Jump Hippo ← Back to site

Import & Export

Everything you build in Jump Hippo — tunnels, reusable credentials, and jump-host chains — normally lives only on the machine you built it on, encrypted for that device. The Import/Export tab in Settings lets you move a setup between machines, keep a backup, and seed a fresh install from your existing ~/.ssh/config.

Open it from Settings → Import/Export.

The .jumphippo bundle

A bundle is a single self-describing file containing your tunnels, credentials, and jump hosts (and, optionally, your app settings). It's the unit of backup and of moving to a new machine.

Exporting

Settings → Import/Export → Export bundle… lets you choose:

Then pick where to save the .jumphippo file.

Why secrets aren't just copied. Jump Hippo seals secrets at rest with a key that's bound to this device (or your OS keychain, or your master password) — so the sealed form deliberately won't decrypt anywhere else. Export therefore uses its own portable, passphrase-based encryption instead of copying the device-sealed blob. A plaintext password is never written to disk.

Importing

Settings → Import/Export → Import bundle… — pick a .jumphippo file and Jump Hippo shows you a preview before anything changes: how many tunnels, credentials, and jump hosts are new, an update to something you already have, or a name conflict. Choose how to apply it:

If the bundle was exported with a passphrase, you'll be asked for it. A wrong passphrase fails cleanly — nothing is changed. A bundle that's internally inconsistent is rejected whole, never half-applied.

Moving to a new machine

  1. On the old machine: Export bundle…, choosing Protect with a passphrase if you want your secrets to come across.
  2. Copy the .jumphippo file to the new machine (any way you like).
  3. On the new machine: Import bundle…, enter the passphrase, and choose Merge (or Replace everything for a fresh install).

Imported secrets are immediately re-sealed under the new machine's own storage backend, so they sit alongside everything else exactly as if you'd typed them there.

Credentials that "need password"

If you imported a bundle without its secrets (the stripped default), any password credential arrives flagged needs password. It appears that way in the credential picker and editor, and a tunnel using it can't connect until you open the credential and re-enter the password.

Importing from your SSH config

If you already keep hosts in ~/.ssh/config, Settings → Import/Export → Import from SSH config… proposes Jump Hippo records from it — no retyping.

Jump Hippo reads the common directives — Host, HostName, User, Port, IdentityFile, ProxyJump, and Include — and proposes, for each host:

Nothing is written until you tick the hosts you want and confirm. Each selected host also brings in the credential and jump hosts it needs.

The drafted tunnels are a starting point. An SSH config says how to reach a server, not what to forward — so each drafted tunnel gets a placeholder local port and destination. Open it in the editor afterwards and set the forwarding you actually want. Passwords are never invented: a host with no key maps to an agent credential.

Security notes

See also Authentication, Jump Hosts, and Security.