FAQ

Common questions about CodeFetch.

General

CodeFetch is a secure, encrypted library for storing and running scripts and operational files across any infrastructure. You publish files from VS Code, then fetch and execute them from any machine — Linux, macOS, or Windows — with a single command: codefetch get <ID>.

CodeFetch is currently in beta and free to use. The full release will offer an annual subscription of £40–£80/year, with a limit of 3,000 assets or 500 MB. Registered beta users will be notified by email before pricing takes effect.

Any file type. Common uses include shell scripts (.sh, .bash, .zsh), PowerShell (.ps1), Python, Ruby, configuration files (.yaml, .json, .toml, .env), and templates. CodeFetch is not limited to scripts.

No. Your source files stay in your own repos. CodeFetch is the delivery layer that gets operational assets where they need to run — think of it as a secure, executable clipboard for your infrastructure, not a replacement for Git.

Go to Settings → Delete Account in the web app at app.codefetch.io. This permanently removes your account, all published files, and all shared links. The action cannot be undone.

Security

All files are encrypted with AES-256-GCM using your secret key before they are stored. The CodeFetch servers hold only ciphertext — without your key the content is unreadable. Decryption happens on your machine, not on CodeFetch servers. All data is transmitted over TLS.

No. Your files are encrypted with your secret key before storage. The backend stores only a one-way SHA-256 hash of your key for authentication — it cannot be reversed. The CodeFetch team cannot read your file contents. File metadata (filenames, descriptions, tags) is not encrypted.

Shared links give someone access to a single file without sharing your secret key or exposing the rest of your library. They are your responsibility once distributed — anyone with the URL can execute that file. Revoke them from the web app when no longer needed. For extra control, shortened links via codefet.ch support an IPv4 allowlist so the link only works from specific machines.

The backend stores only a one-way hash — your key cannot be recovered by support. If you lose it, your published files cannot be decrypted. You can generate a new secret key from Settings → Change Secret in the web app, but this re-encrypts your files with the new key going forward. Treat your secret key like a password and store it somewhere safe.

The CLI configuration file (containing your account URL and secret key) is encrypted and bound to your machine's hardware ID, hostname, and username. This prevents other users on the same machine from accessing your config, and prevents the config file from being copied to a different machine and used there.

Web App

Every file in your library has an 8-character ID shown in its entry. Click Copy ID to copy it to the clipboard, then use it with the CLI: codefetch get <ID>.

Go to Settings → Change Secret in the web app. The rotation process re-encrypts all your published files with the new key automatically — you don't need to re-publish anything. After rotating, update the CLI with codefetch config and re-enter your credentials in the VS Code extension via CodeFetch: Configure Settings.

Go to Settings → Billing in the web app. This opens the Stripe customer portal where you can view invoices, update payment details, and manage your subscription.

Command-Line Interface

Linux, macOS, and Windows — both amd64 and arm64 architectures. See the Quickstart for the install commands per platform.

Run the same install command again. It replaces the existing binary with the latest release. No separate upgrade command is needed.

Yes. Pass credentials at runtime using flags instead of relying on a local config file:

codefetch get <ID> --auth-uri "$CODEFETCH_URI" --auth-secret "$CODEFETCH_SECRET"

Store CODEFETCH_URI and CODEFETCH_SECRET as secrets in your CI provider. The same flags work with codefetch playbook run.

Yes. Use --save to download the script to a local temp file instead of running it:

codefetch get <ID> --save

The path is copied to your clipboard so you can inspect or run it manually.

Playbooks let you chain multiple scripts and execute them in sequence with a single command. Tag scripts with a shared group tag and sequence numbers (deploy-prod, #1), then export and run:

codefetch playbook export deploy-prod ~/playbooks/deploy-prod.json
codefetch playbook run ~/playbooks/deploy-prod.json

See the CLI guide for full details.

The --save flag copies the file path to the clipboard. On Linux this requires either xclip or xsel to be installed:

sudo apt install xclip

VS Code Extension

In VS Code's built-in SecretStorage API. Nothing is written to settings.json, .env, or any workspace file — your credentials will never accidentally appear in source control.

No. The extension handles renames and moves automatically. The library record updates to match the new name and path with no manual action required.

Commit the .codefetch/ folder in your repository alongside your code. When a teammate clones the repo, the extension reads that folder and immediately shows badges on all published files — without anyone needing to re-publish. Each repository is independent, so multiple repos in the same workspace don't interfere with each other.

Yes. Open VS Code settings (Ctrl+,) and set codefetch.autoUpdateOnChange to false. You can then push updates manually by right-clicking the file and selecting CodeFetch: Publish File.

Email us at support@codefetch.io and we'll get back to you.