Community and Enterprise plugins require your replication-manager instance to be registered with the Signal18 SSO at gitlab.signal18.io.
Registration is free. It takes less than two minutes and unlocks:
# 1. Create an account at gitlab.signal18.io if you don't have one
# 2. Register the instance and obtain your SSO token
replication-manager instance-register \
--gitlab-token <your-gitlab-personal-access-token> \
--subdomain <your-chosen-subdomain>
# 3. replication-manager writes the issued token automatically to:
# monitoring-instance-token = "eyJ..."
After registration, restart replication-manager. Community plugins are downloaded on the first startup and updated automatically on subsequent reloads.
Once registered, replication-manager downloads the community plugin manifest on startup and keeps the plugin library up to date automatically. No manual binary management is required.
See Plugins for the full plugin reference — architecture, workload plugins, security plugins, score plugins, and how to write your own.
Every cluster configuration is continuously pushed to a GitLab repository in your SSO namespace:
replication-manager monitor \
--cloud18 \
--monitoring-restore-config-on-start \
--cloud18-domain <your-organisation> \
--cloud18-sub-domain <your-instance-subdomain> \
--cloud18-sub-domain-zone <your-geo-zone> \
--cloud18-gitlab-user <your-gitlab-user> \
--cloud18-gitlab-password <your-gitlab-password>
When --monitoring-restore-config-on-start is set, replication-manager:
gitlab.signal18.io/<domain>/<subdomain>-<zone>.git into the working directory — replacing any existing local config<subdomain>-<zone>-pull.git into <working-dir>/.pullcloud18.toml and reconstructs all cluster definitionsConfiguration files stored in GitLab contain no plaintext secrets — all sensitive values are stored in AES-encrypted form. The encryption key is generated locally and never leaves the host.
Registered instances can share cluster access with other registered SSO users — Signal18 partners, support engineers, or trusted operators. Access is managed entirely through the replication-manager API and GUI.
| Role | Who it is for | Default grant scope |
|---|---|---|
sysops |
Local infrastructure operator (owner) | All grants — full access |
dbops |
Local database operator | DB operations — no provisioning, no global settings |
extsysops |
External SysOps partner (Cloud18) | Same as sysops minus sales and global settings |
extdbops |
External DBOps partner (Cloud18) | DB, show, proxy, grant operations |
sponsor |
Marketplace subscriber | DB operations, show, proxy, grant, app access |
visitor |
Read-only observer | Show grants only |
Register → pending → quote → active → unsubscribed
(waiting (price (full (access
approval) proposed) access) revoked)
replication-manager integrates a Chat tab in the GUI powered by Mattermost at mmeet.signal18.io. All three connection methods use your gitlab.signal18.io SSO identity — no separate Mattermost account needed:
https://mmeet.signal18.io as a server in the Mattermost app and sign in with GitLab OAuth| Channel | Who you reach |
|---|---|
| Support | Signal18 engineering and support team |
| Community | Other registered replication-manager operators |
| Partners | Marketplace partners you are connected to |
Each registered instance is assigned a unique namespace:
Instance → GitLab Group gitlab.signal18.io/<subdomain>/
Cluster → GitLab Project gitlab.signal18.io/<subdomain>/<cluster-name>/
Config → Git repository versioned TOML files inside the project
Team → Group members GitLab group membership with role assignments
Your subdomain maps one-to-one to your GitLab group and is the routing key for plugin delivery, configuration sync, and marketplace identity.
All secrets (passwords, encryption keys) are AES-encrypted at the replication-manager host before being written to GitLab. The encryption key is generated locally (replication-manager keygen) and never leaves the host.
replication-manager host
└─ AES encryption key (local, never synced)
│
▼
encrypted secret → GitLab repository (ciphertext only)
To manage who can access your instance and its clusters:
gitlab.signal18.io/<subdomain> — your instance groupChanges take effect on the next replication-manager authentication sync — no restart required.
To share a single cluster without instance-wide access, manage membership at the project level:
gitlab.signal18.io/<subdomain>/<cluster-name>/ → Manage → Members
| Key | Default | Description |
|---|---|---|
monitoring-instance-token |
"" |
JWT issued at registration — identifies this instance to the Signal18 SSO |
plugin-registry-url |
https://registry.signal18.io |
Community plugin manifest endpoint |
plugin-auto-update |
true |
Automatically download updated community plugins on reload |
gitlab-url |
https://gitlab.signal18.io |
GitLab instance used for config sync and team management |