Open App

Connections

Pipelines often need to read files from or write files to storage that lives outside Zedoc — an Amazon S3 bucket where your EPUB files are stored, or an SFTP server that feeds your distribution channel. Connections are how you give Zedoc access to those external services without embedding credentials into individual pipelines.

A connection is an organization-level resource. You configure it once — providing the server address, credentials, and any other details — and then any pipeline in that organization can reference it. This means you set up your S3 bucket or SFTP server a single time and reuse it across as many pipelines as you need.

Connection Types

Zedoc currently supports the following connection types. Each has its own setup guide:

S3

Amazon S3 and S3-compatible storage such as MinIO, Cloudflare R2, and DigitalOcean Spaces.
SFTP

Connect to SFTP servers using password or SSH key authentication.

Why Connections Exist

Without connections, every pipeline that needs to upload a file to S3 would need its own copy of your access keys. That would be difficult to manage and a security concern. Connections solve this by centralizing credentials at the organization level. You configure them once, and tasks reference them by name.

This separation also makes pipelines portable. If you switch from one S3 bucket to another, you update the connection — not every pipeline that uses it.

Primary Connections

Each connection type can have one primary connection per organization. The primary connection acts as a default: when a task supports it (like Upload File), the primary connection is pre-selected automatically. This saves you from picking the same connection over and over in every pipeline.

You can change which connection is primary at any time. Only one connection per type can be primary — setting a new one removes the designation from the previous one.

Path Prefixes

Each connection can define an optional path prefix — a directory path that is automatically added to the beginning of every file path used with that connection. This is a convenient way to organize files without having to type the full path in every pipeline.

For example, if your connection has a path prefix of zedoc/output/ and a task uploads a file to book.epub, the actual storage path becomes zedoc/output/book.epub.

Security

Connection credentials are encrypted before they are stored and are never exposed through the interface after creation. They are only decrypted at the moment a task needs them to perform a storage operation, and they never leave the platform.

  • Access keys, passwords, and private keys are encrypted at rest
  • Credential values are never returned or displayed after initial setup
  • SSH private keys are managed entirely within the platform