Connection Profiles

Connection profiles (.cyberduckprofile) are documents describing connection settings for a hosting provider.


Connection profiles can be installed from Preferences → Profiles..


Connection profiles can be activated by either installing the file by double-clicking a .cyberduckprofile file to open and register or enabling in Preferences → Profiles.

Contributing Connection Profiles


To contribute new connection profiles, open a pull request in the iterate-ch/profiles repository. Once the pull request is approved the profile will be available through the Preferences → Profiles tab in Mountain Duck and Cyberduck.

Technical File Format Specification


Connection profile files (XML Property List Format) can be created for customers to make it easier to connect with a double-click on that file without entering the connection details manually. Contact us if you are a service provider and need assistance in setting this up.

The following properties can be defined in a connection profile:

  • Protocol (Required)

  • Vendor (Hosting Provider) (Required)


The value of Vendor must be unique among all installed connection profiles.

  • Description (Required)

  • Default Nickname Prefilled bookmark name.

  • Default Hostname Prefilled server name.

  • Hostname Configurable Boolean if hostname is configurable.

  • Hostname Placeholder Suggestion for server name.

  • Default Port Prefilled port number.

  • Port Configurable Boolean if port number is configurable.

  • Default Path

  • Schemes Additional array of schemes this profile can be referenced with in Cyberduck CLI


All additional schemes are registered as a scheme handler when opening Mountain Duck. This allows to reference files and folders in a web application using a custom scheme like customscheme:/(/<hostname>)/path to open in Windows Explorer or Finder.

  • Username Configurable Boolean if username is configurable.

  • Username Placeholder Suggestion for username in login credentials. Used for input field label when editing bookmark.

  • Password Placeholder Suggestion for password in login credentials. Used for input field label when editing bookmark.

  • Password Configurable Boolean if password is configurable.

  • Disk Base64 encoded disk TIFF image icon. Multi Page TIFF with formats 64x64 (72dpi) and 128x128 (144dpi) pixels. Use the disk template file to create a provider profile image.

  • Icon Base64 encoded disk TIFF image icon to be used in protocol dropdown menu instead of Disk icon

  • Context Currently used for

    • Login context path for OpenStack Swift profiles.

    • Prefix all requests with path for S3 profiles.

  • Anonymous Configurable Boolean if anonymous access is configurable.

  • Path Configurable Boolean if default path is configurable.

  • Certificate Configurable Boolean if client certificate is configurable.

  • Region Region name to limit listing containers of a specific region only for OpenStack Swift and S3 profiles. For S3, this value is used for AWS4 signatures when no location can be deferred from the URI for third-party S3 providers.

  • Regions List of regions supported by the provider. This will populate options in the Regions dropdown when creating a new top level folder for S3 and OpenStack Swift connections.

  • OAuth Client ID For protocols using OAuth 2.0 you can override the registered application client ID with the provider.

    • A profile can omit the OAuth Client ID to prompt the user for manual input when connecting.

  • OAuth Client Secret For protocols using OAuth 2.0 you can override the registered application client secret with the provider.

    • A profile can define an empty value for OAuth Client Secret. The OAuth authorization flow will then use no client secret in client parameters to authenticate with the server.

    • A profile can omit the OAuth Client Secret to prompt the user for manual input when connecting.

  • Authorization Set to AWS2 to default to AWS2 signature authentication for S3. Default is AWS4HMACSHA256.

  • Properties List of custom protocol-specific properties. You can set hidden configuration options for a specific connection profile. Example usages can be found in:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
        <string>HP Cloud Object Storage</string>
        <key>Default Hostname</key>
        <key>Default Port</key>
        <key>Hostname Configurable</key>
        <key>Port Configurable</key>
        <key>Username Placeholder</key>
        <string>Tenant ID:Access Key</string>
        <key>Password Placeholder</key>
        <string>Secret Key</string>

Disk icon template

Icon set

Create a multi-TIFF containing the needed icon sizes:

  1. Create a high-resolution .png file based on the PSD template

  2. Use the following script to generate the different resolutions and the multi-TIFF disk.tiff file:

    /usr/bin/sips -s format png -z 128 128 -s dpiHeight 144.0 -s dpiWidth 144.0 ${png} --out ${tmp}/icon_64x64@2x.png
    /usr/bin/sips -s format png -z 64 64 -s dpiHeight 72.0 -s dpiWidth 72.0 ${png} --out ${tmp}/icon_64x64.png
    /usr/bin/sips -s format png -z 96 96 -s dpiHeight 144.0 -s dpiWidth 144.0 ${png} --out ${tmp}/icon_96@2x.png
    /usr/bin/sips -s format png -z 48 48 -s dpiHeight 72.0 -s dpiWidth 72.0 ${png} --out ${tmp}/icon_96.png
    /usr/bin/sips -s format png -z 256 256 -s dpiHeight 144.0 -s dpiWidth 144.0 ${png} --out ${tmp}/icon_256@2x.png
    /usr/bin/sips -s format png -z 128 128 -s dpiHeight 72.0 -s dpiWidth 72.0 ${png} --out ${tmp}/icon_256.png
    /usr/bin/tiffutil -cathidpicheck ${tmp}/icon_64x64@2x.png ${tmp}/icon_64x64.png ${tmp}/icon_96.png ${tmp}/icon_96@2x.png ${tmp}/icon_256.png ${tmp}/icon_256@2x.png -out ${target}/disk.tiff
  3. Use the command base64 ./disk.tiff -b 70 to generate the base64 version of the multi-TIFF file. This final version will be used for the connection profile.

Sample Connection Profiles

Google Custom OAuth Client ID

S3 and OpenID Connect Federation

Customization of connection profiles using OpenID Connect provider and AssumeRoleWithWebIdentity STS API