DevBarDevBar
Download

Security

DevBar is built for teams that take security seriously.

Token Storage

All API tokens and credentials you enter in DevBar are stored exclusively in the macOS Keychain. They are never written to disk in plaintext and are never sent to DevBar's servers. DevBar requests only the minimum scopes required for each integration.

Verification: Open Keychain Access → login → search for "devbar" to inspect stored items.

Auto-Lock & Touch ID

DevBar can lock itself automatically, requiring Touch ID or password to resume.

Auto-lock after inactivity

Enable in Settings → Security → "Lock after X minutes of inactivity". Options: 1, 5, 15, 30 minutes, or never.

Lock on system lock

Enable "Lock when screen locks" in Settings → Security. DevBar locks automatically whenever macOS locks or the screensaver activates.

Touch ID unlock

When Touch ID is available on your Mac, DevBar uses it to unlock instead of prompting for a password.

SAML SSO Setup

SAML 2.0 SSO is available on the Enterprise plan. DevBar acts as the Service Provider (SP).

  1. 1In your Identity Provider (Okta, Azure AD, Google Workspace, etc.), create a new SAML application.
  2. 2Set the SSO URL (ACS URL) to: https://api.devbar.app/saml/acs
  3. 3Set the Entity ID / Audience to: https://api.devbar.app
  4. 4Download the IdP metadata XML or copy the IdP metadata URL.
  5. 5In DevBar Admin → Settings → SAML, paste the IdP metadata URL or upload the XML.
  6. 6Click Save and test by signing in via SSO.
The SP metadata endpoint is https://api.devbar.app/saml/metadata. Use this URL in IdPs that support automatic SP configuration.

SCIM Provisioning

SCIM 2.0 provisioning lets your IdP automatically create, update, and deprovision DevBar accounts. Available on the Enterprise plan.

SCIM Base URLhttps://api.devbar.app/scim/v2
AuthenticationBearer token (generated in Admin → Settings → SCIM)
Supported operationsCreate user, Update user, Deactivate user, List users

Generate the SCIM bearer token in Admin → Settings → SCIM → Generate Token. Rotate it at any time; the old token is immediately invalidated.

Audit Logging

Every authentication event, settings change, and admin action is written to the audit log.

Viewing the audit log

Navigate to Admin → Audit Log. Filter by user, event type, or date range.

Exporting

Download the audit log as CSV or JSON for import into your SIEM.

Retention

Audit log entries are retained for 90 days on Team, and 365 days on Enterprise.