Developer Resources

Built for Developers

Everything you need to deploy secure remote access to your infrastructure. Simple tools, powerful features, zero exposed ports.

Download CLI View Documentation

Downloads

Two tools, one system. Choose what you need.

Epoch CLI

Management tool for your local machine. Authenticate, manage agents, and connect to remote servers from your terminal.

macOS & Linux
Download CLI

Epoch Agent

Install on your servers to enable secure remote access. Runs as a service, connects outbound only, no exposed ports.

macOS & Linux
Download Agent

How They Work Together

1

Install the Agent on your server

The agent runs on each server you want to access. It connects outbound to Epoch's relay servers - no inbound ports needed.

2

Use the CLI from your local machine

The CLI lets you authenticate, list your agents, and connect to them securely from anywhere.

3

Connect securely

All traffic is encrypted end-to-end. Access your servers via terminal, execute commands, or use the web dashboard.

Infrastructure Automation

Ansible & SSH Integration

Use EpochProxy with your existing SSH and Ansible workflows. No VPN or port exposure required.

1 SSH ProxyCommand Mode

Connect to agents using standard SSH commands. EpochProxy acts as a transparent proxy. 

# Connect via SSH using ProxyCommand
ssh -o "ProxyCommand=epoch-cli proxy %h" user@my-server

# Add to ~/.ssh/config for automatic use
Host *.epoch
    ProxyCommand epoch-cli proxy %h
    User admin
    StrictHostKeyChecking no

# Then simply:
ssh my-server.epoch

2 Ansible Dynamic Inventory

Generate Ansible inventory automatically from your registered agents with labels mapped to groups. 

# Generate JSON inventory (Ansible default)
epoch-cli inventory

# Generate INI format
epoch-cli inventory --format ini

# Use with Ansible
ansible-inventory -i "epoch-cli inventory" --list
ansible -i "epoch-cli inventory" all -m ping

Agent labels like env=production become Ansible groups like env_production.

3 Ansible Connection Plugin

Run Ansible playbooks directly through EpochProxy without SSH configuration. 

# Install the connection plugin
mkdir -p ~/.ansible/plugins/connection
cp epoch_proxy.py ~/.ansible/plugins/connection/

# Configure inventory to use epoch_proxy connection
[webservers]
web-1 ansible_connection=epoch_proxy
web-2 ansible_connection=epoch_proxy

# Run playbooks as normal
ansible-playbook -i inventory playbook.yml

4 Port Forwarding

Forward local or remote ports through agents using familiar SSH-style syntax. 

# Local forward: access remote service on local port
epoch-cli forward -L 5432:localhost:5432 db-server
# Now connect to localhost:5432 to reach the remote database

# Remote forward: expose local service to agent
epoch-cli forward -R 3000:localhost:3000 web-server

# Multiple forwards
epoch-cli forward -L 5432:localhost:5432 -L 6379:localhost:6379 my-agent

Complete Example

Deploy to all production servers using EpochProxy with zero VPN or bastion setup. 

# deploy.yml
---
- name: Deploy application
  hosts: env_production
  connection: epoch_proxy
  gather_facts: yes

  tasks:
    - name: Update application
      copy:
        src: ./app/
        dest: /opt/myapp/
      notify: restart app

  handlers:
    - name: restart app
      systemd:
        name: myapp
        state: restarted
# Run it
ansible-playbook -i "epoch-cli inventory" deploy.yml
Automation

API Keys & Programmatic Access

Execute commands on your servers from CI/CD pipelines, scripts, and automation tools without interactive authentication.

1 Create an API Key

Generate an API key using the CLI. The key is shown only once - save it securely. 

# Create an API key with a descriptive name
epoch auth api-key create --name "CI/CD Pipeline"

# Create with expiration (e.g., 90 days)
epoch auth api-key create --name "Deploy Script" --expires-in-days 90

# List your API keys
epoch auth api-key list

# Revoke a key
epoch auth api-key revoke <key-id>

2 Use with CLI

Pass the API key via environment variable or flag. No browser login required. 

# Set as environment variable (recommended)
export EPOCH_API_KEY="ep_your_api_key_here"
epoch agent list
epoch agent exec <agent-id> -- ls -la

# Or pass as flag
epoch --api-key "ep_..." agent list

3 Execute Commands via REST API

For maximum flexibility, call the REST API directly from any language or tool. 

# Execute a command on an agent
curl -X POST https://api.epochproxy.cloud/api/agents/<agent-id>/exec \
  -H "X-API-Key: ep_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "command": "ls",
    "args": ["-la", "/var/log"],
    "timeoutMs": 30000
  }'
# Response
{
  "exitCode": 0,
  "stdout": "total 1234\ndrwxr-xr-x 12 root root ...",
  "stderr": "",
  "durationMs": 127,
  "timedOut": false
}

4 Python Example 

import requests
import os

API_KEY = os.environ["EPOCH_API_KEY"]
AGENT_ID = "your-agent-uuid"

response = requests.post(
    f"https://api.epochproxy.cloud/api/agents/{AGENT_ID}/exec",
    headers={"X-API-Key": API_KEY},
    json={
        "command": "df",
        "args": ["-h"],
        "timeoutMs": 30000
    }
)

result = response.json()
print(f"Exit code: {result['exitCode']}")
print(result["stdout"])

Security Best Practices

  • Store API keys in environment variables or secrets managers, never in code
  • Use separate keys for different environments (dev, staging, production)
  • Set expiration dates and rotate keys regularly (every 30-90 days)
  • Revoke compromised keys immediately - they are invalidated instantly
  • Rate limits apply: 10 exec requests/minute, 100 general requests/minute per key

Resources

Everything you need to integrate EpochProxy into your workflow.

Documentation

Comprehensive guides for installation, configuration, and troubleshooting.

CLI Reference

Complete reference for all CLI commands, flags, and configuration options.

API Reference

REST API documentation for programmatic access and integrations.

Ready to get started?

Set up secure access to your servers in minutes.

Download CLI Create Free Account