devboxes provide:

  • Unique identification: Each RDE can be registered with a unique devbox name, eliminating the need for LocalMachineID workarounds
  • Simplified setup: Platform teams can standardize RDE configuration with a single command, or none at all.
  • Exclusive Connect Sessions: One devbox cannot be used in 2 signadot local connect sessions simultaneously.

With Devboxes, RDEs will work without modifying or emulating the local machine id even if they all have the same machine id.

This guide explains the behavior and setup of signadot local connect for the case of RDEs or Docker containers which have the same machine id but run different instances of signadot local connect, possibly in parallel.

Devbox Identification

Devboxes are the Signadot entity with which signadot local connect sessions associate. Each devbox can have at most 1 local connect session at a time.

Devboxes are identified by 3 pieces of information:

  1. A name which if not provided defaults to the hostname as returned by os.Hostname
  2. The local machine id
  3. The authenticated Signadot user's email associated with the call to signadot local connect, if any (api key authentication has no user's email associated).

As a result, without any setup whatsoever, multiple Signadot users can use RDEs which all have the same machine id. For example, rde-1 when used by Alice will have a distinct local connect session from rde-1 when used by Bob, even though rde-1 has just 1 machine id. However, please note that this per-user distinction will not hold when api key authentication is used.

If you would like to set up your RDEs so that one user can use more than one RDE simultaneously, or you have processes using Signadot api keys using RDEs, and those RDEs have the same hostname and machine id, then you can either

  1. set up your RDEs to allow for this using signadot devbox register; or
  2. ask your users to use signadot devbox register --name <alt-name> and subsequently connect with signadot local connect --devbox providing the associated devbox id.

Below we describe setting up RDEs to allow for API key use and for the case where 1 user to use multiple RDEs without needing to provide extra flags to signadot local connect or manage devboxes themselves.

Setting up RDEs with Devbox Registration

Prerequisites

  • Signadot CLI v1.4.0+ installed on each RDE
  • Signadot operator deployed in the target cluster

Setup Steps

Register Each RDE as a Devbox

During RDE provisioning or initialization, register each RDE with a unique devbox name:

signadot devbox register --name <per-rde-unique-name>

No 2 RDEs should have the same name or they will not be usable simultaneously for signadot local connect sessions.

Example:

# Register an RDE for a specific user
signadot devbox register --name rde-alice-dev

# Register a team-shared RDE
signadot devbox register --name rde-backend-team-01

# Register an environment-specific RDE
signadot devbox register --name rde-staging-001

Use signadot local connect

Once registered, when a user runs signadot local connect with CLI >=v1.4.0 on the RDE, the RDE's devbox will be associated with the connect session, and sandboxes created or updated in that environment with local mappings or forwards will map and route to that RDE's local connect session.

Integration with RDE Provisioning

Automated Setup Script

Include devbox registration in your RDE provisioning automation:

#!/bin/bash
# RDE initialization script

# Set unique devbox name (e.g., from environment variable or user ID)
DEVELOPER_ID="${USER:-$(whoami)}"
DEVBOX_NAME="rde-${DEVELOPER_ID}-$(hostname | cut -d'-' -f2)"

# Register devbox
if signadot devbox register --name "${DEVBOX_NAME}"; then
    echo "Devbox registered successfully: ${DEVBOX_NAME}"
else
    echo "Error: Devbox registration failed"
    exit 1
fi

Troubleshooting

You can run signadot devbox list --all and signadot devbox delete to remove devboxes with unintended names associated.