1. Server and credential source
Use the default hosted API or point the file at your self-hosted TunnelTime API. The safer default is to run tunneltime login <agent-token> and keep the token out of this file.
Token fields are masked and omitted from the preview and download until this box is checked. Protect any downloaded file that contains a token and do not commit it.
2. Machine identity
The name is what source clients see when they list private services. The ID is optional; when omitted, the CLI creates and stores a stable private machine ID.
3. Private services
Add each TCP service this machine should publish. Source clients connect with names like my-machine/rdp after this host runs tunneltime serve --config tunneltime.yaml.
4. Connect defaults
These defaults apply when this machine connects to another private service. auto tries direct connectivity first and uses the relay when needed.
5. Runtime defaults
Meter controls terminal traffic display. stun_servers is optional; leave it blank to use servers advertised by the TunnelTime API.