Secure Connections
AI CLIs are great at running commands — but they should never see your passwords, private keys, or connection strings. Codux stores connection profiles inside the app and exposes two thin command-line wrappers to every terminal it launches: codux-ssh and codux-db. The AI uses the wrappers; Codux injects the credentials at execution time.
How it stays safe
Section titled “How it stays safe”- Profiles live in Codux’s app-private data directory, never in your repository.
- The wrappers receive only a profile id. Passwords, keys, and passphrases are injected by the Codux runtime — they never appear in the command line, the environment the CLI can read, or the AI conversation.
- The wrappers are available in every terminal Codux launches, on the desktop and on remote hosts.
SSH profiles
Section titled “SSH profiles”Save a connection once in the SSH panel (View menu → Open SSH Panel), then any terminal — including one driven by an AI CLI — can use it:
# Discover saved profiles (JSON)codux-ssh list
# Run a one-off remote commandcodux-ssh <profile-id> -- 'df -h'
# Copy files; prefix the remote path with ':'codux-ssh scp <profile-id> ./dist/app.tar.gz :/opt/app/
# Open an interactive sessioncodux-ssh <profile-id>Database profiles
Section titled “Database profiles”Database connections are saved per project and support PostgreSQL, MySQL, and SQLite:
# Discover saved databases for the current project (JSON)codux-db list
# Run SQL directlycodux-db <profile-id> -- 'SELECT count(*) FROM users;'Why this matters for AI workflows
Section titled “Why this matters for AI workflows”Ask your AI CLI to “check disk usage on the staging server” or “count yesterday’s signups” — it discovers the profile with list, runs the command through the wrapper, and reads the output. Your credentials were never part of the exchange, so they can’t end up in a transcript, a log, or a model provider’s cloud.