# Table of Contents - [Storj Docs - Storj Docs](#storj-docs-storj-docs) - [Getting started with Storj: Enterprise-grade Cloud Object Storage - Storj Docs](#getting-started-with-storj-enterprise-grade-cloud-object-storage-storj-docs) - [Migrate - Storj Docs](#migrate-storj-docs) - [Creating Buckets Using Different Tools - Storj Docs](#creating-buckets-using-different-tools-storj-docs) - [Data Location - Storj Docs](#data-location-storj-docs) - [Creating Public Buckets and Embedding Content - Storj Docs](#creating-public-buckets-and-embedding-content-storj-docs) - [Understanding Cross-Origin Resource Sharing (CORS) with Storj's S3 API - Storj Docs](#understanding-cross-origin-resource-sharing-cors-with-storj-s-s3-api-storj-docs) - [How to migrate from Backblaze to Storj - Storj Docs](#how-to-migrate-from-backblaze-to-storj-storj-docs) - [Uploading and Downloading Files Guide - Storj Docs](#uploading-and-downloading-files-guide-storj-docs) - [How to migrate from Wasabi to Storj - Storj Docs](#how-to-migrate-from-wasabi-to-storj-storj-docs) - [Storj Managed vs. Self-Managed Encryption S3 Compatibility Differences - Storj Docs](#storj-managed-vs-self-managed-encryption-s3-compatibility-differences-storj-docs) - [SDKs - Storj Docs](#sdks-storj-docs) - [Using Object Lock to Protect Data - Storj Docs](#using-object-lock-to-protect-data-storj-docs) - [Understanding Multipart Upload - Storj Docs](#understanding-multipart-upload-storj-docs) - [Object Lock - Storj Docs](#object-lock-storj-docs) - [Setting Up and Understanding Storj Geo-distributed Storage Regions - Storj Docs](#setting-up-and-understanding-storj-geo-distributed-storage-regions-storj-docs) - [Creating S3 Compatible Credentials - Storj Docs](#creating-s3-compatible-credentials-storj-docs) - [Bucket Logging (Available Upon Request) - Storj Docs](#bucket-logging-available-upon-request-storj-docs) - [Optimizing Multipart Upload Part Size for Better Performance - Storj Docs](#optimizing-multipart-upload-part-size-for-better-performance-storj-docs) - [Deleting Buckets Using Different Tools - Storj Docs](#deleting-buckets-using-different-tools-storj-docs) - [Enabling Lexicographic Sorting of Object Listings - Storj Docs](#enabling-lexicographic-sorting-of-object-listings-storj-docs) - [Setting Object Lifecycles - Storj Docs](#setting-object-lifecycles-storj-docs) - [Object Versioning in Storj - Storj Docs](#object-versioning-in-storj-storj-docs) - [S3 Compatible Gateway Hosted by Storj - Storj Docs](#s3-compatible-gateway-hosted-by-storj-storj-docs) - [Creating and Using Presigned URLs with Storj - Storj Docs](#creating-and-using-presigned-urls-with-storj-storj-docs) - [Bucket Event Notifications with Google Pub/Sub - Storj Docs](#bucket-event-notifications-with-google-pub-sub-storj-docs) - [S3 Compatibility - Storj Docs](#s3-compatibility-storj-docs) - [Storj IPFS Pinning Service (Beta) - Storj Docs](#storj-ipfs-pinning-service-beta-storj-docs) - [Introduction to Storj - Storj Docs](#introduction-to-storj-storj-docs) - [Object Storage Tiered Pricing - Storj Docs](#object-storage-tiered-pricing-storj-docs) - [Object Mount Pricing - Storj Docs](#object-mount-pricing-storj-docs) - [Content response headers - Storj Docs](#content-response-headers-storj-docs) - [Pricing Overview - Storj Docs](#pricing-overview-storj-docs) - [Using the Uplink CLI - Storj Docs](#using-the-uplink-cli-storj-docs) - [Configuring Storj for Partners - Storj Docs](#configuring-storj-for-partners-storj-docs) - [Download and install uplink - Storj Docs](#download-and-install-uplink-storj-docs) - [Setting Up AWS CLI Endpoint to Storj - Storj Docs](#setting-up-aws-cli-endpoint-to-storj-storj-docs) - [Object Storage Legacy Pricing - Storj Docs](#object-storage-legacy-pricing-storj-docs) - [AWS SDK PHP - Storj Docs](#aws-sdk-php-storj-docs) - [AWS SDK Nodejs - Storj Docs](#aws-sdk-nodejs-storj-docs) - [Object Storage Pricing - Storj Docs](#object-storage-pricing-storj-docs) - [Hosting a Static Website - Storj Docs](#hosting-a-static-website-storj-docs) - [Rails 7 ActiveStorage Connected to Storj - Storj Docs](#rails-7-activestorage-connected-to-storj-storj-docs) - [Getting started with Storj Testnet on Linux - Storj Docs](#getting-started-with-storj-testnet-on-linux-storj-docs) - [meta - Storj Docs](#meta-storj-docs) - [Storage Node Getting Started - Storj Docs](#storage-node-getting-started-storj-docs) - [mb - Storj Docs](#mb-storj-docs) - [import - Storj Docs](#import-storj-docs) - [access - Storj Docs](#access-storj-docs) - [Sign up and host a Node on Storj - Storj Docs](#sign-up-and-host-a-node-on-storj-storj-docs) - [access list - Storj Docs](#access-list-storj-docs) - [access export - Storj Docs](#access-export-storj-docs) - [Understanding the Commercial Storage Node Operator Program - Storj Docs](#understanding-the-commercial-storage-node-operator-program-storj-docs) - [Concepts - Storj Docs](#concepts-storj-docs) - [ls - Storj Docs](#ls-storj-docs) - [Generating and Managing Access Grants - Storj Docs](#generating-and-managing-access-grants-storj-docs) - [Advanced Usage - Storj Docs](#advanced-usage-storj-docs) - [access remove - Storj Docs](#access-remove-storj-docs) - [An Overview of Building Storj Connectors - Storj Docs](#an-overview-of-building-storj-connectors-storj-docs) - [Understanding Hierarchical Data Structure and Advanced Terminology - Storj Docs](#understanding-hierarchical-data-structure-and-advanced-terminology-storj-docs) - [Understanding Data Model Consistency - Storj Docs](#understanding-data-model-consistency-storj-docs) - [Sharing Your First Object - Storj Docs](#sharing-your-first-object-storj-docs) - [Linux Configuration for UDP - Storj Docs](#linux-configuration-for-udp-storj-docs) - [Step 1. Understand Prerequisites - Storj Docs](#step-1-understand-prerequisites-storj-docs) - [Quickstart Uplink CLI - Storj Docs](#quickstart-uplink-cli-storj-docs) - [Interacting With Your First Object CLI - Storj Docs](#interacting-with-your-first-object-cli-storj-docs) - [meta get - Storj Docs](#meta-get-storj-docs) - [rb - Storj Docs](#rb-storj-docs) - [Step 3. Configure QUIC - Storj Docs](#step-3-configure-quic-storj-docs) - [Step 5. Install Node Software - Storj Docs](#step-5-install-node-software-storj-docs) - [Delete an Object - Storj Docs](#delete-an-object-storj-docs) - [List an Object - Storj Docs](#list-an-object-storj-docs) - [access inspect - Storj Docs](#access-inspect-storj-docs) - [Understanding Security & Access Management - Storj Docs](#understanding-security-access-management-storj-docs) - [ZkSync Payments - Storj Docs](#zksync-payments-storj-docs) - [access import - Storj Docs](#access-import-storj-docs) - [access register - Storj Docs](#access-register-storj-docs) - [access use - Storj Docs](#access-use-storj-docs) - [Understanding Storj's Edge Services - Storj Docs](#understanding-storj-s-edge-services-storj-docs) - [Setting Up Custom Domains - Storj Docs](#setting-up-custom-domains-storj-docs) - [Download an Object - Storj Docs](#download-an-object-storj-docs) - [Revoke an Access to an Object - Storj Docs](#revoke-an-access-to-an-object-storj-docs) - [macOS/FreeBSD Configuration for UDP - Storj Docs](#macos-freebsd-configuration-for-udp-storj-docs) - [Getting started with Storj Testnet on FreeNAS (freeBSD) - Storj Docs](#getting-started-with-storj-testnet-on-freenas-freebsd-storj-docs) - [Comparison: Capability Based Access and Access Control Lists - Storj Docs](#comparison-capability-based-access-and-access-control-lists-storj-docs) - [Revoking Client-Side Delegated Authorization - Storj Docs](#revoking-client-side-delegated-authorization-storj-docs) - [setup - Storj Docs](#setup-storj-docs) - [Understanding Coordination Avoidance in the Storj Network - Storj Docs](#understanding-coordination-avoidance-in-the-storj-network-storj-docs) - [Understanding File Repair in a Distributed Network - Storj Docs](#understanding-file-repair-in-a-distributed-network-storj-docs) - [Create a Bucket - Storj Docs](#create-a-bucket-storj-docs) - [Upload an Object - Storj Docs](#upload-an-object-storj-docs) - [Generating Presigned URLs in Serverless Cloud with Go - Storj Docs](#generating-presigned-urls-in-serverless-cloud-with-go-storj-docs) - [Create Access Grant in CLI - Storj Docs](#create-access-grant-in-cli-storj-docs) - [access revoke - Storj Docs](#access-revoke-storj-docs) - [Storj Data Access Methods - Storj Docs](#storj-data-access-methods-storj-docs) - [Using End-to-End Encryption - Storj Docs](#using-end-to-end-encryption-storj-docs) - [rm - Storj Docs](#rm-storj-docs) - [mv - Storj Docs](#mv-storj-docs) - [Understanding Decentralized Cloud Storage - Storj Docs](#understanding-decentralized-cloud-storage-storj-docs) - [Create an Access Grant - Storj Docs](#create-an-access-grant-storj-docs) - [Uploading Your First Object CLI - Storj Docs](#uploading-your-first-object-cli-storj-docs) - [Dashboard - Storj Docs](#dashboard-storj-docs) - [Setting Up Commercial Storage Nodes - Storj Docs](#setting-up-commercial-storage-nodes-storj-docs) - [Understanding the Multi-region Availability - Storj Docs](#understanding-the-multi-region-availability-storj-docs) - [access create - Storj Docs](#access-create-storj-docs) - [Exploring Encryption Mechanisms - Storj Docs](#exploring-encryption-mechanisms-storj-docs) - [Glossary of Storj Network Terms - Storj Docs](#glossary-of-storj-network-terms-storj-docs) - [CLI Install - Storj Docs](#cli-install-storj-docs) - [GUI Install - Windows - Storj Docs](#gui-install-windows-storj-docs) - [Setting Up a Dashboard for Commercial Storage Nodes - Storj Docs](#setting-up-a-dashboard-for-commercial-storage-nodes-storj-docs) - [Step 4. Create an Identity - Storj Docs](#step-4-create-an-identity-storj-docs) - [Encryption passphrase management comparison - Storj Docs](#encryption-passphrase-management-comparison-storj-docs) - [Understanding Server-Side Encryption - Storj Docs](#understanding-server-side-encryption-storj-docs) - [Implementing Write Once, Read Many (WORM) System - Storj Docs](#implementing-write-once-read-many-worm-system-storj-docs) - [Overview of Common Integration Patterns for Storj Uplink - Storj Docs](#overview-of-common-integration-patterns-for-storj-uplink-storj-docs) - [Set Up Uplink CLI with Access Grant - Storj Docs](#set-up-uplink-cli-with-access-grant-storj-docs) - [View Distribution of an Object - Storj Docs](#view-distribution-of-an-object-storj-docs) - [Payout - Storj Docs](#payout-storj-docs) - [Creating Storage Nodes Using Ansible - Storj Docs](#creating-storage-nodes-using-ansible-storj-docs) - [cp - Storj Docs](#cp-storj-docs) - [Understanding Satellites and Metadata Regions in the Network - Storj Docs](#understanding-satellites-and-metadata-regions-in-the-network-storj-docs) - [QNAP Storage Node App - Storj Docs](#qnap-storage-node-app-storj-docs) - [Docker - Storj Docs](#docker-storj-docs) - [Understanding API Keys and Access Management - Storj Docs](#understanding-api-keys-and-access-management-storj-docs) - [Understanding S3 Compatibility with Storj - Storj Docs](#understanding-s3-compatibility-with-storj-storj-docs) - [Best Use Cases for Distributed Storage Solutions - Storj Docs](#best-use-cases-for-distributed-storage-solutions-storj-docs) - [Managing Encryption Keys - Storj Docs](#managing-encryption-keys-storj-docs) - [Implementing Data Encryption in a Decentralized Network - Storj Docs](#implementing-data-encryption-in-a-decentralized-network-storj-docs) - [Import an Access to an Object - Storj Docs](#import-an-access-to-an-object-storj-docs) - [Step 2. Setup Port Forwarding - Storj Docs](#step-2-setup-port-forwarding-storj-docs) - [access restrict - Storj Docs](#access-restrict-storj-docs) - [Understand and Manage Access Grants - Storj Docs](#understand-and-manage-access-grants-storj-docs) - [Understanding Storj's Auth Service and its Security Layers - Storj Docs](#understanding-storj-s-auth-service-and-its-security-layers-storj-docs) - [Benefits of Edge-Based Authorization Model in Access Management - Storj Docs](#benefits-of-edge-based-authorization-model-in-access-management-storj-docs) - [share - Storj Docs](#share-storj-docs) - [Understanding Data Immutability in Object Storage - Storj Docs](#understanding-data-immutability-in-object-storage-storj-docs) - [Storage Node - Storj Docs](#storage-node-storj-docs) - [Understanding Use Cases for Multiple Encryption Keys - Storj Docs](#understanding-use-cases-for-multiple-encryption-keys-storj-docs) - [Explaining the Linksharing Service - Storj Docs](#explaining-the-linksharing-service-storj-docs) - [Storage Node Dashboard CLI - Storj Docs](#storage-node-dashboard-cli-storj-docs) - [Create an Access to an Object - Storj Docs](#create-an-access-to-an-object-storj-docs) - [Deciding Between Storj Console and CLI - Storj Docs](#deciding-between-storj-console-and-cli-storj-docs) - [Understanding Storj Usage Limits - Storj Docs](#understanding-storj-usage-limits-storj-docs) - [Understanding Key Constructs in Storj Architecture - Storj Docs](#understanding-key-constructs-in-storj-architecture-storj-docs) - [Understanding Encryption Keys and Security - Storj Docs](#understanding-encryption-keys-and-security-storj-docs) - [Understanding File Redundancy: Durability, Expansion Factors, and Erasure Codes - Storj Docs](#understanding-file-redundancy-durability-expansion-factors-and-erasure-codes-storj-docs) - [Software Updates - Storj Docs](#software-updates-storj-docs) - [Options for Multi-tenant Data Partitioning and Isolation - Storj Docs](#options-for-multi-tenant-data-partitioning-and-isolation-storj-docs) - [Storage Node - Storj Docs](#storage-node-storj-docs) - [Getting started with Storj Testnet on Windows - Storj Docs](#getting-started-with-storj-testnet-on-windows-storj-docs) - [Setting Up a Self-Hosted S3 Compatible Gateway - Storj Docs](#setting-up-a-self-hosted-s3-compatible-gateway-storj-docs) - [Key Management for Multi-tenant Data Partitioning and Isolation - Storj Docs](#key-management-for-multi-tenant-data-partitioning-and-isolation-storj-docs) - [Implementing Nextcloud Using Storj - Storj Docs](#implementing-nextcloud-using-storj-storj-docs) - [QNAP Hybrid Backup Sync 3 Overview and Integration with Storj - Storj Docs](#qnap-hybrid-backup-sync-3-overview-and-integration-with-storj-storj-docs) - [Setting Up and Using Mountain Duck - Storj Docs](#setting-up-and-using-mountain-duck-storj-docs) - [Guide to Integrate Photos+ App with Storj - Storj Docs](#guide-to-integrate-photos-app-with-storj-storj-docs) - [Backing up WordPress with UpdraftPlus plugin and Storj - Storj Docs](#backing-up-wordpress-with-updraftplus-plugin-and-storj-storj-docs) - [How to Integrate Zerto with Storj - Storj Docs](#how-to-integrate-zerto-with-storj-storj-docs) - [Getting Started with Rclone Configuration - Storj Docs](#getting-started-with-rclone-configuration-storj-docs) - [Setting Up Plex with Storj for Private Streaming - Storj Docs](#setting-up-plex-with-storj-for-private-streaming-storj-docs) - [How to use Storj with Hugging Face - Storj Docs](#how-to-use-storj-with-hugging-face-storj-docs) - [Guidelines for Integrating HashBackup with Storj - Storj Docs](#guidelines-for-integrating-hashbackup-with-storj-storj-docs) - [Configuring PixelFed with Storj - Storj Docs](#configuring-pixelfed-with-storj-storj-docs) - [Can we use an exchange as a wallet for STORJ tokens? - Storj Docs](#can-we-use-an-exchange-as-a-wallet-for-storj-tokens-storj-docs) - [Integrating Mastodon with Storj: A Comprehensive Guide - Storj Docs](#integrating-mastodon-with-storj-a-comprehensive-guide-storj-docs) - [Managing Files using S3 Browser with Storj - Storj Docs](#managing-files-using-s3-browser-with-storj-storj-docs) - [Guide for Rubrik Integration - Storj Docs](#guide-for-rubrik-integration-storj-docs) - [Guide to Integrating iconik with Storj - Storj Docs](#guide-to-integrating-iconik-with-storj-storj-docs) - [Integration guide for connecting Storj to oCIS - Storj Docs](#integration-guide-for-connecting-storj-to-ocis-storj-docs) - [Guide for MSP360 Integration - Storj Docs](#guide-for-msp360-integration-storj-docs) - [Comprehensive Guide to Integrating Unitrends and Storj - Storj Docs](#comprehensive-guide-to-integrating-unitrends-and-storj-storj-docs) - [Guide on Deploying MongoDB Ops Manager with Storj - Storj Docs](#guide-on-deploying-mongodb-ops-manager-with-storj-storj-docs) - [Using Storj with MASV - Storj Docs](#using-storj-with-masv-storj-docs) - [Guide for Signiant Integration - Storj Docs](#guide-for-signiant-integration-storj-docs) - [How to Integrate Hammerspace with Storj - Storj Docs](#how-to-integrate-hammerspace-with-storj-storj-docs) - [Integrating Kerberos Vault with Distributed Cloud Storage - Storj Docs](#integrating-kerberos-vault-with-distributed-cloud-storage-storj-docs) - [Rucio Integration Guide - Storj Docs](#rucio-integration-guide-storj-docs) - [How can I exchange STORJ tokens to currencies like € or $? - Storj Docs](#how-can-i-exchange-storj-tokens-to-currencies-like-or-storj-docs) - [Velero-based Kubernetes Backup Guide - Storj Docs](#velero-based-kubernetes-backup-guide-storj-docs) - [Using Restic for Backups - Storj Docs](#using-restic-for-backups-storj-docs) - [Integrating Starfish for Large-Scale File Management with Storj - Storj Docs](#integrating-starfish-for-large-scale-file-management-with-storj-storj-docs) - [TrueNAS Integration with Storj for Secure Data Storage - Storj Docs](#truenas-integration-with-storj-for-secure-data-storage-storj-docs) - [Guide to Veeam and Storj Integration - Storj Docs](#guide-to-veeam-and-storj-integration-storj-docs) - [Connecting s3fs to Storj - Storj Docs](#connecting-s3fs-to-storj-storj-docs) - [Integrating Storj with Splunk Analytics - Storj Docs](#integrating-storj-with-splunk-analytics-storj-docs) - [Guide for Integrating LucidLink Filespaces with Storj - Storj Docs](#guide-for-integrating-lucidlink-filespaces-with-storj-storj-docs) - [Workshop - Global Video Content Delivery with Storj and Livepeer - Storj Docs](#workshop-global-video-content-delivery-with-storj-and-livepeer-storj-docs) - [Can Storj use a different blockchain for payments? - Storj Docs](#can-storj-use-a-different-blockchain-for-payments-storj-docs) - [Configure Rclone Natively - Storj Docs](#configure-rclone-natively-storj-docs) - [Audits by satellite - Storj Docs](#audits-by-satellite-storj-docs) - [Using LINSTOR with Storj for Disaster Recovery - Storj Docs](#using-linstor-with-storj-for-disaster-recovery-storj-docs) - [How do I change values like wallet address or storage capacity? - Storj Docs](#how-do-i-change-values-like-wallet-address-or-storage-capacity-storj-docs) - [How do I estimate my potential earnings for a given amount of space and bandwidth? - Storj Docs](#how-do-i-estimate-my-potential-earnings-for-a-given-amount-of-space-and-bandwidth-storj-docs) - [Graceful Exit Guide - Storj Docs](#graceful-exit-guide-storj-docs) - [Storing and Accessing NFTs with OpenSea on Decentralized Cloud - Storj Docs](#storing-and-accessing-nfts-with-opensea-on-decentralized-cloud-storj-docs) - [How do I know the exchange rate for my payout? - Storj Docs](#how-do-i-know-the-exchange-rate-for-my-payout-storj-docs) - [How do I check my logs? - Storj Docs](#how-do-i-check-my-logs-storj-docs) - [Rclone Command Guide - Storj Docs](#rclone-command-guide-storj-docs) - [How do I check my L2 zkSync payouts? - Storj Docs](#how-do-i-check-my-l2-zksync-payouts-storj-docs) - [Automatically Backing Up Tesla Sentry Mode and Dashcam videos - Storj Docs](#automatically-backing-up-tesla-sentry-mode-and-dashcam-videos-storj-docs) - [How do I hold STORJ tokens? What is a valid address or compatible wallet? - Storj Docs](#how-do-i-hold-storj-tokens-what-is-a-valid-address-or-compatible-wallet-storj-docs) - [How is the online score calculated? - Storj Docs](#how-is-the-online-score-calculated-storj-docs) - [How do I check my node when I'm away from my machine? - Storj Docs](#how-do-i-check-my-node-when-i-m-away-from-my-machine-storj-docs) - [How to change the payment address for storagenode (v3 network) - Storj Docs](#how-to-change-the-payment-address-for-storagenode-v3-network-storj-docs) - [How do I estimate my payouts per Satellite? - Storj Docs](#how-do-i-estimate-my-payouts-per-satellite-storj-docs) - [How does held back amount work? - Storj Docs](#how-does-held-back-amount-work-storj-docs) - [How do I shutdown my node for system maintenance? - Storj Docs](#how-do-i-shutdown-my-node-for-system-maintenance-storj-docs) - [Node offline troubleshooting - Storj Docs](#node-offline-troubleshooting-storj-docs) - [How to fix database: file is not a database error - Storj Docs](#how-to-fix-database-file-is-not-a-database-error-storj-docs) - [Set up a storagenode on Odroid HC2 (video tutorial) - Storj Docs](#set-up-a-storagenode-on-odroid-hc2-video-tutorial-storj-docs) - [What if I'm using a remote connection? - Storj Docs](#what-if-i-m-using-a-remote-connection-storj-docs) - [How do I redirect my logs to a file? - Storj Docs](#how-do-i-redirect-my-logs-to-a-file-storj-docs) - [Is an account required to rent out drive space ? - Storj Docs](#is-an-account-required-to-rent-out-drive-space-storj-docs) - [How do I setup static mount via /etc/fstab for Linux? - Storj Docs](#how-do-i-setup-static-mount-via-etc-fstab-for-linux-storj-docs) - [Frequently Asked Questions - Storj Docs](#frequently-asked-questions-storj-docs) - [What if I'm using the CLI Install on Windows / MacOS? - Storj Docs](#what-if-i-m-using-the-cli-install-on-windows-macos-storj-docs) - [Suspension mode - Storj Docs](#suspension-mode-storj-docs) - [Single and multi-node Port forwarding setup - Storj Docs](#single-and-multi-node-port-forwarding-setup-storj-docs) - [How to migrate the Windows GUI node from one physical location to another? - Storj Docs](#how-to-migrate-the-windows-gui-node-from-one-physical-location-to-another-storj-docs) - [What if my machine restarts or shuts down? - Storj Docs](#what-if-my-machine-restarts-or-shuts-down-storj-docs) - [How to fix a "database disk image is malformed" - Storj Docs](#how-to-fix-a-database-disk-image-is-malformed-storj-docs) - [How to remote access the web dashboard - Storj Docs](#how-to-remote-access-the-web-dashboard-storj-docs) - [How to add an additional drive? - Storj Docs](#how-to-add-an-additional-drive-storj-docs) - [Migrating from Docker CLI to a GUI Install on Windows - Storj Docs](#migrating-from-docker-cli-to-a-gui-install-on-windows-storj-docs) - [ERC20-compatible wallet address for STORJ tokens - Storj Docs](#erc20-compatible-wallet-address-for-storj-tokens-storj-docs) - [How do I migrate my node to a new device? - Storj Docs](#how-do-i-migrate-my-node-to-a-new-device-storj-docs) - [Install storagenode on Raspberry Pi3 or higher version - Storj Docs](#install-storagenode-on-raspberry-pi3-or-higher-version-storj-docs) - [Running a V3 Storage Node with VPN - Storj Docs](#running-a-v3-storage-node-with-vpn-storj-docs) - [Migrating from Windows GUI installation to Docker CLI - Storj Docs](#migrating-from-windows-gui-installation-to-docker-cli-storj-docs) - [Why is my node disqualified? - Storj Docs](#why-is-my-node-disqualified-storj-docs) - [Understanding the Storj Console Project Dashboard - Storj Docs](#understanding-the-storj-console-project-dashboard-storj-docs) - [Why is the network not using all of my storage and bandwidth? - Storj Docs](#why-is-the-network-not-using-all-of-my-storage-and-bandwidth-storj-docs) - [Where can I find the config.yaml? - Storj Docs](#where-can-i-find-the-config-yaml-storj-docs) - [Using the Object Browser - Storj Docs](#using-the-object-browser-storj-docs) - [Using the Storj Console - Storj Docs](#using-the-storj-console-storj-docs) - [How can I use the STORJ token as form of payment? - Storj Docs](#how-can-i-use-the-storj-token-as-form-of-payment-storj-docs) - [Why does Storj Labs not pay Storage Node Operators directly in USD? - Storj Docs](#why-does-storj-labs-not-pay-storage-node-operators-directly-in-usd-storj-docs) - [Why am I not storing more data? - Storj Docs](#why-am-i-not-storing-more-data-storj-docs) - [What tax forms do Storage Node Operators need to submit? - Storj Docs](#what-tax-forms-do-storage-node-operators-need-to-submit-storj-docs) - [Why are my payouts so low? - Storj Docs](#why-are-my-payouts-so-low-storj-docs) - [Where can I check for a new version? - Storj Docs](#where-can-i-check-for-a-new-version-storj-docs) - [What is the STORJ token? - Storj Docs](#what-is-the-storj-token-storj-docs) - [What other commands can I run? - Storj Docs](#what-other-commands-can-i-run-storj-docs) - [Object Mount Overview - Storj Docs](#object-mount-overview-storj-docs) - [Need Help Finding Information on Storj? - Storj Docs](#need-help-finding-information-on-storj-storj-docs) - [Storj Engineering Blog | Storj Engineering Blog](#storj-engineering-blog-storj-engineering-blog) - [Adding Users to a Project Team - Storj Docs](#adding-users-to-a-project-team-storj-docs) - [Requesting and Understanding Usage Limit Increases - Storj Docs](#requesting-and-understanding-usage-limit-increases-storj-docs) - [Managing Projects on the Storj Console - Storj Docs](#managing-projects-on-the-storj-console-storj-docs) - [Managing Billing and Payments - Storj Docs](#managing-billing-and-payments-storj-docs) --- # Storj Docs - Storj Docs Make the world your datacenter ============================== Store every byte with Storj's distributed nodes, ensuring your data is everywhere, even before you need it. [Quick Start](https://storj.dev/dcs/getting-started) rclone aws cli uplink rclone copy storj-tree.png storj:my-bucket/ Welcome to the Storj Documentation! [What is Storj](https://storj.dev/#what-is-storj) -------------------------------------------------- Storj is the leading provider of enterprise-grade, globally distributed cloud object storage. It is a drop-in replacement for any S3-compatible object storage that is just as durable but with 99.95% availability and better global performance from a single upload. Storj delivers default multi-region CDN-like performance with zero-trust security at a cost that’s 80% lower than AWS S3. Easily integrated into any existing stack with S3 compatibility, Storj is a trustless, globally distributed network that utilizes existing excess storage capacity making enterprise-grade performance, privacy, and resiliency available with compelling economic benefits. [Main features](https://storj.dev/#main-features) -------------------------------------------------- Some of the main Storj features include: | Feature | Description | | --- | --- | | [S3 Compatibility](https://storj.dev/dcs/api/s3/s3-compatibility) | Change the endpoint and credentials with an S3-compatible tool of your choice and you'll be up and running in minutes. | | [Third-party tools](https://storj.dev/dcs/third-party-tools) | Dozen of compatible tools allowing backups, transferring large files, file management, content delivery, scientific data, and more. | | [End-to-End Encryption](https://storj.dev/learn/concepts/encryption-key) | Own your data with default encryption and user-assigned access grants so no one can view or compromise your data without permission. | | [Cost Efficiency](https://storj.dev/dcs/pricing) | Storage as low as $4.00 per TB per month with $7.00 per TB for egress. | | [Multi-region](https://storj.dev/dcs/buckets/data-location) | Multi-region cloud object storage for all data distributed to tens of thousands of Storage nodes around the world. | | [Open Source](https://github.com/storj) | Take advantage of absolute transparency through our open source code. You are not locked-in to our technology or cost structure. | [How to Use These Docs](https://storj.dev/#how-to-use-these-docs) ------------------------------------------------------------------ On the left side of the screen, you'll find the docs navbar. The pages are organized sequentially that you can follow step-by-step or if you're already familiar with object storage you can jump to the section that applies most to your use case. On the right side of the screen, there's a table of contents to help you move between parts of a page. To find a page fast, use the search bar at the top or press Ctrl+K or Cmd+K on your keyboard. [Join the community](https://storj.dev/#join-the-community) ------------------------------------------------------------ If you're stuck on an issue, chances are someone has seen it before or can help you troubleshoot it. How to build on top of Storj resources, administer servers, write and deploy code, and install and configure open source tools. [https://forum.storj.io/](https://forum.storj.io/) [Getting help](https://storj.dev/#getting-help) ------------------------------------------------ Visit our [Help Center](https://storj.dev/support) for support. Next [Getting started](https://storj.dev/dcs/getting-started) --- # Getting started with Storj: Enterprise-grade Cloud Object Storage - Storj Docs Storj is the leading provider of enterprise-grade, globally distributed cloud object storage. It is a drop-in replacement for any S3-compatible object storage that is just as durable but with 99.95% availability and better global performance from a single upload. Storj delivers default multi-region CDN-like performance with zero-trust security at a [cost that’s 80%](https://storj.dev/dcs/pricing) lower than AWS S3. [Before you begin](https://storj.dev/dcs/getting-started#before-you-begin) --------------------------------------------------------------------------- To get started, create an account with Storj. You'll automatically begin a free trial that gives you access to try our storage with your [third-party tool](https://storj.dev/dcs/third-party-tools) or project. [Sign up](https://storj.io/signup) ----------------------------------- If you've never used Storj before, sign up for a new Storj account [Log in](https://storj.io/login) --------------------------------- If you already have a Storj account, log in to get started [Generate S3 compatible credentials](https://storj.dev/dcs/getting-started#generate-s3-compatible-credentials) --------------------------------------------------------------------------------------------------------------- Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/getting-started#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | [Install command-line tools](https://storj.dev/dcs/getting-started#install-command-line-tools) ----------------------------------------------------------------------------------------------- Storj works with a variety command-line tools. Rclone is recommended for its compatibility with various cloud providers and ease of use. However, some may already be familiar with AWS CLI which is also a suitable option. rcloneaws cli 1. Install rclone sudo -v ; curl https://rclone.org/install.sh | sudo bash sudo -v ; curl https://rclone.org/install.sh | sudo bash CopyCopied! Or use an [alternative method](https://rclone.org/downloads/) 2. Configure rclone Edit the rclone config file directly, you can find where it is stored by running the following: $rclone config fileConfiguration file is stored at:/Users/dan/.config/rclone/rclone.conf $rclone config fileConfiguration file is stored at:/Users/dan/.config/rclone/rclone.conf CopyCopied! In `rclone.conf`, set the `access_key_id` and `secret_access_key` with the S3 compatible credentials created above. ~/.config/rclone/rclone.conf [storj]type = s3provider = Storjaccess_key_id = access_key # REPLACE MEsecret_access_key = secret_key # REPLACE MEendpoint = gateway.storjshare.iochunk_size = 64Midisable_checksum = true [storj]type = s3provider = Storjaccess_key_id = access_key # REPLACE MEsecret_access_key = secret_key # REPLACE MEendpoint = gateway.storjshare.iochunk_size = 64Midisable_checksum = true CopyCopied! [Create a bucket](https://storj.dev/dcs/getting-started#create-a-bucket) ------------------------------------------------------------------------- Now that the command-line tool is configured, let's make a bucket to store our files. rcloneaws cli $rclone mkdir storj:my-bucket $rclone mkdir storj:my-bucket CopyCopied! [List buckets](https://storj.dev/dcs/getting-started#list-buckets) ------------------------------------------------------------------- The bucket will show up in our bucket list (not to be mistaken with a life's to-do list) rcloneaws cli # `lsf` is non-recursive, while `ls` is recursive$rclone lsf storj:my-bucket/ # `lsf` is non-recursive, while `ls` is recursive$rclone lsf storj:my-bucket/ CopyCopied! [Upload file](https://storj.dev/dcs/getting-started#upload-file) ----------------------------------------------------------------- Next we'll upload a file. Here is an example image of a tree growing hard drives (while Storj doesn't grow hard drives on trees, it does emphasize [sustainability](https://www.storj.io/benefits/sustainability) ). Right-click on it and save as `storj-tree.png` to your Downloads. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-tree.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-tree.png) Copy the file to your bucket. rcloneaws cli $rclone copy ~/Downloads/storj-tree.png storj:my-bucket/ $rclone copy ~/Downloads/storj-tree.png storj:my-bucket/ CopyCopied! [Download file](https://storj.dev/dcs/getting-started#download-file) --------------------------------------------------------------------- To retrieve the file, use the same command as upload but reverse the order of the arguments rcloneaws cli $rclone copy storj:my-bucket/ ~/Downloads/storj-tree-2.png $rclone copy storj:my-bucket/ ~/Downloads/storj-tree-2.png CopyCopied! [List files](https://storj.dev/dcs/getting-started#list-files) --------------------------------------------------------------- Let's see what files we have in the bucket. rcloneaws cli $rclone ls storj:my-bucket 133220 storj-tree.png $rclone ls storj:my-bucket 133220 storj-tree.png CopyCopied! Yep there's the Storj tree! [Delete file](https://storj.dev/dcs/getting-started#delete-file) ----------------------------------------------------------------- Okay time to remove the file. rcloneaws cli $rclone deletefile storj:my-bucket/storj-tree.png $rclone deletefile storj:my-bucket/storj-tree.png CopyCopied! [Delete buckets](https://storj.dev/dcs/getting-started#delete-buckets) ----------------------------------------------------------------------- Last but not least, we'll delete the bucket. rcloneaws cli $rclone rmdir storj:my-bucket $rclone rmdir storj:my-bucket CopyCopied! ### [Delete a non-empty bucket](https://storj.dev/dcs/getting-started#delete-a-non-empty-bucket) rcloneaws cli $rclone purge storj:my-bucket $rclone purge storj:my-bucket CopyCopied! [Next Steps](https://storj.dev/dcs/getting-started#next-steps) --------------------------------------------------------------- Congratulations on getting started with Storj! Previous [Overview](https://storj.dev/) Next [Migrate](https://storj.dev/dcs/migrate) --- # Migrate - Storj Docs Storj is a viable alternative to other object storage solutions like AWS S3, Wasabi, and Backblaze by blending cost-effectiveness with global distribution, targeting to deliver CDN-like performance. Here are some primary advantages: | Feature | Description | | --- | --- | | [Cost Efficiency](https://storj.dev/dcs/pricing) | Storage as low as $4.00 per TB per month with $7.00 per TB for egress. | | [Multi-region](https://storj.dev/dcs/buckets/data-location) | Multi-region cloud object storage for all data distributed to tens of thousands of Storage nodes around the world. | | [CDN-like Performance](https://www.storj.io/blog/why-todays-cloud-storage-has-inconsistent-performance-and-how-to-fix-it) | No need to add on costs for CDNs, thanks to Storj's global distribution of data nodes | [Migration Guides](https://storj.dev/dcs/migrate#migration-guides) ------------------------------------------------------------------- [Migrate from Wasabi to Storj](https://storj.dev/dcs/migrate/wasabi) [Migrate from Backblaze to Storj](https://storj.dev/dcs/migrate/backblaze) Previous [Getting started](https://storj.dev/dcs/getting-started) Next [Migrate from Backblaze to Storj](https://storj.dev/dcs/migrate/backblaze) --- # Creating Buckets Using Different Tools - Storj Docs You can create a bucket from various command-line tools or the Storj Console. rcloneaws cliuplinkStorj Console $rclone mkdir storj:my-bucket $rclone mkdir storj:my-bucket CopyCopied! Previous [Migrate from Wasabi to Storj](https://storj.dev/dcs/migrate/wasabi) Next [Delete buckets](https://storj.dev/dcs/buckets/delete-buckets) --- # Data Location - Storj Docs Storj is globally distributed by default and has [more consistent performance](https://www.storj.io/blog/why-todays-cloud-storage-has-inconsistent-performance-and-how-to-fix-it) than a single region on AWS S3 across many geographic locations. When a download is requested on Storj, the segments located closest to the destination are typically used to satisfy the request as illustrated in the graphic below. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj_download_distributed_cloud.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj_download_distributed_cloud.png) [Setting the region](https://storj.dev/dcs/buckets/data-location#setting-the-region) ------------------------------------------------------------------------------------- Most [S3 compatible tools](https://storj.dev/dcs/third-party-tools) require setting a region in their configuration. For these tools, the region can be set to `global`. const s3Client = new S3.S3Client({ region: 'global' }) const s3Client = new S3.S3Client({ region: 'global' }) CopyCopied! Previous [Public Buckets](https://storj.dev/dcs/buckets/public-buckets) Next [Object Lifecycles](https://storj.dev/dcs/buckets/object-lifecycles) --- # Creating Public Buckets and Embedding Content - Storj Docs Storj supports public access with a `LINKSHARINGKEY`, which similar to public buckets on S3 but has more [fine-grained controls](https://storj.dev/dcs/api/uplink-cli/share-command#flags) . To generate a `LINKSHARINGKEY` and make your bucket public: uplinkStorj Console uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET CopyCopied! [Embeddable Content](https://storj.dev/dcs/buckets/public-buckets#embeddable-content) -------------------------------------------------------------------------------------- The share from above will give you a browser URL linking to the default Storj share page. It will be of the form `https://link.storjshare.io/s/LINKSHARINGKEY/BUCKET/`. To make the content embeddable insert `/raw/` before `LINKSHARINGKEY` (you may need to swap `/s/` for `/raw/` instead). This prefix can then be used to access anything in the bucket. For example, to access two different images: https://link.storjshare.io/raw/LINKSHARINGKEY/BUCKET/my\_image1.png https://link.storjshare.io/raw/LINKSHARINGKEY/BUCKET/my\_image2.png Previous [Bucket Event Notifications](https://storj.dev/dcs/buckets/bucket-eventing) Next [Data Location](https://storj.dev/dcs/buckets/data-location) --- # Understanding Cross-Origin Resource Sharing (CORS) with Storj's S3 API - Storj Docs [Understanding CORS on Storj's S3 Compatible API](https://storj.dev/dcs/buckets/cors#understanding-cors-on-storjs-s3-compatible-api) ------------------------------------------------------------------------------------------------------------------------------------- Storj's [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) automatically includes a permissive CORS policy by default. All responses from this API contain the header `Access-Control-Allow-Origin: *`, indicating that resources can be accessed from any domain. This eliminates the need for users to configure CORS settings individually. It's important to be aware of the security implications of this open approach, as it allows unrestricted cross-origin access to the stored data. Users should ensure that their usage scenarios align with the inherent openness of this policy. Previous [Bucket Logging (Available Upon Request)](https://storj.dev/dcs/buckets/bucket-logging) Next [Object Listings](https://storj.dev/dcs/buckets/object-listings) --- # How to migrate from Backblaze to Storj - Storj Docs This article will discuss the migration process from Backblaze to Storj using the rclone tool, a command-line program to manage files on cloud storage. [Prerequisites](https://storj.dev/dcs/migrate/backblaze#prerequisites) ----------------------------------------------------------------------- Before starting the migration process, you'll need to have the following: 1. Access to both your Backblaze and Storj accounts. * Navigate to [https://storj.io/signup?partner=rclone](https://storj.io/signup?partner=rclone)  to sign up or log in to an existing Storj account. 2. Installed and configured rclone on your machine. [Why Rclone?](https://storj.dev/dcs/migrate/backblaze#why-rclone) ------------------------------------------------------------------ Rclone is a command-line program written in Go language, which is designed to sync files and directories from different cloud storage providers. It allows for easy migration, syncs directories and files, checks file hashes, and even modifies drives. It works with a wide range of cloud storage providers, including Backblaze and Storj, which makes it an excellent tool for our use-case. [Alternative to Backblaze](https://storj.dev/dcs/migrate/backblaze#alternative-to-backblaze) --------------------------------------------------------------------------------------------- Storj is a great alternative to Backblaze because it utilizes a distributed cloud model allowing for faster global data access and retrieval compared to Backblaze's centralized model. Storj is also more cost-effective with its lower price per gigabyte for storage and bandwidth. [Install rclone](https://storj.dev/dcs/migrate/backblaze#install-rclone) ------------------------------------------------------------------------- Visit [https://rclone.org/install/](https://rclone.org/install/) for instructions on how to install rclone. [Create Access Credentials](https://storj.dev/dcs/migrate/backblaze#create-access-credentials) ----------------------------------------------------------------------------------------------- Before using rclone, we'll need to create `keyID` and `applicationKey` for Backblaze and an access grant for Storj. Creation of a new pair of `keyID` and `applicationKey` on Backblaze would create an another owner. So, if you plan to relink a HyperBackup, for example, with a bucket on Storj after migration, you need to use the same pair of `keyID` and `applicationKey`, as used by HyperBackup, otherwise the owner will be different and HyperBackup will not allow you to select the Storj bucket to relink. ### [Backblaze Account and Key](https://storj.dev/dcs/migrate/backblaze#backblaze-account-and-key) Use your Backblaze account credentials to log in to the Backblaze Management Console. 1. Click `Application Keys` from the left side menu under Accounts [![Account application keys](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_application_keys.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_application_keys.png) 2. Click `Add a New Application Key` button [![create a b2 application key](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_new_application_key.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_new_application_key.png) 3. Populate the name of the key and Click the `Create New Key` button [![create new b2 application key](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_add_application_key.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_add_application_key.png) 4. Save the `keyID` and `applicationKey` as you'll need those later to configure rclone [![b2 application key](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_account_key.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b2_account_key.png) ### [Create Storj Access Grant](https://storj.dev/dcs/migrate/backblaze#create-storj-access-grant) A Storj access grant is a serialized, self-contained credential that allows users to access a specific bucket, or object, within a Storj project. It encapsulates everything needed for authentication and authorization on the Storj network. Create Access Grant in the Storj Console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access-grant) * **Type:** Access Grant 4. Click **Next** to provide permissions, either Full Access or Advanced: * **Permissions:** All * **Buckets:** Feel free to specify the bucket (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) 5. Click **Next** to provide Access encryption Information (Skip this section if you have opted into [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase **This passphrase is important!** Encryption keys derived from it are used to encrypt your data at rest, and your data will have to be re-uploaded if you want it to change! Importantly, if you want two access grants to have access to the same data, **they must use the same passphrase**. You won't be able to access your data if the passphrase in your access grant is different than the passphrase you uploaded the data with. Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6. Click **Create Access** to finish creation of your Access key. 7. Click **Confirm** the Confirm details pop-up message 8. Your Access Grant is created. Write it down and store it, or click the **Download** button. You will need the Access Grant for the following steps. [Update Rclone config](https://storj.dev/dcs/migrate/backblaze#update-rclone-config) ------------------------------------------------------------------------------------- After getting your access keys for Storj and Backblaze, you need to configure rclone. We'll edit the rclone config directory directly, but you can also run `rclone config` for a more interactive experience. We'll edit the rclone config file directly, you can find where it is stored by running the following: rclone config file rclone config file CopyCopied! Command output will look like this > Configuration file is stored at: /Users/dan/.config/rclone/rclone.conf Edit `~/.config/rclone/rclone.conf` with the access keys created above and the values below (see sample file). **Backblaze:** * **\[backblaze\]**: This is the section name for the configuration. * **type = b2**: This refers to the type of storage you are interacting with, in this case 'b2' for Backblaze * **account**: Use your Backblaze account ID or keyID. This is a unique identifier for your Backblaze account, used to ensure that rclone accesses the correct account. * **key:** Use your Backblaze application key. The application key is a credential that grants rclone the necessary permissions to access and manipulate the data in your Backblaze B2 buckets. **Storj:** * **\[storj\]**: This is the section name for the configuration. * **type = storj**: This indicates that the type of storage is Storj. * **access\_grant**: The **access\_grant** is a serialized access grant string which encapsulates all necessary information to list or download objects. Replace with the actual access grant created previously. `~/.config/rclone/rclone.conf` [backblaze]type = b2account = keyID # REPLACE MEkey = applicationKey # REPLACE ME[storj]type = storjaccess_grant = access_grant # REPLACE ME [backblaze]type = b2account = keyID # REPLACE MEkey = applicationKey # REPLACE ME[storj]type = storjaccess_grant = access_grant # REPLACE ME CopyCopied! [Migrate data](https://storj.dev/dcs/migrate/backblaze#migrate-data) --------------------------------------------------------------------- Once the configuration is done, you can use the `rclone sync` command to migrate data from Backblaze to Storj. The syntax is as follows: Be mindful of potential network costs due to high egress traffic when running rclone for large data migrations on your machine. Replace `my-backblaze-bucket` with the name of your specific bucket. This command will sync the contents from your Backblaze bucket to your Storj bucket, effectively migrating the data. rclone sync --progress backblaze:my-backblaze-bucket storj:my-backblaze-bucket rclone sync --progress backblaze:my-backblaze-bucket storj:my-backblaze-bucket CopyCopied! [Post-Migration Steps](https://storj.dev/dcs/migrate/backblaze#post-migration-steps) ------------------------------------------------------------------------------------- After migration, validate the data integrity in your Storj bucket by running `rclone check` rclone check backblaze:my-backblaze-bucket storj:my-backblaze-bucket rclone check backblaze:my-backblaze-bucket storj:my-backblaze-bucket CopyCopied! This command will compare the source (Backblaze) and destination (Storj) and report any discrepancies. You can also see the contents of your Backblaze bucket in the Storj Web Console. Previous [Migrate](https://storj.dev/dcs/migrate) Next [Migrate from Wasabi to Storj](https://storj.dev/dcs/migrate/wasabi) --- # Uploading and Downloading Files Guide - Storj Docs [Upload file](https://storj.dev/dcs/objects#upload-file) --------------------------------------------------------- Copy a file to your bucket. rcloneaws cliuplinkStorj Console $rclone copy ~/Downloads/storj-tree.png storj:my-bucket/ $rclone copy ~/Downloads/storj-tree.png storj:my-bucket/ CopyCopied! [Download file](https://storj.dev/dcs/objects#download-file) ------------------------------------------------------------- Copy a file from your bucket. rcloneaws cliuplinkStorj Console $rclone copy storj:my-bucket/ ~/Downloads/storj-tree-2.png $rclone copy storj:my-bucket/ ~/Downloads/storj-tree-2.png CopyCopied! [Locking an Object](https://storj.dev/dcs/objects#locking-an-object) --------------------------------------------------------------------- ### [Locking a New Object Upon Upload](https://storj.dev/dcs/objects#locking-a-new-object-upon-upload) aws cliStorj Console aws s3api put-object \ --bucket my-object-lock-bucket \ --key my-file.txt \ --body my-file.txt \ --object-lock-mode COMPLIANCE \ --object-lock-retain-until-date 2025-01-01T00:00:00Z \ --endpoint-url https://gateway.storjshare.io aws s3api put-object \ --bucket my-object-lock-bucket \ --key my-file.txt \ --body my-file.txt \ --object-lock-mode COMPLIANCE \ --object-lock-retain-until-date 2025-01-01T00:00:00Z \ --endpoint-url https://gateway.storjshare.io CopyCopied! ### [Locking an Existing Object](https://storj.dev/dcs/objects#locking-an-existing-object) aws cliStorj Console aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "Mode=COMPLIANCE,RetainUntilDate=2025-06-01T00:00:00Z" \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "Mode=COMPLIANCE,RetainUntilDate=2025-06-01T00:00:00Z" \ --endpoint-url https://gateway.storjshare.io CopyCopied! ### [Extending Retention Period](https://storj.dev/dcs/objects#extending-retention-period) Retention periods can only be extended, not reduced. The Storj Console currently doesn't allow removal of retention periods in Governance Mode - see below for S3 usage to perform this action. aws cliStorj Console aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "Mode=COMPLIANCE,RetainUntilDate=2025-07-01T00:00:00Z" \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "Mode=COMPLIANCE,RetainUntilDate=2025-07-01T00:00:00Z" \ --endpoint-url https://gateway.storjshare.io CopyCopied! ### [Bypassing Governance Mode](https://storj.dev/dcs/objects#bypassing-governance-mode) A user with the `BypassGovernanceRetention` permission may remove the retention period for an object locked with Governance Mode using the AWS CLI or other AWS SDK. The Storj Console currently doesn't support this feature. **Governance Mode Override Permissions** By default, the account owner and any user with default project access have Governance Mode override permissions due to Storj's macaroon-based access system, which restricts capabilities rather than explicitly granting permissions. To avoid unintentionally granting Governance Mode override permissions, use S3 credentials that explicitly restrict this capability for any operations involving Object Lock. Note: Storj does not currently support role-based access controls (RBAC) for default restrictions by roles. This functionality may be added in the future. aws cli aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "{}" \ --bypass-governance-retention \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-retention \ --bucket my-object-lock-bucket \ --key my-file.txt \ --version-id \ --retention "{}" \ --bypass-governance-retention \ --endpoint-url https://gateway.storjshare.io CopyCopied! Previous [Preferred storage region](https://storj.dev/dcs/buckets/preferred-storage-region) Next [S3 Compatibility](https://storj.dev/dcs/api/s3/s3-compatibility) --- # How to migrate from Wasabi to Storj - Storj Docs This article will discuss the migration process from Wasabi to Storj using the rclone tool, a command-line program to manage files on cloud storage. For a cost comparison between Wasabi and Storj, see [https://www.storj.io/landing/wasabi-comparison](https://www.storj.io/landing/wasabi-comparison) . [Prerequisites](https://storj.dev/dcs/migrate/wasabi#prerequisites) -------------------------------------------------------------------- Before starting the migration process, you'll need to have the following: 1. Access to both your Wasabi and Storj accounts. * Navigate to [https://storj.io/signup?partner=rclone](https://storj.io/signup?partner=rclone)  to sign up or log in to an existing Storj account. 2. Installed and configured rclone on your machine. [Why Rclone?](https://storj.dev/dcs/migrate/wasabi#why-rclone) --------------------------------------------------------------- Rclone is a command-line program written in Go language, which is designed to sync files and directories from different cloud storage providers. It allows for easy migration, syncs directories and files, checks file hashes, and even modifies drives. It works with a wide range of cloud storage providers, including Wasabi and Storj, which makes it an excellent tool for our use-case. [Install rclone](https://storj.dev/dcs/migrate/wasabi#install-rclone) ---------------------------------------------------------------------- Visit [https://rclone.org/install/](https://rclone.org/install/) for instructions on how to install rclone. [Create Access Credentials](https://storj.dev/dcs/migrate/wasabi#create-access-credentials) -------------------------------------------------------------------------------------------- Before using rclone, we'll need to create access and a secret key for Wasabi and an access grant for Storj. ### [Wasabi Access and Secret Key](https://storj.dev/dcs/migrate/wasabi#wasabi-access-and-secret-key) Use your Wasabi account credentials to log in to the Wasabi Management Console. 1. Click `Access Keys` from the left side menu 2. Click `CREATE ACCESS KEY` button under the Access Keys heading [![create a wasabi access key](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bDKe-207rFZXgsmC3e9Mn_screenshot-2023-07-05-at-22731-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bDKe-207rFZXgsmC3e9Mn_screenshot-2023-07-05-at-22731-pm.png) Once the key is created, you can view and copy the Access Key and Secret Key. Make sure to store these securely as the Secret Key cannot be retrieved again and will be needed later on. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1rp53j9mBwkYEoYKOzUqK_screenshot-2023-07-05-at-21415-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1rp53j9mBwkYEoYKOzUqK_screenshot-2023-07-05-at-21415-pm.png) ### [Create Storj Access Grant](https://storj.dev/dcs/migrate/wasabi#create-storj-access-grant) A Storj access grant is a serialized, self-contained credential that allows users to access a specific bucket, or object, within a Storj project. It encapsulates everything needed for authentication and authorization on the Storj network. Create Access Grant in the Storj Console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access-grant) * **Type:** Access Grant 4. Click **Next** to provide permissions, either Full Access or Advanced: * **Permissions:** All * **Buckets:** Feel free to specify the bucket (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) 5. Click **Next** to provide Access encryption Information (Skip this section if you have opted into [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase **This passphrase is important!** Encryption keys derived from it are used to encrypt your data at rest, and your data will have to be re-uploaded if you want it to change! Importantly, if you want two access grants to have access to the same data, **they must use the same passphrase**. You won't be able to access your data if the passphrase in your access grant is different than the passphrase you uploaded the data with. Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6. Click **Create Access** to finish creation of your Access key. 7. Click **Confirm** the Confirm details pop-up message 8. Your Access Grant is created. Write it down and store it, or click the **Download** button. You will need the Access Grant for the following steps. [Update Rclone config](https://storj.dev/dcs/migrate/wasabi#update-rclone-config) ---------------------------------------------------------------------------------- After getting your access keys for Storj and Wasabi, you need to configure rclone. We'll edit the rclone config directory directly, but you can also run `rclone config` for a more interactive experience. We'll edit the rclone config file directly, you can find where it is stored by running the following: rclone config file rclone config file CopyCopied! Command output will look like this > Configuration file is stored at: /Users/dan/.config/rclone/rclone.conf Edit `~/.config/rclone/rclone.conf` with the access keys created above and the values below (see sample file). **Wasabi:** * **\[wasabi\]**: This is the section name for the configuration. * **type = s3**: This refers to the type of storage you are interacting with, in this case 's3' for Simple Storage Service, a type of cloud storage. * **provider = Wasabi**: This indicates that the provider of the storage service is Wasabi. * **access\_key\_id**: Replace with your actual Wasabi access key created previously. * **secret\_access\_key**: Replace with your actual Wasabi secret key created previously. * **endpoint**: This points to the Wasabi service endpoint. The value depends on the region of your Wasabi storage. Replace the placeholder with the endpoint that corresponds to your Wasabi service region. * **acl = private**: This represents the Access Control List (ACL) policy for your objects. 'private' means that the objects are only accessible to the owner of the bucket. **Storj:** * **\[storj\]**: This is the section name for the configuration. * **type = storj**: This indicates that the type of storage is Storj. * **access\_grant**: The **access\_grant** is a serialized access grant string which encapsulates all necessary information to list or download objects. Replace with the actual access grant created previously. `~/.config/rclone/rclone.conf` [wasabi]type = s3provider = Wasabiaccess_key_id = access_key # REPLACE MEsecret_access_key = secret_key # REPLACE MEendpoint = s3.us-central-1.wasabisys.com # REPLACE MEacl = private[storj]type = storjaccess_grant = access_grant # REPLACE ME [wasabi]type = s3provider = Wasabiaccess_key_id = access_key # REPLACE MEsecret_access_key = secret_key # REPLACE MEendpoint = s3.us-central-1.wasabisys.com # REPLACE MEacl = private[storj]type = storjaccess_grant = access_grant # REPLACE ME CopyCopied! [Migrate data](https://storj.dev/dcs/migrate/wasabi#migrate-data) ------------------------------------------------------------------ Once the configuration is done, you can use the `rclone sync` command to migrate data from Wasabi to Storj. The syntax is as follows: Be mindful of potential network costs due to high egress traffic when running rclone for large data migrations on your machine. Replace `my-wasabi-bucket` with the name of your specific bucket. This command will sync the contents from your Wasabi bucket to your Storj bucket, effectively migrating the data. rclone sync --progress wasabi:my-wasabi-bucket storj:my-wasabi-bucket rclone sync --progress wasabi:my-wasabi-bucket storj:my-wasabi-bucket CopyCopied! [Post-Migration Steps](https://storj.dev/dcs/migrate/wasabi#post-migration-steps) ---------------------------------------------------------------------------------- After migration, validate the data integrity in your Storj bucket by running `rclone check` rclone check wasabi:my-wasabi-bucket storj:my-wasabi-bucket rclone check wasabi:my-wasabi-bucket storj:my-wasabi-bucket CopyCopied! This command will compare the source (Wasabi) and destination (Storj) and report any discrepancies. You can also see the contents of your Wasabi bucket in the Storj Web Console. Previous [Migrate from Backblaze to Storj](https://storj.dev/dcs/migrate/backblaze) Next [Create buckets](https://storj.dev/dcs/buckets/create-buckets) --- # Storj Managed vs. Self-Managed Encryption S3 Compatibility Differences - Storj Docs [Listing Endpoints Behavior](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences#listing-endpoints-behavior) --------------------------------------------------------------------------------------------------------------------------------------------------------------------- The behavior of listing endpoints depends on the [encryption model](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) configured for your project. | Encryption Type | S3 Compatibility | | --- | --- | | **Self-Managed Encryption** | **Limited** (Restricted sorting/filtering) | | **Storj Managed Encryption** | **Full** (Fully S3-compatible) | ### [Self-Managed Encryption](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences#self-managed-encryption) When using **Self-Managed Encryption**, object keys are end-to-end encrypted. This prevents the listing endpoint from deciphering the keys, which affects sorting and filtering. * **Standard Listing:** For requests using a forward-slash (`/`) as a prefix terminator or delimiter, results are returned in the lexicographical order of the _encrypted_ object keys. This often differs from the expected alphabetical order of the decrypted keys. Clients should not rely on ordering in these cases. * **Exhaustive Listing:** For requests using non-standard prefixes or delimiters (not ending in `/`), the endpoint performs an "exhaustive listing." This filters object keys server-side to return results in the correct (decrypted) lexicographical order. **Limitations:** 1. **New Projects:** Projects created after **November 30, 2025**, cannot use exhaustive listing. Requests triggering this behavior will fail with a `501 Not Implemented` error. 2. **Large Buckets:** Exhaustive listing does not work for buckets containing hundreds of thousands of objects. Users requiring these features should use Storj Managed Encryption. ### [Storj Managed Encryption](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences#storj-managed-encryption) If your project uses **Storj Managed Encryption**, object keys are **encrypted using server-managed keys**. This allows the system to process object keys directly, ensuring that Storj's S3 listing endpoints are **fully S3-compatible**. Requests can use arbitrary prefixes and/or delimiters. These requests utilize an optimized execution path, offering superior performance compared to Self-Managed Encryption. Storj recommends Storj Managed Encryption for all new projects requiring high performance and strict S3 compatibility. Previous [S3 Compatibility](https://storj.dev/dcs/api/s3/s3-compatibility) Next [Multipart Upload](https://storj.dev/dcs/api/s3/multipart-upload) --- # SDKs - Storj Docs The `libuplink` developer library is written for the Go language. This will allow you to integrate with the object store programmatically. `libuplink` contains a number of interesting components, including pre-written code and subroutines, classes, values or type specifications, message templates, configuration walkthroughs, and great documentation. Storj currently has community contributed bindings for Python, Swift, .Net, PHP, and Node.js. Below are Storj's provided bindings: * [Go](https://github.com/storj/uplink) * [C](https://github.com/storj/uplink-c) * [Android](https://github.com/storj/uplink-android) * [Java](https://github.com/storj/uplink-java) * [NodeJS](https://www.npmjs.com/package/uplink-nodejs) * [Swift](https://github.com/storj-thirdparty/uplink-swift) Please also take a look on third party libraries and tools: [Storj Third Party Github](https://github.com/storj-thirdparty) Previous [Using presigned URLs](https://storj.dev/dcs/api/s3/presigned-urls) Next [Storj IPFS Pinning Service (Beta)](https://storj.dev/dcs/api/storj-ipfs-pinning) --- # Using Object Lock to Protect Data - Storj Docs Object Lock allows you to protect objects from being deleted or overwritten for a specified period or indefinitely. Object Lock operates in three modes: * **Governance Mode**: Protects objects against accidental deletion but allows authorized users to bypass the lock. * **Compliance Mode**: Provides immutable protection; no user can delete or modify the object until the retention period expires. * **Legal Hold**: Prevents an object from being deleted until the legal hold is explicitly removed, regardless of retention settings. **Governance Mode Override Permissions** By default, the account owner and any user with default project access have Governance Mode override permissions due to Storj's macaroon-based access system, which restricts capabilities rather than explicitly granting permissions. To avoid unintentionally granting Governance Mode override permissions, use S3 credentials that explicitly restrict this capability for any operations involving Object Lock. Note: Storj does not currently support role-based access controls (RBAC) for default restrictions by roles. This functionality may be added in the future. [Enabling Object Lock on a Bucket](https://storj.dev/dcs/buckets/object-lock#enabling-object-lock-on-a-bucket) --------------------------------------------------------------------------------------------------------------- ### [For New Buckets](https://storj.dev/dcs/buckets/object-lock#for-new-buckets) aws cliStorj Console aws s3api create-bucket \ --bucket my-object-lock-bucket \ --object-lock-enabled-for-bucket \ --endpoint-url https://gateway.storjshare.io aws s3api create-bucket \ --bucket my-object-lock-bucket \ --object-lock-enabled-for-bucket \ --endpoint-url https://gateway.storjshare.io CopyCopied! ### [For Existing Buckets](https://storj.dev/dcs/buckets/object-lock#for-existing-buckets) #### [Step 1: Enable Versioning](https://storj.dev/dcs/buckets/object-lock#step-1-enable-versioning) aws cliStorj Console aws s3api put-bucket-versioning \ --bucket my-existing-bucket \ --versioning-configuration Status=Enabled \ --endpoint-url https://gateway.storjshare.io aws s3api put-bucket-versioning \ --bucket my-existing-bucket \ --versioning-configuration Status=Enabled \ --endpoint-url https://gateway.storjshare.io CopyCopied! #### [Step 2: Enable Object Lock](https://storj.dev/dcs/buckets/object-lock#step-2-enable-object-lock) aws cliStorj Console aws s3api put-object-lock-configuration \ --bucket my-existing-bucket \ --object-lock-configuration "ObjectLockEnabled=Enabled" \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-lock-configuration \ --bucket my-existing-bucket \ --object-lock-configuration "ObjectLockEnabled=Enabled" \ --endpoint-url https://gateway.storjshare.io CopyCopied! [Adding, Updating, and Deleting a Default Object Lock Configuration](https://storj.dev/dcs/buckets/object-lock#adding-updating-and-deleting-a-default-object-lock-configuration) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Default Object Lock configurations apply retention settings to all new objects uploaded to the bucket. ### [Add/Update Default Configuration](https://storj.dev/dcs/buckets/object-lock#add-update-default-configuration) aws cliStorj Console aws s3api put-object-lock-configuration \ --bucket my-object-lock-bucket \ --object-lock-configuration "ObjectLockEnabled=Enabled,Rule={DefaultRetention={Mode=GOVERNANCE,Days=30}}" \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-lock-configuration \ --bucket my-object-lock-bucket \ --object-lock-configuration "ObjectLockEnabled=Enabled,Rule={DefaultRetention={Mode=GOVERNANCE,Days=30}}" \ --endpoint-url https://gateway.storjshare.io CopyCopied! ### [Delete Default Configuration](https://storj.dev/dcs/buckets/object-lock#delete-default-configuration) aws cliStorj Console aws s3api put-object-lock-configuration \ --bucket my-object-lock-bucket \ --object-lock-configuration 'ObjectLockEnabled=Enabled' \ --endpoint-url https://gateway.storjshare.io aws s3api put-object-lock-configuration \ --bucket my-object-lock-bucket \ --object-lock-configuration 'ObjectLockEnabled=Enabled' \ --endpoint-url https://gateway.storjshare.io CopyCopied! [Object Operations](https://storj.dev/dcs/buckets/object-lock#object-operations) --------------------------------------------------------------------------------- Please see the docs for [Locking an Object](https://storj.dev/dcs/objects#locking-an-object) . [Important Notes](https://storj.dev/dcs/buckets/object-lock#important-notes) ----------------------------------------------------------------------------- * **Object Version Required**: Locking an existing object requires the version id to be specified. * **Retention Rules**: The retention period can only be extended, not reduced or removed. * **Mutual Exclusivity with TTL**: Objects with active [TTL Settings](https://storj.dev/dcs/buckets/object-lifecycles) cannot be locked, and locked objects cannot have TTL applied. * **S3 Compatibility**: For full S3 compatibility information please see [Object Lock](https://storj.dev/dcs/api/s3/object-lock) Previous [Delete buckets](https://storj.dev/dcs/buckets/delete-buckets) Next [Bucket Event Notifications](https://storj.dev/dcs/buckets/bucket-eventing) --- # Understanding Multipart Upload - Storj Docs Understanding how to use Multipart Upload with the Storj globally distributed, multi-region cloud-hosted S3-compatible gateway Multipart Upload is a function that allows large files to be broken up into smaller pieces for more efficient uploads. When an object is uploaded using Multipart Upload, a file is first broken into parts, each part of a Multipart Upload is also stored as one or more Segments. With Multipart Upload, a single object is uploaded as a set of parts. Each part is an integral portion of the data comprising the object. The object parts may be uploaded independently, in parallel, and in any order. Uploads may be paused and resumed by uploading an initial set of parts, then resuming and uploading the remaining parts. If the upload of any part fails, that part may be re-uploaded without impacting the upload of other parts. All of these parts are broken into one or more Segments by the Storj Gateway based on whether the Part Size is smaller or larger than the default Segment size. While Multipart Upload is most appropriate for files larger than the 64MB default Segment size, the Part Size is configurable in applications that use Multipart Upload. [Using Multipart Upload](https://storj.dev/dcs/api/s3/multipart-upload#using-multipart-upload) ----------------------------------------------------------------------------------------------- Multipart upload takes a single object and divides it into encapsulated pieces to be uploaded, with all the pieces representing the complete object. Once all the pieces are completely uploaded the platform will assemble the pieces into a single logical object. The purpose of providing multipart capability is to more easily resume and manage transfers of larger files so developers will want to take advantage of this capability within their applications. [Specific benefits for usage of multipart upload:](https://storj.dev/dcs/api/s3/multipart-upload#specific-benefits-for-usage-of-multipart-upload) -------------------------------------------------------------------------------------------------------------------------------------------------- * **Speed** - Concurrently uploaded multiple pieces of a single object * **Streaming** - When the size of the object is unknown you can upload parts of the object until specifically completing the operation. * **Resuming Operations** - If connectivity is disrupted you can resume uploading pieces anytime after the multipart process is initiated. [Workflow for Multipart upload](https://storj.dev/dcs/api/s3/multipart-upload#workflow-for-multipart-upload) ------------------------------------------------------------------------------------------------------------- As described below, mutlipart upload is a process consisting of: starting the upload, transferring each piece, and finally completing the multipart upload. Upon successful upload of the final piece, Storj will logically reassemble the object, apply metadata and make the object accessible. During the multipart upload operation, you can get status of active upload operations and get lists of parts you have uploaded. More detail on multipart operations is provided in the sections below. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9qF0Kk8WCViIQLFoL5pZD_storj.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9qF0Kk8WCViIQLFoL5pZD_storj.png) [Initiate Multipart upload](https://storj.dev/dcs/api/s3/multipart-upload#initiate-multipart-upload) ----------------------------------------------------------------------------------------------------- At the start of a multipart upload, Storj will return an ID that you use to reference your multipart upload; you need to include this ID when working with the object. Operations such as uploading parts, listing parts and canceling the multipart operation. ### [Upload Part](https://storj.dev/dcs/api/s3/multipart-upload#upload-part) While uploading an object part you need to specify the ID received when you created the multipart upload along with a unique part number that your specific call will be sending to the platform. Because of the capability of multipart upload to work non sequentially, you can upload any part at any time before the multipart upload is completed. Additionally, you can over right existing parts numbers you've previously transferred as long as the multipart upload has not been completed. Part numbers are chosen by the client and are between 1 and 2^31. When a part is uploaded, the Storj platform will return several items, one of which is an ETag. To complete the multipart upload process you will need to provide a list of part IDs and their corresponding ETags. Be advised that billing occurs when data is stored on the Storj platform - as such - when you initiate a multipart upload and begin uploading parts, charges will be applied based on the amount of space the parts occupy. Billing will occur regardless of a multipart upload being completed. ### [Completing a multipart upload](https://storj.dev/dcs/api/s3/multipart-upload#completing-a-multipart-upload) When you upload the final part of a multipart upload you need to call the complete operation to tell Storj to reconstitute the object from the individual parts you have uploaded. When the complete operation concludes all metadata and individual parts will be consolidated into a single object. To call the complete operation you need to provide the list of ETags and their corresponding part IDs. You should maintain this list in your application. If you decide to cancel the multipart operation, you must provide the object key and multipart ID you received when you initiated the multipart upload. Space that was used during the multipart process will be freed when all the active multipart transactions have been completed and the abort operation has been called. ### [Listing for multipart uploads](https://storj.dev/dcs/api/s3/multipart-upload#listing-for-multipart-uploads) During a multipart upload you can list active upload transactions or the parts that have been successfully uploaded. For a single list parts request, Storj will return information up to a maximum of 1000 parts. For objects with more than 1000 parts, multiple requests are required. Because of the distributed nature of Storj, you should not use the response from listing multipart uploads as input to complete in multipart upload operation. Be advised that part listing requests will only return completed part uploads - any active part uploads will not be returned. [Multipart upload for distributed systems](https://storj.dev/dcs/api/s3/multipart-upload#multipart-upload-for-distributed-systems) ----------------------------------------------------------------------------------------------------------------------------------- Depending on the behavior of your application it may be possible for multiple concurrent operations to be performed on the same object key. It may occur that an application that sends multiple requests for the same object during a multipart operation would cause that object to ultimately not be accessible. One example would be permission changes or object removal while a multipart upload is in process for a specific object. The multipart operation may successfully complete , however, the operations received on that multipart object would change the availability of that object when the multipart upload is completed. [Cost for Multipart upload](https://storj.dev/dcs/api/s3/multipart-upload#cost-for-multipart-upload) ----------------------------------------------------------------------------------------------------- When a multipart upload is initiated, Storj processes and makes available all constituent parts of the multipart object. Multipart object is either made available by completing the multipart upload process or cancelled by explicitly stopping the multipart upload process through API call. Storj will measure resource usage on multipart upload operations unless they are explicitly cancelled. only when a multipart upload is explicitly cancelled are the associated resources freed. [Multipart upload limits](https://storj.dev/dcs/api/s3/multipart-upload#multipart-upload-limits) ------------------------------------------------------------------------------------------------- | **Item** | **Limit** | | --- | --- | | Maximum object size | No practical limit. | | Maximum number of parts per upload | 2^31 | | Part numbers | 0 to 2^31 | | Part size | No practical limit. | | Maximum number of parts returned for a list parts request | 1000 | | Maximum number of multipart uploads returned in a list multipart uploads request | 1000 | Previous [Storj Managed vs. Self-Managed Encryption S3 Compatibility Differences](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences) Next [Multipart Part Size](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size) --- # Object Lock - Storj Docs Object Lock allows you to protect objects from being deleted or overwritten for a specified period or indefinitely. Object Lock operates in three modes: * **Governance Mode**: Protects objects against accidental deletion but allows authorized users to bypass the lock. * **Compliance Mode**: Provides immutable protection; no user can delete or modify the object until the retention period expires. * **Legal Hold**: Prevents an object from being deleted until the legal hold is explicitly removed, regardless of retention settings. **Governance Mode Override Permissions** By default, the account owner and any user with default project access have Governance Mode override permissions due to Storj's macaroon-based access system, which restricts capabilities rather than explicitly granting permissions. To avoid unintentionally granting Governance Mode override permissions, use S3 credentials that explicitly restrict this capability for any operations involving Object Lock. Note: Storj does not currently support role-based access controls (RBAC) for default restrictions by roles. This functionality may be added in the future. [Using Object Lock](https://storj.dev/dcs/api/s3/object-lock#using-object-lock) -------------------------------------------------------------------------------- * For enabling object lock, and setting bucket level defaults please see [Object Lock](https://storj.dev/dcs/buckets/object-lock) * For object lock related object operations please see [Objects](https://storj.dev/dcs/objects) [Technical Details](https://storj.dev/dcs/api/s3/object-lock#technical-details) -------------------------------------------------------------------------------- ### [New S3 Actions Supported:](https://storj.dev/dcs/api/s3/object-lock#new-s3-actions-supported) | Action | API Description | Description of Change(s) | | --- | --- | --- | | GetObjectLockConfiguration | Gets the object lock configuration for a bucket. | Will return the ObjectLockConfiguration with `ObjectLockEnabled` either as `Enabled` or empty.

`Rule` will not be included as a response element as specifying a bucket-level object Lock rule is initially out of scope. | | PutObjectLockConfiguration | Enables Object Lock configuration on a bucket. | **ObjectLockEnabled**: Indicates if Object Lock is enabled on the bucket.

**Rule** (Optional): Specifies the Object Lock rule (mode and period) for the bucket. The period can be either `Days` or `Years`. | | PutObjectRetention | Places an object retention configuration on an object. | | | GetObjectRetention | Retrieves an object's retention settings. | | GetObjectLegalHold | Retrieves the Legal Hold status of an object. | | | PutObjectLegalHold | Applies a Legal Hold to the specified object. | | ### [Existing S3 Actions Updated](https://storj.dev/dcs/api/s3/object-lock#existing-s3-actions-updated) | Action | API Description | Description of Change(s) | | --- | --- | --- | | CreateBucket | Creates a new bucket. | CreateBucket will now accept the following request parameter:

* `x-amz-bucket-object-lock-enabled` | | HeadObject | Retrieves metadata from an object without returning the object itself. | HeadObject will now return:

* Mode that is currently in place for the requested object
* Date/time that the object's lock will expire | | GetObject | Retrieves an object from a bucket. | GetObject will now return:

* Mode that is currently in place for the requested object
* Date/time that the object's lock will expire | | PutObject | Adds an object to a bucket. | PutObject will now:

* Prevent locked object versions from being overwritten

PutObject will now accept the following request parameters:

* `x-amz-object-lock-mode`
* `x-amz-object-lock-retain-until-date` | | CopyObject | Creates a copy of an object that is already stored on Storj. | CopyObject will now accept the following request parameters:

* `x-amz-object-lock-mode`
* `x-amz-object-lock-retain-until-date` | | CreateMultipartUpload | This action initiates a multipart upload and returns an upload ID. | CreateMultipartUpload will now accept the following request parameters:

* `x-amz-object-lock-mode`
* `x-amz-object-lock-retain-until-date`

Storj has a unique object level TTL. Any request that has both a TTL and a retention period will be rejected to prevent TTL's from conflicting with object lock retention periods. | | DeleteBucket | Deletes the specified bucket. | Forced deletion of a bucket with locked objects will be prevented. | | DeleteObject | Removes an object from a bucket. | Deletion of an object with a retention set will be prevented. | Previous [Multipart Part Size](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size) Next [Object Versioning](https://storj.dev/dcs/api/s3/object-versioning) --- # Setting Up and Understanding Storj Geo-distributed Storage Regions - Storj Docs This document outlines the geo-distribution and preferred storage region strategy for Storj, focusing on the deployment of satellites in various regions to enhance data accessibility and compliance with regional data protection laws. Storj utilizes a global network of satellites, with specific nodes dedicated to serving the EU, US, and AP regions, ensuring efficient data distribution and access. [Global Satellite Distribution](https://storj.dev/dcs/buckets/preferred-storage-region#global-satellite-distribution) ---------------------------------------------------------------------------------------------------------------------- Storj operates three primary satellites in different regions to support global distribution: * US1 (United States) * EU1 (Europe) * AP1 (Asia-Pacific) These satellites form the backbone of Storj's Global Distribution Public Nodes, enabling worldwide access and efficient data storage. ### [Region-Specific Public Nodes](https://storj.dev/dcs/buckets/preferred-storage-region#region-specific-public-nodes) To comply with regional regulations and to provide optimized data access speeds, Storj offers IP-based public nodes in the EU and US regions. #### [EU IP-based Public Nodes](https://storj.dev/dcs/buckets/preferred-storage-region#eu-ip-based-public-nodes) The EU1 satellite caters specifically to users within the European Union, offering localized data handling to adhere to GDPR and other regional data protection standards. #### [US IP-based Public Nodes and U.S. Select Region](https://storj.dev/dcs/buckets/preferred-storage-region#us-ip-based-public-nodes-and-u-s-select-region) The US1 satellite serves users within the United States, providing: * IP-based Public Nodes for general access within the region. * U.S. Select Region nodes, located in SOC2-compliant facilities, exclusively for users requiring heightened data security and compliance standards. [Setting a storage region](https://storj.dev/dcs/buckets/preferred-storage-region#setting-a-storage-region) ------------------------------------------------------------------------------------------------------------ Users can request for certain regions by contacting support. The bucket or project must be empty to have a region set. There currently is not a way to move data between regions. Default Regions can be requested on the following: * Account (All future created projects/buckets) * Projects (All future created buckets) * Bucket (Must contain no objects) When deciding on your region: 1. Identify the preferred region 2. Select the appropriate satellite (US1, EU1, AP1) based on the user's region. 3. For EU and US regions, decide whether to utilize general EU or US IP-based Public Nodes or, for those in the US requiring enhanced security and compliance, opt for the U.S. Select Region nodes. 4. Submit a request to Storj support detailing your requirements. Previous [Object Listings](https://storj.dev/dcs/buckets/object-listings) Next [Objects](https://storj.dev/dcs/objects) --- # Creating S3 Compatible Credentials - Storj Docs Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/api/s3/credentials#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | Previous [Object Versioning](https://storj.dev/dcs/api/s3/object-versioning) Next [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) --- # Bucket Logging (Available Upon Request) - Storj Docs The `GetBucketLogging` and `PutBucketLogging` actions are not available, however, you can get the same functionality by following the steps below. **Request Bucket Logging:** This feature is currently provided upon request - please submit your request here, and include "Enable Bucket Logging" as the subject: [Submit a support request](https://supportdcs.storj.io/hc/en-us/requests/new?ticket_form_id=360000379291) _Note: It may take up to two weeks to process your request._ [Enabling Bucket Logging](https://storj.dev/dcs/buckets/bucket-logging#enabling-bucket-logging) ------------------------------------------------------------------------------------------------ To enable bucket logging, you will be asked to provide us with the following information via a secure channel: ### [Information Needed to Enable Logging](https://storj.dev/dcs/buckets/bucket-logging#information-needed-to-enable-logging) | **Item** | **Details** | | --- | --- | | **Satellite** | The Satellite your project is on: AP1, EU1, or US1 | | **Project Name** | Your project's name | | **Bucket Name(s)** | The bucket(s) to log | ### [Information About the Destination for Logs](https://storj.dev/dcs/buckets/bucket-logging#information-about-the-destination-for-logs) | **Item** | **Details** | | --- | --- | | **Destination Project Name** | The project where logs will be stored | | **Destination Bucket Name** | The bucket to store logs | | **Prefix (optional)** | Prefix for log object keys | | **Write-only Access Grant** | Access grant with write-only permissions (see steps below) | ### [Steps to Create a Write-Only Access Grant for Logging Destination](https://storj.dev/dcs/buckets/bucket-logging#steps-to-create-a-write-only-access-grant-for-logging-destination) **Important:** Access grants used to access the watched bucket need to be created after June 25th 2024. 1. **Generate a New Access Grant:** * Log in to the Satellite UI. * Click **New Access Key** and select **"Access Grant"**. * Name the access grant appropriately. 2. **Select Advanced Options:** * On the second screen, click on **"Advanced Options"**. * This allows you to customize permissions for the access grant. 3. **Set Encryption Passphrase:** * Enter an encryption passphrase of your choice. **Important:** Keep this passphrase secure. Losing it will prevent you from decrypting the log data. 4. **Configure Permissions:** * On the permissions screen, select **"Write Only"**. * Ensure no other permissions are granted. * This restricts the access grant to only write logging files without the ability to read, delete, or overwrite them. 5. **Limit Access to Destination Bucket:** * Specify the destination bucket for the logs. * This limits the access grant to the specified bucket only. 6. **Set Expiration (Optional):** * You can add an expiration date to the access. **Recommendation:** Select **"No Expiration"** to ensure continuous logging. If the access expires, logging will stop. 7. **Review and Create Access Grant:** * Confirm all selections are correct. * Click on **"Create Access"** to generate the access grant. 8. **Provide Access Grant to Storj:** * Send us the generated access grant over a secure channel. ### [Log Format](https://storj.dev/dcs/buckets/bucket-logging#log-format) The log objects are stored in the following key format with non-date-based partitioning: [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] [DestinationPrefix][YYYY]-[MM]-[DD]-[hh]-[mm]-[ss]-[UniqueString] CopyCopied! **Example:** v-0730-ttl30/2024-08-29-03-48-32-33A6009CA7B144AF v-0730-ttl30/2024-08-29-03-48-32-33A6009CA7B144AF CopyCopied! ### [Log Fields](https://storj.dev/dcs/buckets/bucket-logging#log-fields) The fields in the logs conform to the [Amazon S3 Server Access Log Format](https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html#log-record-fields) . ### [Example Logs](https://storj.dev/dcs/buckets/bucket-logging#example-logs) 1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B99B6139E PostPolicyBucket - "POST /v-0730-ttl30/ HTTP/1.1" 204 - - - - - "-" "Go-http-client/1.1" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9E85FFFE GetBucketLocation - "GET /v-0730-ttl30/?location= HTTP/1.1" 200 - 134 - - - "-" "MinIO (linux; amd64) minio-go/v7.0.70" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9E845AFB GetBucketLocation - "GET /v-0730-ttl30/?location= HTTP/1.1" 200 - 134 - - - "-" "MinIO (linux; amd64) minio-go/v7.0.70" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9992374E PostPolicyBucket - "POST /v-0730-ttl30/ HTTP/1.1" 204 - - - - - "-" "Go-http-client/1.1" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - - 1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B99B6139E PostPolicyBucket - "POST /v-0730-ttl30/ HTTP/1.1" 204 - - - - - "-" "Go-http-client/1.1" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9E85FFFE GetBucketLocation - "GET /v-0730-ttl30/?location= HTTP/1.1" 200 - 134 - - - "-" "MinIO (linux; amd64) minio-go/v7.0.70" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9E845AFB GetBucketLocation - "GET /v-0730-ttl30/?location= HTTP/1.1" 200 - 134 - - - "-" "MinIO (linux; amd64) minio-go/v7.0.70" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - -1831182b-718f-471f-852d-6e1a4701eadd v-0730-ttl30 [29/Aug/2024:03:07:14 +0000] 136.0.77.2 1831182b-718f-471f-852d-6e1a4701eadd 17F0142B9992374E PostPolicyBucket - "POST /v-0730-ttl30/ HTTP/1.1" 204 - - - - - "-" "Go-http-client/1.1" - 46ccb4215d73986341ced57f4a224a18133bf183644e3873e3384d8f95295bb3 SigV4 TLS_AES_128_GCM_SHA256 - - TLS 1.3 - - CopyCopied! Previous [Object Lifecycles](https://storj.dev/dcs/buckets/object-lifecycles) Next [Cross-Origin Resource Sharing (CORS)](https://storj.dev/dcs/buckets/cors) --- # Optimizing Multipart Upload Part Size for Better Performance - Storj Docs The site of the Multipart Parts your application uploads can impact the performance and potentially the cost of your storage on Storj. For best performance and cost with Storj, you should plan to configure your AWS S3 client library to use a larger part size than standard. Not doing so could result in much higher fees. We recommend 64MB. [Background](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size#background) ------------------------------------------------------------------------------------------- When an object is uploaded using Multipart Upload, a file is first broken into parts, each part of a Multipart Upload is also stored as one or more Segments. With Multipart Upload, a single object is uploaded as a set of parts. The ideal part size for large files is 64MB, so that there is one Segment per part. Using a smaller Part size will result in a significant increase in the number of segments stored on Storj. At large scale, this could impact both the performance and cost of your storage. Learn more about [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) . Each part is an integral portion of the data comprising the object. The object parts may be uploaded independently, in parallel, and in any order. Uploads may be paused and resumed by uploading an initial set of parts, then resuming and uploading the remaining parts. If the upload of any part fails, that part may be re-uploaded without impacting the upload of other parts. All of these parts are broken into one or more Segments by the Storj Gateway based on whether the Part Size is smaller or larger than the default Segment size. While Multipart Upload is most appropriate for files larger than the 64MB default Segment size, the Part Size is configurable in applications that use Multipart Upload. ### [Configuration for the AWS CLI](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size#configuration-for-the-aws-cli) If you are using the Amazon AWS CLI, you can configure it to use a larger part threshold as follows: aws configure set default.s3.multipart_threshold 64MB aws configure set default.s3.multipart_threshold 64MB CopyCopied! Previous [Multipart Upload](https://storj.dev/dcs/api/s3/multipart-upload) Next [Object Lock](https://storj.dev/dcs/api/s3/object-lock) --- # Deleting Buckets Using Different Tools - Storj Docs You can delete a bucket from various command-line tools or the Storj Console. rcloneaws cliuplinkStorj Console To remove an empty bucket: $rclone rmdir storj:my-bucket $rclone rmdir storj:my-bucket CopyCopied! To remove all objects from the bucket if the encryption phrase is not lost: $rclone delete --rmdirs storj:my-bucket $rclone delete --rmdirs storj:my-bucket CopyCopied! To remove the not empty bucket even if the encryption phrase is lost: $rclone purge storj:my-bucket $rclone purge storj:my-bucket CopyCopied! To remove the bucket with [Object Lock](https://storj.dev/dcs/api/s3/object-lock) enabled in a Governance mode and if you know the encryption phrase: You need to use [rclone configured with Storj S3](https://storj.dev/dcs/getting-started) credentials with **`List`**, **`Upload`**, **`Download`**, **`Delete`** and **`BypassGovernanceRetention`** permissions in an **Advance** mode: $rclone purge us1-gw-mt:my-locked-bucket --header "x-amz-bypass-governance-retention:true" $rclone purge us1-gw-mt:my-locked-bucket --header "x-amz-bypass-governance-retention:true" CopyCopied! Please note, this command do not honor any include/exclude filters or prefixes (subfolders), it will always purge the entire bucket, including bucket itself. If you have a Governance Object Lock enabled and do not remember the encryption phrase, you can use only a method with `uplink` CLI. Previous [Create buckets](https://storj.dev/dcs/buckets/create-buckets) Next [Object Lock](https://storj.dev/dcs/buckets/object-lock) --- # Enabling Lexicographic Sorting of Object Listings - Storj Docs Storj comes with highly-secure default settings for uploading data to the network. By default, not only is the object content encrypted, but the object metadata and the object key are as well. See [How Encryption is Implemented](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented) for details on how object keys (also know as paths) are encrypted. Encrypting the object keys comes with a shortcoming. When listing the objects of a bucket, the result does not come in lexicographically sorted order. The list order is still deterministic - based on the sort order of the cipher text of the encrypted object keys. If your S3-compatible app requires object listings to be lexicographically sorted, you can disable the encryption for object keys. [Access Grants](https://storj.dev/learn/concepts/access/access-grants) determine the access to objects and how they are encrypted, including their object key. Follow these steps to create an access grant with disabled encryption for object keys and register it as S3 credentials. The following instructions cannot be executed entirely in the Satellite Console and require the final steps to be completed with the Uplink CLI (v1.76 or later). 1. Log in to the Satellite Console and follow the steps to [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) . 2. Once you switch to your command terminal and execute the [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) command, you will be prompted for the API Key and the Satellite Address. 3. After entering them, answer with `y` to the question: `Would you like to disable encryption for object keys (allows lexicographical sorting of objects in listings)? (y/N)` 4. Answer with `y` the next question too: `Would you like S3 backward-compatible Gateway credentials (y/N)` 5. The command will generate the S3 credentials with disabled encryption for object keys. Configure them in your S3-compatible app. ========== GATEWAY CREDENTIALS =================Access Key ID: Secret Key : Endpoint : https://gateway.storjshare.io ========== GATEWAY CREDENTIALS =================Access Key ID: Secret Key : Endpoint : https://gateway.storjshare.io CopyCopied! Avoid using access grants or S3 credentials with different path encryption settings in the same bucket. Otherwise, you may get unexpected results in the object listings. The best practice is to start with an empty bucket. The [Object Browser](https://storj.dev/support/object-browser) in the Satellite Console cannot list objects with unencrypted object keys yet. If you try to open a bucket with such objects, you'll see it empty with a message "You have objects locked with a different passphrase". Support for unencrypted object keys in the Object Browser will be added in a future release. Until then, you can use the [Uplink CLI API](https://storj.dev/dcs/api/uplink-cli) or an S3-compatible app to list such objects. Previous [Cross-Origin Resource Sharing (CORS)](https://storj.dev/dcs/buckets/cors) Next [Preferred storage region](https://storj.dev/dcs/buckets/preferred-storage-region) --- # Setting Object Lifecycles - Storj Docs **Object Lock and TTL are Mutually Exclusive** You cannot apply a TTL to a locked object, and you cannot lock an object that already has an active TTL. Attempting to combine these features will result in an error. For more information on Object Lock, see the [Object Lock documentation](https://storj.dev/dcs/buckets/object-lock) . [Setting Object TTL with Custom HTTP Header](https://storj.dev/dcs/buckets/object-lifecycles#setting-object-ttl-with-custom-http-header) ----------------------------------------------------------------------------------------------------------------------------------------- It's possible to specify TTL for the object by sending the `X-Amz-Meta-Object-Expires` header (see [S3 Compatibility](https://storj.dev/dcs/api/s3/s3-compatibility#object-level-ttl) ) with one of the following: * a signed, positive sequence of decimal numbers, each with an optional fraction and a unit suffix, such as `+300ms`, `+1.5h`, or `+2h45m` * valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h` * `+2h` means the object expires 2 hours from now * full RFC3339-formatted date rcloneaws cliuplink $rclone copy storj-tree.png storj:my-bucket --header-upload "x-amz-meta-object-expires:+5m" $rclone copy storj-tree.png storj:my-bucket --header-upload "x-amz-meta-object-expires:+5m" CopyCopied! [Setting Object TTL in the Access Grant / S3 Credentials](https://storj.dev/dcs/buckets/object-lifecycles#setting-object-ttl-in-the-access-grant-s3-credentials) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- If the S3 client cannot send custom HTTP headers, it is possible to restrict an access grant with the `MaxObjectTTL` permission. Uploaded objects get a TTL that reflects the configured `MaxObjectTTL` period. The following instructions cannot be executed entirely in the Satellite Console and require to be completed with the Uplink CLI (v1.88 or later). 1. Log in to the Satellite Console and follow the steps to [Create Access Grant](https://storj.dev/dcs/access#create-access-grant) . 2. Switch to your command terminal and execute the [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) command. windowslinuxmacos ./uplink.exe access restrict --access 18k...TAY --readonly=false --max-object-ttl 720h ./uplink.exe access restrict --access 18k...TAY --readonly=false --max-object-ttl 720h CopyCopied! Use the `--max-object-ttl` flag to set the Object TTL period to set on the uploaded objects. The period is set in hours, e.g. set `720h` for one month. Make sure to set the `--readonly=false` flag. Otherwise, the restricted access grant will be read-only, making uploading objects impossible. Executing the command will print the new restricted access grant: 1AW...V3B 1AW...V3B CopyCopied! 3. Execute the [access inspect](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command) command to ensure the `MaxObjectTTL` was configured properly. windowslinuxmacos ./uplink.exe access inspect 1AW...V3B ./uplink.exe access inspect 1AW...V3B CopyCopied! You should see a new caveat added to the macaroon with a `max_object_ttl` field set to the configured period (the value is displayed in nanoseconds). "macaroon": { "head": "GBo...eg=", "caveats": [ { "not_before": "2023-09-14T11:43:29.185Z", "nonce": "M4VAag==" }, { "max_object_ttl": 2592000000000000, "nonce": "HF4OHg==" } ], "tail": "rV_...RQ=" } "macaroon": { "head": "GBo...eg=", "caveats": [ { "not_before": "2023-09-14T11:43:29.185Z", "nonce": "M4VAag==" }, { "max_object_ttl": 2592000000000000, "nonce": "HF4OHg==" } ], "tail": "rV_...RQ=" } CopyCopied! 4. Register the new access grant as S3 credentials with [access register](https://storj.dev/dcs/api/uplink-cli/access-command/access-register) the command. windowslinuxmacos ./uplink.exe access register 1AW...V3B ./uplink.exe access register 1AW...V3B CopyCopied! ========== CREDENTIALS ===================================================================Access Key ID: jw7w7n2...Secret Key : jycbodr...Endpoint : https://gateway.storjshare.io ========== CREDENTIALS ===================================================================Access Key ID: jw7w7n2...Secret Key : jycbodr...Endpoint : https://gateway.storjshare.io CopyCopied! 5. Configure the S3 credentials in your S3 client. Previous [Data Location](https://storj.dev/dcs/buckets/data-location) Next [Bucket Logging (Available Upon Request)](https://storj.dev/dcs/buckets/bucket-logging) --- # Object Versioning in Storj - Storj Docs Object versioning enables you to preserve, retrieve, and restore every version of every object stored in a bucket. This feature adds an extra layer of data protection and recovery options, allowing you to safeguard against accidental deletions and overwrites. [Key Features of Object Versioning](https://storj.dev/dcs/api/s3/object-versioning#key-features-of-object-versioning) ---------------------------------------------------------------------------------------------------------------------- * **S3 Compatibility:** Storj's object versioning is designed to be compatible with the S3 API. This means you can use existing S3 SDKs and tools to manage versioned objects, making it easy to integrate into your current workflows. * **Version Preservation:** Every time an object is overwritten or deleted, a new version is created. This means that previous versions of the object are preserved, not replaced, ensuring that you can access historical data at any time. * **Recovery and Rollback:** In case of accidental deletion or if an object is overwritten with an undesired version, you can easily recover the previous version of the object. * **Object Lock:** For more details on Object Lock support see [Object Lock](https://storj.dev/dcs/api/s3/object-lock) . Note that enabling object versioning can increase storage costs since each version of an object is stored separately. [Supported S3 API Methods for Object Versioning](https://storj.dev/dcs/api/s3/object-versioning#supported-s3-api-methods-for-object-versioning) ------------------------------------------------------------------------------------------------------------------------------------------------ Storj's S3-Compatible Object Versioning supports a range of S3 API methods, allowing you to manage and interact with versioned objects. Below are the key S3 API methods supported by Storj's object versioning, along with a brief description of their use: ### [Bucket Operations](https://storj.dev/dcs/api/s3/object-versioning#bucket-operations) * **PUT Bucket versioning**: Enables or suspends versioning for a bucket. * **GET Bucket versioning**: Retrieves the versioning state of a bucket. ### [Object Operations](https://storj.dev/dcs/api/s3/object-versioning#object-operations) * **PUT Object**: Adds an object to a bucket. If versioning is enabled, a unique version ID is assigned to the object. * **GET Object**: Retrieves the current version of an object or a specific version if the version ID is specified. * **DELETE Object**: Permanently deletes a version of an object if the version ID is provided, or marks the current version as deleted by adding a delete marker. * **LIST Versions**: Lists all the versions of all objects in a bucket, including delete markers. [Bucket Versioning Status](https://storj.dev/dcs/api/s3/object-versioning#bucket-versioning-status) ---------------------------------------------------------------------------------------------------- The following are the possible versioning statuses a bucket can be in: | Status | Description | | --- | --- | | Not Supported | The bucket was created prior to the release of object versioning, and versioning cannot be enabled. Create a new bucket to enable versioning. | | Unversioned | Versioning has not been set on the bucket. | | Enabled | Versioning is enabled for the bucket. | | Suspended | Versioning was previously enabled, but is currently suspended. You may re-enable versioning at any time. | Previous [Object Lock](https://storj.dev/dcs/api/s3/object-lock) Next [S3 Credentials](https://storj.dev/dcs/api/s3/credentials) --- # S3 Compatible Gateway Hosted by Storj - Storj Docs The Storj globally distributed, multi-region cloud-hosted S3-compatible gateway [S3 compatibility](https://storj.dev/dcs/api/s3/s3-compatible-gateway#s3-compatibility) ---------------------------------------------------------------------------------------- When Amazon launched its S3 service 15 years ago and created the cloud storage industry, it also unknowingly made object storage the standard for storing data in the cloud. Object storage organizes data into objects, which contain the data itself, its metadata, and a unique identifier. These objects are stored in buckets rather than a hierarchical system. Since then, the grand majority of cloud storage services have reinforced this interface, and the majority of people storing data in the cloud use similar architectures. Amazon S3 is accessed via APIs, most of which rely on the HTTP protocol and XML serialization. By making a storage system compatible with these APIs, it makes it much easier for users to migrate to new services without much effort. All you have to do is point files to the new buckets and migrate any static data you’d like to keep. For example, core features such as basic upload and download, of course, should map quite easily to the new ecosystem, including systems like Storj. We support organizing objects by bucket and key, all HTTP verbs including HEAD, byte-range fetches, as well as uploading files in multiple parts. See the latest S3-compatibility in [the S3 compatibility table](https://storj.dev/dcs/api/s3/s3-compatibility) and [S3-compatibility list of GatewayMT](https://github.com/storj/gateway-mt/blob/main/docs/gateway-mt.md#s3-api-compatibility) . ### [Security and encryption](https://storj.dev/dcs/api/s3/s3-compatible-gateway#security-and-encryption) Where the Storj network really excels compared to centralized providers is in its privacy and security, so we’d be remiss in not addressing these topics specifically as they pertain to S3. The distributed security tokens (access grants) that Storj typically uses (via libuplink, etc.) contain too much detail to fit into an S3 access key or secret key field. Storj offers an S3-specific authorization service, which maps S3-compatible credentials to a Storj access grant. This service saves access grants encrypted into a database. The access grants are individually encrypted using information from the much shorter returned access key, which is not stored in our auth service. Access grants never remain decrypted longer than they are needed, and only a hash of the access key is ever persisted. In short, the system is designed to protect your data at rest. ### [Benefits](https://storj.dev/dcs/api/s3/s3-compatible-gateway#benefits) Overall, our S3 compatibility project has been a huge effort to address the needs of certain customers, making it easier than ever to migrate to the decentralized cloud. It should provide bandwidth-limited customers with more than three times faster access. It provides a drop-in replacement for S3 with the great majority of use-cases. Finally, it offers users the flexibility to dial in the balance of security versus accessibility, allowing access to files directly from web browsers in ways they never could before. ### [Usage](https://storj.dev/dcs/api/s3/s3-compatible-gateway#usage) To save on costs and improve performance, please see [Multipart Part Size](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size) . There are two primary ways to get started using our hosted S3 gateway and get issued an S3 compatible access key, secret key, and endpoint. ### [Using via the Web interface](https://storj.dev/dcs/api/s3/s3-compatible-gateway#using-via-the-web-interface) The first main way is to use the web wizard in the Satellite web interface. The web wizard is simple and easy to use, but lacks some configurability, like the ability to restrict to specific prefixes within a bucket or use a different auth service. If you need those features, consider the CLI, farther below. After logging in, create a new access grant and select "continue in browser." [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DIo-yHe7nogLu4JXyGztm_s3-01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DIo-yHe7nogLu4JXyGztm_s3-01.png) Once you have created an access grant, make sure to select the "Generate S3 credentials" option, at the bottom. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ct4hQn5xGFKmWdBTSgPtV_s3-02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ct4hQn5xGFKmWdBTSgPtV_s3-02.png) You can now use the generated access key, secret key, and endpoint in your AWS S3-supporting application. ### [CLI](https://storj.dev/dcs/api/s3/s3-compatible-gateway#cli) The CLI is not as easy, but is more flexible in allowing you to control what specific encrypted paths the Gateway has access to. Via the Uplink CLI, you'll want to run the `uplink share` command with the `--register` option. `uplink share` is a flexible command that allows you to restrict and generate new access grants with a variety of restrictions. By adding `--register`, the uplink will use the default `--auth-service` flag to determine where to exchange the restricted access grant for an access key, secret key, and endpoint. Here is an example command that exposes read-only access to the gateway for one specific prefix in a bucket: uplink share --readonly=true --register sj://bucket/prefix/ uplink share --readonly=true --register sj://bucket/prefix/ CopyCopied! This will output an access key, a secret key, and an S3 compatible endpoint for you to use. ### [Regions and Points of Presence](https://storj.dev/dcs/api/s3/s3-compatible-gateway#regions-and-points-of-presence) We currently have hosted Gateways in several regional locations and expect to expand as needed. The Gateway endpoint `https://gateway.storjshare.io` is configured to automatically route the traffic from the instance closest to your location. ### [Source code](https://storj.dev/dcs/api/s3/s3-compatible-gateway#source-code) All of the code for this feature (and the auth service access key database) lives here: [https://github.com/storj/gateway-mt](https://github.com/storj/gateway-mt) . If you want to run your own multitenant gateway and encrypted database of access keys, please do, and let us know if you have any problems. If you are looking to self-host, you should also consider the [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) , which is much easier to set up and run. Previous [S3 Credentials](https://storj.dev/dcs/api/s3/credentials) Next [Using presigned URLs](https://storj.dev/dcs/api/s3/presigned-urls) --- # Creating and Using Presigned URLs with Storj - Storj Docs [Introduction](https://storj.dev/dcs/api/s3/presigned-urls#introduction) ------------------------------------------------------------------------- Creating presigned URLs for Storj - HTTP POST & GET to a URL All objects and paths are private and encrypted by default. However, it is possible to use a pre-signed URL via our S3-compatible gateway to enable unauthenticated customers/users to upload objects to buckets or access objects in buckets without providing an [Access Grants](https://storj.dev/learn/concepts/access/access-grants) or [Getting started](https://storj.dev/dcs/getting-started) . [HTTP GET vs Storj Linkshare Service](https://storj.dev/dcs/api/s3/presigned-urls#http-get-vs-storj-linkshare-service) ----------------------------------------------------------------------------------------------------------------------- While we support this behavior via the S3-compatible pre-signed URL function, as an alternative to sharing with a customer/user via a GET, consider utilizing our [Linksharing Service](https://storj.dev/learn/concepts/linksharing-service) . One advantage of this approach is the ability to easily create perpetual share links, valid until you remove them or until a configurable end date of any duration. You can even [host a static website](https://storj.dev/dcs/code/static-site-hosting) via Linkshare. [Tutorial](https://storj.dev/dcs/api/s3/presigned-urls#tutorial) ----------------------------------------------------------------- The goal of the following tutorial is to guide you in the creation of pre-signed URLs for Storj using a Python script and our multi-tenant hosted gateway. Our lab example took place on MacOSX and used BREW as a package manager. Depending on your host operating system, you will need to use the appropriate package manager to fetch the prerequisites listed below. Our implementation of the S3 standard allows additional configuration options. Please reference the official [AWS S3 User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html) for additional details. ### [Prerequisites](https://storj.dev/dcs/api/s3/presigned-urls#prerequisites) # Install pythonbrew install python3# install boto3pip3 install boto3pip3 install requests # Install pythonbrew install python3# install boto3pip3 install boto3pip3 install requests CopyCopied! ### [Script](https://storj.dev/dcs/api/s3/presigned-urls#script) #### [Create your script my\_put\_script.py for uploads](https://storj.dev/dcs/api/s3/presigned-urls#create-your-script-my-put-script-py-for-uploads) This script will create a “put” pre-signed URL to be used for uploading Below you can see we need to set the following parameters: * **ACCESS\_KEY** - S3 Credential created with Access * **SECRET\_KEY** - S3 Credential created with Access * **URL** - You can use us1, eu1, or ap1 depending on location * **BUCKET NAME** - Name of the bucket related to this URL * **url** - Use ‘put\_object to upload and ‘get\_object’ to download/share * **Key** - Path of the object you wish to upload * **ExpiresIn** - How long the URL will be valid from its creation (in seconds) import boto3ACCESS_KEY = "Your_Access_Key"SECRET_KEY = "Your_Secret_Key"URL = "https://gateway.storjshare.io"BUCKET_NAME = "yourbucketname"session = boto3.session.Session()s3 = session.client(service_name="s3", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, endpoint_url=URL)url = s3.generate_presigned_url('put_object', Params={"Bucket":BUCKET_NAME, "Key":"path/within/bucket/file.name"}, ExpiresIn=3600)print(url) import boto3ACCESS_KEY = "Your_Access_Key"SECRET_KEY = "Your_Secret_Key"URL = "https://gateway.storjshare.io"BUCKET_NAME = "yourbucketname"session = boto3.session.Session()s3 = session.client(service_name="s3", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, endpoint_url=URL)url = s3.generate_presigned_url('put_object', Params={"Bucket":BUCKET_NAME, "Key":"path/within/bucket/file.name"}, ExpiresIn=3600)print(url) CopyCopied! #### [Execute script my\_put\_script.py](https://storj.dev/dcs/api/s3/presigned-urls#execute-script-my-put-script-py) The output of this script will be your pre-signed URL python3 my_put_script.py python3 my_put_script.py CopyCopied! #### [Upload with URL and Curl](https://storj.dev/dcs/api/s3/presigned-urls#upload-with-url-and-curl) Set for file name and extension and paste in your newly generated pre-signed URL. Note that the pre-signed URL below is invalid and included as an example only. curl -v --upload-file file.name "https://gateway.storjshare.io/yourbucketname/path/within/bucket?AWSAccessKeyId=jvruleqdpbwqx7vxmwgqbtlbmapa&Signature=fUNxawPyFd%2F9apR%2FZnKmR%2BPXGCA%3D&Expires=1628019103" curl -v --upload-file file.name "https://gateway.storjshare.io/yourbucketname/path/within/bucket?AWSAccessKeyId=jvruleqdpbwqx7vxmwgqbtlbmapa&Signature=fUNxawPyFd%2F9apR%2FZnKmR%2BPXGCA%3D&Expires=1628019103" CopyCopied! ### [Script for Download](https://storj.dev/dcs/api/s3/presigned-urls#script-for-download) #### [Create your script my\_get\_script.py for downloads](https://storj.dev/dcs/api/s3/presigned-urls#create-your-script-my-get-script-py-for-downloads) This script will create a "get" pre-signed URL to be used for downloading Below you can see we need to set the following parameters: * **ACCESS\_KEY** - S3 Credential created with Access * **SECRET\_KEY** - S3 Credential created with Access * **URL** - You can use us1, eu1, or ap1 depending on location * **BUCKET NAME** - Name of the bucket related to this URL * **url** - Use ‘put\_object to upload and ‘get\_object’ to download/share * **Key** - Path of the object you wish to upload * **ExpiresIn** - How long the URL will be valid from its creation (in seconds) import boto3ACCESS_KEY = "Your_Access_Key"SECRET_KEY = "Your_Secret_Key"URL = "https://gateway.storjshare.io"BUCKET_NAME = "yourbucketname"session = boto3.session.Session()s3 = session.client(service_name="s3", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, endpoint_url=URL)url = s3.generate_presigned_url('get_object', Params={"Bucket":BUCKET_NAME, "Key":"path/within/bucket/file.name"}, ExpiresIn=3600)print(url) import boto3ACCESS_KEY = "Your_Access_Key"SECRET_KEY = "Your_Secret_Key"URL = "https://gateway.storjshare.io"BUCKET_NAME = "yourbucketname"session = boto3.session.Session()s3 = session.client(service_name="s3", aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, endpoint_url=URL)url = s3.generate_presigned_url('get_object', Params={"Bucket":BUCKET_NAME, "Key":"path/within/bucket/file.name"}, ExpiresIn=3600)print(url) CopyCopied! #### [Execute script my\_get\_script.py](https://storj.dev/dcs/api/s3/presigned-urls#execute-script-my-get-script-py) The output of this script will be your pre-signed URL python3 my_get_script.py python3 my_get_script.py CopyCopied! #### [Download with URL and Curl](https://storj.dev/dcs/api/s3/presigned-urls#download-with-url-and-curl) Set for file name and extension and paste in your newly generated pre-signed URL. Note that the pre-signed URL below is invalid and included as an example only. curl -v -o file.name "https://gateway.storjshare.io/yourbucketname/path/within/bucket/file.name?AWSAccessKeyId=jvruleqdpbwqx7vxmwgqbtlbmapa&Signature=fUNyawPyFd%2F9apT%2FZnLmD%2BPXDCB%3D&Expires=1628019103" curl -v -o file.name "https://gateway.storjshare.io/yourbucketname/path/within/bucket/file.name?AWSAccessKeyId=jvruleqdpbwqx7vxmwgqbtlbmapa&Signature=fUNyawPyFd%2F9apT%2FZnLmD%2BPXDCB%3D&Expires=1628019103" CopyCopied! Previous [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) Next [SDKs](https://storj.dev/dcs/api/sdk) --- # Bucket Event Notifications with Google Pub/Sub - Storj Docs Bucket event notifications allow you to receive real-time notifications when objects are created or deleted in your Storj buckets. This feature is S3-compatible and delivers notifications to Google Cloud Pub/Sub topics. [Overview](https://storj.dev/dcs/buckets/bucket-eventing#overview) ------------------------------------------------------------------- Bucket event notifications enable automated workflows when objects change in your buckets. Common use cases include: * **Media & Entertainment**: Triggering transcoding pipelines when new video files are uploaded * **Quality Control**: Starting automated QC workflows when assets land in a bucket * **Data Processing**: Initiating ETL jobs when data files are created * **Backup Verification**: Confirming successful uploads or tracking deletions ### [Supported Event Types](https://storj.dev/dcs/buckets/bucket-eventing#supported-event-types) | Event Type | Description | | --- | --- | | s3:ObjectCreated:Put | Object created via PUT, POST, or multipart upload | | s3:ObjectCreated:Copy | Object created via copy operation | | s3:ObjectCreated:\* | All object creation events (wildcard) | | s3:ObjectRemoved:Delete | Object permanently deleted | | s3:ObjectRemoved:DeleteMarkerCreated | Delete marker created (versioned buckets) | | s3:ObjectRemoved:\* | All object deletion events (wildcard) | ### [Delivery Guarantees](https://storj.dev/dcs/buckets/bucket-eventing#delivery-guarantees) * **At-least-once delivery**: Events may occasionally be delivered more than once * **No ordering guarantee**: Events may arrive out of order * **Low latency**: Events are typically delivered within seconds of the object operation [Requirements](https://storj.dev/dcs/buckets/bucket-eventing#requirements) --------------------------------------------------------------------------- Before configuring bucket event notifications: 1. **Project enabled for eventing**: Contact Storj support to enable bucket eventing for your project 2. **Storj-managed encryption**: Your project must use [Storj-managed encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#storj-managed-encryption) . This ensures object keys in notifications are readable. Projects with self-managed encryption are not supported. 3. **Google Cloud Pub/Sub topic**: You must create and own a Pub/Sub topic in your Google Cloud account [Setting Up Google Cloud Pub/Sub](https://storj.dev/dcs/buckets/bucket-eventing#setting-up-google-cloud-pub-sub) ----------------------------------------------------------------------------------------------------------------- ### [Step 1: Create a Pub/Sub Topic](https://storj.dev/dcs/buckets/bucket-eventing#step-1-create-a-pub-sub-topic) 1. Go to the [Google Cloud Console](https://console.cloud.google.com/cloudpubsub/topic/list) 2. Click **Create Topic** 3. Enter a topic ID (e.g., `my-bucket-events`) 4. Click **Create** Note the fully-qualified topic name: `projects/my-gcp-project-id/topics/my-topic-id` ### [Step 2: Grant Permission to Storj](https://storj.dev/dcs/buckets/bucket-eventing#step-2-grant-permission-to-storj) Storj needs permission to publish messages to your Pub/Sub topic. Grant the **Pub/Sub Publisher** role to the Storj bucket eventing service account for your satellite. | Satellite | Bucket Eventing Service Account Email | | --- | --- | | US1 | bucket-eventing@storj-prod.iam.gserviceaccount.com | | EU1 | bucket-eventing@storj-prod-europe-west1.iam.gserviceaccount.com | | AP1 | bucket-eventing@storj-prod-asia-east1.iam.gserviceaccount.com | To grant access: 1. In the Google Cloud Console, navigate to your Pub/Sub topic 2. Click the **Permissions** tab 3. Click **Add principal** 4. In the "New principals" field, enter the Storj service account email for your satellite 5. Select the role **Pub/Sub Publisher** 6. Click **Save** ### [Step 3: Create a Subscription (Optional)](https://storj.dev/dcs/buckets/bucket-eventing#step-3-create-a-subscription-optional) To receive the notifications, create a subscription for your topic: 1. In the Google Cloud Console, navigate to your Pub/Sub topic 2. Click **Create Subscription** 3. Choose subscription type: * **Pull**: Your application pulls messages from Pub/Sub * **Push**: Pub/Sub delivers messages to an HTTPS endpoint For webhook delivery, use a Push subscription with your webhook URL. [Configuring Bucket Notifications](https://storj.dev/dcs/buckets/bucket-eventing#configuring-bucket-notifications) ------------------------------------------------------------------------------------------------------------------- Storj ConsoleAWS CLI 1. Navigate to the **Buckets** page in the Storj Console. 2. Locate the bucket you want to configure and click the **three-dot menu** (⋯) on the right side of the row. 3. Select **Configure Eventing** from the dropdown menu. [![Bucket list with Eventing column showing Off and context menu with Configure Eventing option](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/1_bucket_eventing_status_disabled.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/1_bucket_eventing_status_disabled.png) 4. In the **Configure Bucket Eventing** dialog: * **GCP Pub/Sub Topic**: Enter the fully-qualified topic name in the format `projects/GCP_PROJECT_ID/topics/TOPIC_ID` * **Event Types**: Select which events should trigger notifications: * **Object Created** - includes Object Created (Put) and Object Created (Copy) * **Object Removed** - includes Object Removed (Delete) and Object Removed (Delete Marker) * You can also select individual event types in each category * **Filter Rules (Optional)**: Match objects by prefix and/or suffix. For example, set Object Key Prefix to `images/` and Object Key Suffix to `.jpg` to only receive events for JPEG files in the images folder. See [Filter Behavior](https://storj.dev/dcs/buckets/bucket-eventing#filter-behavior) for details. [![Configure Bucket Eventing dialog with GCP Pub/Sub Topic field, Event Types checkboxes, and Filter Rules](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/2_bucket_eventing_configuration_dialog.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/2_bucket_eventing_configuration_dialog.png) 5. Click **Save** to apply the configuration. Once configured, the **Eventing** column in the bucket list will show **On** for buckets with eventing enabled. [![Bucket list showing Eventing status as On with Disable Eventing option in context menu](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/3_bucket_eventing_status_enabled.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eventing/3_bucket_eventing_status_enabled.png) To disable eventing, click the three-dot menu and select **Disable Eventing**. ### [Filter Behavior](https://storj.dev/dcs/buckets/bucket-eventing#filter-behavior) Filters allow you to receive notifications only for objects matching specific patterns: * Filters are case-sensitive * Prefix `logs/` matches `logs/2025.txt` but NOT `archive/logs/file.txt` * Suffix `.jpg` matches `photo.jpg` but NOT `photo.JPG` or `image.jpg.bak` * When both prefix and suffix are specified, both must match (AND logic) * Maximum filter length: 1024 characters [Event Message Format](https://storj.dev/dcs/buckets/bucket-eventing#event-message-format) ------------------------------------------------------------------------------------------- Event notifications follow the S3 event message structure (version 2.1): { "Records": [ { "eventVersion": "2.1", "eventSource": "storj:s3", "eventTime": "2025-01-17T10:30:00.000Z", "eventName": "ObjectCreated:Put", "s3": { "s3SchemaVersion": "1.0", "configurationId": "MyNotificationConfig", "bucket": { "name": "my-bucket", "ownerIdentity": { "principalId": "my-storj-project-id" }, "arn": "arn:storj:s3:::my-bucket" }, "object": { "key": "uploads/video.mp4", "size": 1048576, "versionId": "000000000000000190f2277f35af0b76", "sequencer": "1892E0DE46FBAE18" } } } ]} { "Records": [ { "eventVersion": "2.1", "eventSource": "storj:s3", "eventTime": "2025-01-17T10:30:00.000Z", "eventName": "ObjectCreated:Put", "s3": { "s3SchemaVersion": "1.0", "configurationId": "MyNotificationConfig", "bucket": { "name": "my-bucket", "ownerIdentity": { "principalId": "my-storj-project-id" }, "arn": "arn:storj:s3:::my-bucket" }, "object": { "key": "uploads/video.mp4", "size": 1048576, "versionId": "000000000000000190f2277f35af0b76", "sequencer": "1892E0DE46FBAE18" } } } ]} CopyCopied! ### [Message Fields](https://storj.dev/dcs/buckets/bucket-eventing#message-fields) | Field | Description | | --- | --- | | eventVersion | Always `2.1` | | eventSource | Always `storj:s3` | | eventTime | ISO-8601 timestamp when the event occurred | | eventName | Type of event (e.g., `ObjectCreated:Put`) | | configurationId | The ID from your notification configuration | | bucket.name | Name of the bucket | | bucket.ownerIdentity.principalId | Your Storj project ID | | object.key | Object key (path) | | object.size | Object size in bytes | | object.versionId | Object version ID | | object.sequencer | Hex-encoded timestamp for ordering events | ### [Test Event](https://storj.dev/dcs/buckets/bucket-eventing#test-event) When you first configure notifications, Storj sends a test event to verify the destination is reachable: { "Service": "Storj S3", "Event": "s3:TestEvent", "Time": "2026-01-17T10:30:00.000Z", "Bucket": "my-bucket"} { "Service": "Storj S3", "Event": "s3:TestEvent", "Time": "2026-01-17T10:30:00.000Z", "Bucket": "my-bucket"} CopyCopied! If the test event fails to publish, the configuration is rejected with an error message. [Setting Up a Webhook](https://storj.dev/dcs/buckets/bucket-eventing#setting-up-a-webhook) ------------------------------------------------------------------------------------------- To receive notifications at an HTTPS endpoint, configure a Pub/Sub Push subscription: ### [Step 1: Create a Push Subscription](https://storj.dev/dcs/buckets/bucket-eventing#step-1-create-a-push-subscription) 1. In Google Cloud Console, go to Pub/Sub > Subscriptions 2. Click **Create Subscription** 3. Select your topic 4. Choose **Push** delivery type 5. Enter your webhook URL (must be HTTPS) 6. Configure authentication if needed 7. Click **Create** ### [Step 2: Verify Your Endpoint](https://storj.dev/dcs/buckets/bucket-eventing#step-2-verify-your-endpoint) Ensure your webhook endpoint: * Accepts POST requests * Returns a 2xx status code on success * Handles JSON payloads * Responds within 10 seconds (Pub/Sub timeout) ### [Example Webhook Handler (Node.js)](https://storj.dev/dcs/buckets/bucket-eventing#example-webhook-handler-node-js) const express = require('express');const app = express();app.use(express.json());app.post('/webhook', (req, res) => { const message = req.body.message; if (message && message.data) { // Decode base64 data const data = Buffer.from(message.data, 'base64').toString(); const event = JSON.parse(data); // Log full event with nested objects expanded console.log('Received event:', JSON.stringify(event, null, 2)); // Process the event for (const record of event.Records || []) { console.log(`Event: ${record.eventName}`); console.log(`Bucket: ${record.s3.bucket.name}`); console.log(`Object: ${record.s3.object.key}`); } } // Acknowledge receipt res.status(200).send('OK');});app.listen(3000, () => { console.log('Webhook server listening on port 3000');}); const express = require('express');const app = express();app.use(express.json());app.post('/webhook', (req, res) => { const message = req.body.message; if (message && message.data) { // Decode base64 data const data = Buffer.from(message.data, 'base64').toString(); const event = JSON.parse(data); // Log full event with nested objects expanded console.log('Received event:', JSON.stringify(event, null, 2)); // Process the event for (const record of event.Records || []) { console.log(`Event: ${record.eventName}`); console.log(`Bucket: ${record.s3.bucket.name}`); console.log(`Object: ${record.s3.object.key}`); } } // Acknowledge receipt res.status(200).send('OK');});app.listen(3000, () => { console.log('Webhook server listening on port 3000');}); CopyCopied! [Limitations](https://storj.dev/dcs/buckets/bucket-eventing#limitations) ------------------------------------------------------------------------- | Limitation | Description | | --- | --- | | **One configuration per bucket** | Each bucket supports a single notification configuration | | **Google Pub/Sub only** | Only Google Pub/Sub is supported as a destination (no AWS SNS, SQS, Lambda) | | **Storj-managed encryption required** | Projects using self-managed encryption are not supported | | **No ETag in events** | The object ETag is not included in event messages | | **No user identity** | Events do not include information about who performed the action | [Troubleshooting](https://storj.dev/dcs/buckets/bucket-eventing#troubleshooting) --------------------------------------------------------------------------------- ### [Configuration Fails with Permission Error](https://storj.dev/dcs/buckets/bucket-eventing#configuration-fails-with-permission-error) Ensure the Storj service account has the **Pub/Sub Publisher** role on your topic. Double-check: * The service account email is correct for your satellite * The role is granted at the topic level (not the subscription level) ### [IAM Policy Update Failed (Domain Restricted Sharing)](https://storj.dev/dcs/buckets/bucket-eventing#iam-policy-update-failed-domain-restricted-sharing) If you see an error like: > **IAM policy update failed** The 'Domain Restricted Sharing' organization policy (constraints/iam.allowedPolicyMemberDomains) is enforced. Only principals in allowed domains can be added as principals in the policy. This occurs when your Google Cloud organization has the **Domain Restricted Sharing** policy enabled, which prevents adding external service accounts (like Storj's) to your IAM policies. **Solution:** You need to add Storj's organization to the allowed domains in your organization policy: 1. In the Google Cloud Console, ensure you have the **Organization** selected (not a project) 2. Navigate to **IAM & Admin** > **Organization Policies** 3. Find and click on **Domain restricted sharing** (`iam.allowedPolicyMemberDomains`) 4. Click **Manage policy** 5. Under **Rules**, expand the existing **Allow** rule 6. Click **Add value** to add a new custom value 7. Add `principalSet://iam.googleapis.com/organizations/693710676402` (Storj's organization ID) 8. Click **Done**, then **Set policy** You must have the **Organization Policy Administrator** role to modify organization policies. If the "Manage policy" button is grayed out, contact your organization administrator. After updating the organization policy, return to your Pub/Sub topic and grant the Pub/Sub Publisher role to the Storj service account. ### [Not Receiving Events](https://storj.dev/dcs/buckets/bucket-eventing#not-receiving-events) 1. **Check your bucket eventing configuration**: Use `GetBucketNotificationConfiguration` to verify the configuration is set correctly 2. **Check event types**: Ensure the event type you expect is in your configuration 3. **Check filters**: Verify your prefix/suffix filters match the objects you're uploading 4. **Check your subscription**: Ensure you have an active subscription to the Pub/Sub topic 5. **Check Pub/Sub logs**: Review Cloud Logging for any delivery errors ### [Delayed Events](https://storj.dev/dcs/buckets/bucket-eventing#delayed-events) Events are typically delivered within seconds, but may be delayed during: * High system load * Network issues between Storj and Google Cloud ### [Duplicate Events](https://storj.dev/dcs/buckets/bucket-eventing#duplicate-events) Due to at-least-once delivery, you may occasionally receive duplicate events. Design your application to handle duplicates idempotently using the `sequencer` field. [S3 Compatibility](https://storj.dev/dcs/buckets/bucket-eventing#s3-compatibility) ----------------------------------------------------------------------------------- ### [API Methods](https://storj.dev/dcs/buckets/bucket-eventing#api-methods) | Method | Support | | --- | --- | | PutBucketNotificationConfiguration | Yes | | GetBucketNotificationConfiguration | Yes | | PutBucketNotification (deprecated) | Yes | | GetBucketNotification (deprecated) | Yes (AWS CLI has a [known bug](https://github.com/aws/aws-cli/issues/2808)
with JSON output) | ### [Destination Types](https://storj.dev/dcs/buckets/bucket-eventing#destination-types) | Destination | Support | | --- | --- | | Google Cloud Pub/Sub | Yes | | AWS SNS | No | | AWS SQS | No | | AWS Lambda | No | | AWS EventBridge | No | ### [Event Types](https://storj.dev/dcs/buckets/bucket-eventing#event-types-2) | Event | Support | | --- | --- | | s3:ObjectCreated:Put | Yes (also emitted for Post and CompleteMultipartUpload) | | s3:ObjectCreated:Post | No (emits Put event instead) | | s3:ObjectCreated:Copy | Yes | | s3:ObjectCreated:CompleteMultipartUpload | No (emits Put event instead) | | s3:ObjectCreated:\* | Yes | | s3:ObjectRemoved:Delete | Yes | | s3:ObjectRemoved:DeleteMarkerCreated | Yes | | s3:ObjectRemoved:\* | Yes | | s3:ObjectRestore:\* | No | | s3:ReducedRedundancyLostObject | No | | s3:Replication:\* | No | | s3:LifecycleExpiration:\* | No | | s3:LifecycleTransition | No | | s3:IntelligentTiering | No | | s3:ObjectTagging:\* | No | | s3:ObjectAcl:Put | No | ### [Filters](https://storj.dev/dcs/buckets/bucket-eventing#filters) | Filter | Support | | --- | --- | | Key prefix filter | Yes | | Key suffix filter | Yes | ### [Other Features](https://storj.dev/dcs/buckets/bucket-eventing#other-features) | Feature | Support | | --- | --- | | Number of configurations per bucket | Only one | | Test events on configuration | Yes | [Cost Considerations](https://storj.dev/dcs/buckets/bucket-eventing#cost-considerations) ----------------------------------------------------------------------------------------- Bucket eventing incurs costs on Google Cloud for Pub/Sub usage, including throughput and message storage. See the [Google Cloud Pub/Sub pricing page](https://cloud.google.com/pubsub/pricing) for current rates. Storj does not currently charge for the bucket eventing feature itself. **Tip:** Google Cloud offers a [free tier](https://cloud.google.com/free) for Pub/Sub. For most use cases, this covers event notification costs. Previous [Object Lock](https://storj.dev/dcs/buckets/object-lock) Next [Public Buckets](https://storj.dev/dcs/buckets/public-buckets) --- # S3 Compatibility - Storj Docs The Storj S3-compatible Gateway supports a RESTful API that is compatible with the basic data access model of the Amazon S3 API. [Compatibility Table](https://storj.dev/dcs/api/s3/s3-compatibility#compatibility-table) ----------------------------------------------------------------------------------------- | Name | Support | Caveats | | --- | --- | --- | | AbortMultipartUpload | Full | | | CompleteMultipartUpload | Full | | | CopyObject | Full | See CopyObject section | | CreateBucket | Full | | | CreateMultipartUpload | Full | | | DeleteBucket | Full | | | DeleteBucketAnalyticsConfiguration | No | | | DeleteBucketCors | No | | | DeleteBucketEncryption | No | | | DeleteBucketIntelligentTieringConfiguration | No | | | DeleteBucketInventoryConfiguration | No | | | DeleteBucketLifecycle | No | | | DeleteBucketMetricsConfiguration | No | | | DeleteBucketOwnershipControls | No | | | DeleteBucketPolicy | No | | | DeleteBucketReplication | No | | | DeleteBucketTagging | Full | | | DeleteBucketWebsite | No | | | DeleteObject | Full | | | DeleteObjectTagging | Full | Tags can be modified outside of tagging endpoints | | DeleteObjects | Full | | | DeletePublicAccessBlock | No | | | GetBucketAccelerateConfiguration | No | | | GetBucketAcl | No | | | GetBucketAnalyticsConfiguration | No | | | GetBucketCors | No | | | GetBucketEncryption | No | | | GetBucketIntelligentTieringConfiguration | No | | | GetBucketInventoryConfiguration | No | | | GetBucketLifecycle (deprecated) | No | | | GetBucketLifecycleConfiguration | No | | | GetBucketLocation | Full | See GetBucketLocation section | | GetBucketLogging | No | Available upon request; see Bucket Logging section below | | GetBucketMetricsConfiguration | No | | | GetBucketNotification (deprecated) | Yes | AWS CLI has a [known bug](https://github.com/aws/aws-cli/issues/2808)
with JSON output | | GetBucketNotificationConfiguration | Yes | [Bucket Event Notifications](https://storj.dev/dcs/buckets/bucket-eventing) | | GetBucketOwnershipControls | No | | | GetBucketPolicy | Partial | Only in Gateway-ST with --website | | GetBucketPolicyStatus | No | Currently, it always returns false | | GetBucketReplication | No | | | GetBucketRequestPayment | No | Planned support status needs verification | | GetBucketTagging | Full | | | GetBucketVersioning | Yes | [Object Versioning](https://storj.dev/dcs/api/s3/object-versioning) | | GetBucketWebsite | No | | | GetObject | Partial | We need to add support for the partNumber parameter | | GetObjectAcl | No | | | GetObjectAttributes | Partial | Etag, StorageClass, and ObjectSize only | | GetObjectLegalHold | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | GetObjectLockConfiguration | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | GetObjectRetention | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | GetObjectTagging | Full | Tags can be modified outside of tagging endpoints | | GetObjectTorrent | No | | | GetPublicAccessBlock | No | | | HeadBucket | Full | | | HeadObject | Full | | | ListBucketAnalyticsConfigurations | No | | | ListBucketIntelligentTieringConfigurations | No | | | ListBucketInventoryConfigurations | No | | | ListBucketMetricsConfigurations | No | | | ListBuckets | Full | | | ListMultipartUploads | Partial | See ListMultipartUploads section | | ListObjectVersions | Yes | [Object Versioning](https://storj.dev/dcs/api/s3/object-versioning) | | ListObjects | Partial | See ListObjects section | | ListObjectsV2 | Partial | See ListObjects section | | ListParts | Full | | | PutBucketAccelerateConfiguration | No | | | PutBucketAcl | No | | | PutBucketAnalyticsConfiguration | No | | | PutBucketCors | No | | | PutBucketEncryption | No | | | PutBucketIntelligentTieringConfiguration | No | | | PutBucketInventoryConfiguration | No | | | PutBucketLifecycle (deprecated) | No | | | PutBucketLifecycleConfiguration | No | | | PutBucketLogging | No | Available upon request; see Bucket Logging section below | | PutBucketMetricsConfiguration | No | | | PutBucketNotification (deprecated) | Yes | | | PutBucketNotificationConfiguration | Yes | [Bucket Event Notifications](https://storj.dev/dcs/buckets/bucket-eventing) | | PutBucketOwnershipControls | No | | | PutBucketPolicy | No | | | PutBucketReplication | No | | | PutBucketRequestPayment | No | Planned support status needs verification | | PutBucketTagging | Full | | | PutBucketVersioning | Yes | [Object Versioning](https://storj.dev/dcs/api/s3/object-versioning) | | PutBucketWebsite | No | | | PutObject | Full | | | PutObjectAcl | No | | | PutObjectLegalHold | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | PutObjectLockConfiguration | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | PutObjectRetention | Yes | [Object Lock](https://storj.dev/dcs/api/s3/object-lock) | | PutObjectTagging | Full | Tags can be modified outside of tagging endpoints | | PutPublicAccessBlock | No | | | RestoreObject | No | | | SelectObjectContent | No | | | UploadPart | Full | | | UploadPartCopy | Partial | Enabled on-request | | WriteGetObjectResponse | No | | [Compatibility Table Support/Caveats](https://storj.dev/dcs/api/s3/s3-compatibility#compatibility-table-support-caveats) ------------------------------------------------------------------------------------------------------------------------- ### [Definitions](https://storj.dev/dcs/api/s3/s3-compatibility#definitions) #### [Full compatibility](https://storj.dev/dcs/api/s3/s3-compatibility#full-compatibility) Full compatibility means that we support all features of a specific action except for features that rely on other actions that we haven't fully implemented. #### [Partial compatibility](https://storj.dev/dcs/api/s3/s3-compatibility#partial-compatibility) Partial compatibility means that we don't support all features of a specific action (see Caveats column). ### [Bucket Logging](https://storj.dev/dcs/api/s3/s3-compatibility#bucket-logging) Bucket Logging is available upon request. Please refer to [Bucket Logging (Available Upon Request)](https://storj.dev/dcs/buckets/bucket-logging) . ### [CopyObject](https://storj.dev/dcs/api/s3/s3-compatibility#copy-object) Unlike in AWS S3, CopyObject calls in Storj will not fail on objects that exceed 5 GB in size. The object size that can be copied via CopyObject is currently limited to approximately 671 GB. ### [GetBucketLocation](https://storj.dev/dcs/api/s3/s3-compatibility#get-bucket-location) This is currently supported in Gateway-MT only. #### [LocationConstraint](https://storj.dev/dcs/api/s3/s3-compatibility#location-constraint) Specifies the region (or tier) where the object data for a bucket is stored. Buckets in projects created **before November 1, 2025** use legacy constraints (`global`, `us-select-1`). For more information: * [Tiered Pricing](https://storj.dev/dcs/pricing/tiered) * [Legacy Pricing](https://storj.dev/dcs/pricing/legacy) | Region | Description | Location Constraint | | --- | --- | --- | | **Global Collaboration** | Globally distributed placement optimized for worldwide team access and consistent performance. Ideal for multi-region workflows and active collaboration. | `global-1` | | **Regional Workflows – US** | Region-specific storage confined to SOC 2 Type 2 certified facilities in the United States. Ensures data residency, compliance, and predictable performance. Successor to the legacy `us-select-1` region. | `regional-1` | | **Active Archive** | Cost-effective **global** storage tier for long-term retention and backup. Provides instant access without paying for peak performance. Successor to the legacy `global` region. | `archive-1` | | **Global** (Legacy) | Legacy globally distributed storage tier. Replaced by **Active Archive**. | `global` | | **US Select** (Legacy) | Legacy US-only storage tier hosted in SOC 2 Type 2 compliant facilities. Replaced by **Regional Workflows – US**. | `us-select-1` | ### [ListObjects](https://storj.dev/dcs/api/s3/s3-compatibility#list-objects) #### [Encrypted Object Keys](https://storj.dev/dcs/api/s3/s3-compatibility#encrypted-object-keys) A bucket's paths are end-to-end encrypted. We don't use an ordering-preserving encryption scheme yet, meaning that it's impossible to always list a bucket in lexicographical order (as per S3 specification). For requests that come with forward-slash-terminated prefix and/or forward-slash delimiter, we list in the fastest way we can, which will list a bucket in lexicographical order, but for encrypted paths (which is often very different from the expected order for decrypted paths). Ideally, clients shouldn't care about ordering in those cases. For requests that come with non-forward-slash-terminated prefix and/or non-forward-slash delimiter, we perform exhaustive listing, which will filter paths gateway-side. In this case, gateways return listing in lexicographical order. Forcing exhaustive listing for any request is not possible for Storj production deployments of Gateway-MT, and for, e.g. Gateway-ST can be achieved with `--s3.fully-compatible-listing`. #### [Unencrypted Object Keys](https://storj.dev/dcs/api/s3/s3-compatibility#unencrypted-object-keys) Always lists in lexicographical order (as per S3 specification). For requests that come with a non-forward-slash delimiter, we perform exhaustive listing, which will filter paths gateway-side. ### [ListMultipartUploads](https://storj.dev/dcs/api/s3/s3-compatibility#list-multipart-uploads) This endpoint has the same ordering characteristics as `ListObjects` described above, in that lexicographic ordering works on encrypted upload paths, not the decrypted uploads paths. It also only supports prefixes that contain a trailing forward-slash, as well as a forward-slash delimiter. An exhaustive search similar to what `ListObjects` does with arbitrary prefixes and delimiters is not supported. `UploadIdMarker` and `NextUploadIdMarker` are not supported. This is used to filter out uploads that come before the given upload ID marker. This is tracked at [storj/gateway-mt#213](https://github.com/storj/gateway-mt/issues/213) ### [ACL-related actions](https://storj.dev/dcs/api/s3/s3-compatibility#acl-related-actions) [Secure access control in the decentralized cloud](https://www.storj.io/blog/secure-access-control-in-the-decentralized-cloud) is a good read for why we don't support ACL-related actions. [Limits](https://storj.dev/dcs/api/s3/s3-compatibility#limits) --------------------------------------------------------------- | Limit | Specification | | --- | --- | | Maximum number of buckets | 100 | | Maximum number of objects per bucket | No limit | | Maximum object size | No limit | | Minimum object size | 0 B | | Maximum object size per PUT operation | No limit | | Maximum number of parts per upload | 10000 | | Minimum part size | 5 MiB. Last part can be 0 B | | Maximum number of parts returned per list parts request | 10000 | | Maximum number of objects returned per list objects request | 1000 | | Maximum number of multipart uploads returned per list multipart uploads request | 1000 | | Maximum length for bucket names | 63 | | Minimum length for bucket names | 3 | | Maximum length for encrypted object names | 1280 | | Maximum metadata size | 2 KiB | ### [S3-compatible clients configuration for objects larger than 5 TiB](https://storj.dev/dcs/api/s3/s3-compatibility#s3-compatible-clients-configuration-for-objects-larger-than-5-ti-b) AWS S3 limits users to upload objects no larger than 5 TiB. Edge services at Storj don't impose such a limit, but the existence of the limit in AWS S3 requires users to tweak their client's configuration to be able to upload larger objects. This example is specific to AWS CLI, but your particular S3-compatible client might carry a need for a similar configuration. A multipart upload requires that a single object is uploaded in not more than 10000 distinct parts. You must ensure that the chunk size you set balances the part size and the number of parts. For example, for 6 TiB objects, you need to set AWS CLI's `multipart_chunksize` to approximately 630 MiB: $ aws --profile storj configure set s3.multipart_chunksize 630MiB$ aws --profile storj --endpoint-url https://gateway.storjshare.io s3 cp 6TiB_file s3://objects/ $ aws --profile storj configure set s3.multipart_chunksize 630MiB$ aws --profile storj --endpoint-url https://gateway.storjshare.io s3 cp 6TiB_file s3://objects/ CopyCopied! [Storj-specific extensions](https://storj.dev/dcs/api/s3/s3-compatibility#storj-specific-extensions) ----------------------------------------------------------------------------------------------------- ### [Object-level TTL](https://storj.dev/dcs/api/s3/s3-compatibility#object-level-ttl) It's possible to specify TTL for the object by sending the * `X-Amz-Meta-Object-Expires` header (note: S3-compatible clients usually add the `X-Amz-Meta-` / `X-Minio-Meta-` prefix themselves) with one of the following values: * a signed, positive sequence of decimal numbers, each with an optional fraction and a unit suffix, such as `+300ms`, `+1.5h`, or `+2h45m` * valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h` * `+2h` means the object expires 2 hours from now * full RFC3339-formatted date It's also possible to specify `none` for no expiration (or not send the header). #### [AWS CLI example](https://storj.dev/dcs/api/s3/s3-compatibility#aws-cli-example) $ aws s3 --endpoint-url https://gateway.storjshare.io cp file s3://bucket/object --metadata Object-Expires=+2hupload: ./file to s3://bucket/object# or$ aws s3 --endpoint-url https://gateway.storjshare.io cp file s3://bucket/object --metadata Object-Expires=2022-05-19T00:10:55Zupload: ./file to s3://bucket/object $ aws s3 --endpoint-url https://gateway.storjshare.io cp file s3://bucket/object --metadata Object-Expires=+2hupload: ./file to s3://bucket/object# or$ aws s3 --endpoint-url https://gateway.storjshare.io cp file s3://bucket/object --metadata Object-Expires=2022-05-19T00:10:55Zupload: ./file to s3://bucket/object CopyCopied! #### [Caveats](https://storj.dev/dcs/api/s3/s3-compatibility#caveats) The value under `X-Amz-Meta-Object-Expires` has priority over the value under `X-Minio-Meta-Object-Expires`. ### [ListBucketsWithAttribution (Gateway-MT only)](https://storj.dev/dcs/api/s3/s3-compatibility#list-buckets-with-attribution-gateway-mt-only) An alternate response of the S3 ListBuckets API endpoint which includes Attribution in the Bucket XML element. Other than the addition of Attribution in the response the endpoint behavior is the same as ListBuckets. #### [Request Syntax](https://storj.dev/dcs/api/s3/s3-compatibility#request-syntax) GET /?attribution HTTP/1.1Host: gateway.storjshare.io GET /?attribution HTTP/1.1Host: gateway.storjshare.io CopyCopied! #### [Response Syntax](https://storj.dev/dcs/api/s3/s3-compatibility#response-syntax) HTTP/1.1 200 string timestamp string string string HTTP/1.1 200 string timestamp string string string CopyCopied! #### [Example](https://storj.dev/dcs/api/s3/s3-compatibility#example) This sample code works with the AWS SDK for Go and derives from ListBuckets a call to ListBucketsWithAttribution. package mainimport ( "fmt" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")type BucketWithAttribution struct { _ struct{} `type:"structure"` CreationDate *time.Time `type:"timestamp"` Name *string `type:"string"` Attribution *string `type:"string"`}type ListBucketsWithAttributionOutput struct { _ struct{} `type:"structure"` Buckets []*BucketWithAttribution `locationNameList:"Bucket" type:"list"` Owner *s3.Owner `type:"structure"`}func main() { // Note: YOUR-ACCESSKEYID and YOUR-SECRETACCESSKEY are example values, please replace them with your keys. creds := credentials.NewCredentials(&credentials.StaticProvider{ Value: credentials.Value{ AccessKeyID: "YOUR_ACCESSKEYID", SecretAccessKey: "YOUR_SECRETACCESSKEY", }}) ses := session.Must(session.NewSession(aws.NewConfig().WithCredentials(creds).WithRegion("eu1").WithEndpoint("https://gateway.storjshare.io"))) svc := s3.New(ses) op := &request.Operation{ Name: "ListBuckets", HTTPMethod: "GET", HTTPPath: "/?attribution", } output := &ListBucketsWithAttributionOutput{} req := svc.NewRequest(op, &s3.ListBucketsInput{}, output) if err := req.Send(); err != nil { panic(err) } fmt.Println(awsutil.Prettify(output))} package mainimport ( "fmt" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")type BucketWithAttribution struct { _ struct{} `type:"structure"` CreationDate *time.Time `type:"timestamp"` Name *string `type:"string"` Attribution *string `type:"string"`}type ListBucketsWithAttributionOutput struct { _ struct{} `type:"structure"` Buckets []*BucketWithAttribution `locationNameList:"Bucket" type:"list"` Owner *s3.Owner `type:"structure"`}func main() { // Note: YOUR-ACCESSKEYID and YOUR-SECRETACCESSKEY are example values, please replace them with your keys. creds := credentials.NewCredentials(&credentials.StaticProvider{ Value: credentials.Value{ AccessKeyID: "YOUR_ACCESSKEYID", SecretAccessKey: "YOUR_SECRETACCESSKEY", }}) ses := session.Must(session.NewSession(aws.NewConfig().WithCredentials(creds).WithRegion("eu1").WithEndpoint("https://gateway.storjshare.io"))) svc := s3.New(ses) op := &request.Operation{ Name: "ListBuckets", HTTPMethod: "GET", HTTPPath: "/?attribution", } output := &ListBucketsWithAttributionOutput{} req := svc.NewRequest(op, &s3.ListBucketsInput{}, output) if err := req.Send(); err != nil { panic(err) } fmt.Println(awsutil.Prettify(output))} CopyCopied! [Compatibility with Python SDK (`boto3`) and `aws` CLI](https://storj.dev/dcs/api/s3/s3-compatibility#compatibility-with-python-sdk-and-cli) --------------------------------------------------------------------------------------------------------------------------------------------- Currently only `boto3` version up to 1.35.99 is working normally. Since AWS CLI uses `boto3` under the hood, it's affected too. You can find the explanation of this breaking change in boto3 in this [github issue](https://github.com/boto/boto3/issues/4392) . Specifically, please note: > Disclaimer: The AWS SDKs and CLI are designed for usage with official AWS services. We may introduce and enable new features by default, such as these new [default integrity protections](https://aws.amazon.com/blogs/aws/introducing-default-data-integrity-protections-for-new-objects-in-amazon-s3/) > prior to them being supported or handled by third-party service implementations. You can disable the new behavior with the `WHEN_REQUIRED` value for the `request_checksum_calculation` and `response_checksum_validation` configuration options covered in [Data Integrity Protections for Amazon S3](https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html) > . It is preferable to downgrade rather than disabling the new behavior with `WHEN_REQUIRED`, and this may not even work with Storj anyway. You may track [this issue](https://github.com/storj/gateway-st/issues/89) to be notified, when this new behavior would be supported by [Gateway-ST](https://storj.dev/learn/self-host/gateway-st) and [Gateway-MT](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . Previous [Objects](https://storj.dev/dcs/objects) Next [Storj Managed vs. Self-Managed Encryption S3 Compatibility Differences](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences) --- # Storj IPFS Pinning Service (Beta) - Storj Docs [Prerequisites](https://storj.dev/dcs/api/storj-ipfs-pinning#prerequisites) ---------------------------------------------------------------------------- Thank you for your interest in the IPFS Pinning Beta. We are no longer accepting additional beta users, however, here's a Github link should you choose to run this on your own: [https://github.com/storj/ipfs-go-ds-storj](https://github.com/storj/ipfs-go-ds-storj) The Storj IPFS Pinning service consists of an HTTP endpoint for uploading and pinning content, and an IPFS Gateway that serves the pinned content over IPFS and HTTP. Details on smart contract pinning will be made available in the future. [How to pin with Storj IPFS](https://storj.dev/dcs/api/storj-ipfs-pinning#how-to-pin-with-storj-ipfs) ------------------------------------------------------------------------------------------------------ All content uploaded to the Storj IPFS service via the HTTP endpoint below is pinned. Examples are given in cURL and JavaScript, but could be done from any programming language or with existing IPFS client bindings for a given programming language, such as the [IPFS HTTP Client library](https://www.npmjs.com/package/ipfs-http-client) for npm. [HTTP Upload endpoint](https://storj.dev/dcs/api/storj-ipfs-pinning#http-upload-endpoint) ------------------------------------------------------------------------------------------ Uploading content follows the [IPFS HTTP RPC for /api/v0/add](https://docs.ipfs.tech/reference/kubo/rpc/#api-v0-add) with two minor differences: 1. The only optional arguments supported are `wrap-with-directory` and `cid-version`. 2. You must specify the credentials given when invited to participate in the beta as _HTTP basic authentication._ **_This is not the same as your Storj username and password. Do not use your Storj username and password to try and use the IPFS Pinning Service._** ### [Example for pinning a single file using cURL](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-pinning-a-single-file-using-c-url) For example, this is how it would work with cURL and a file you wanted to pin called `/path/file.extension`. Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.extension "https://www.storj-ipfs.com/api/v0/add" curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.extension "https://www.storj-ipfs.com/api/v0/add" CopyCopied! The '`@`' before the file path is required for the upload to work properly. For example, if the file you wanted to upload was `/home/hello/hi.jpg`, the curl argument would be `file=@/home/hello/hi.jpg`. ### [Example for pinning a single file using cURL and optional arguments](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-pinning-a-single-file-using-c-url-and-optional-arguments) Another example is to pin the same file `/path/file.extension`, but wrap it in a directory and use CIDv1 instead of the default CIDv0 for the content identifier. Again, replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.extension "https://www.storj-ipfs.com/api/v0/add?wrap-with-directory&cid-version=1" curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.extension "https://www.storj-ipfs.com/api/v0/add?wrap-with-directory&cid-version=1" CopyCopied! The '`@`' before the file path is required for the upload to work properly. For example, if the file you wanted to upload was `/home/hello/hi.jpg`, the curl argument would be `file=@/home/hello/hi.jpg`. ### [Example for pinning a single file using JavaScript](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-pinning-a-single-file-using-java-script) You'll need [Node.js](https://nodejs.org/) installed on your local system for this example. 1\. Make a new JavaScript project. Create a new directory and use `npm` to create a new project: mkdir storj-ipfs-quickstartcd storj-ipfs-quickstartnpm init mkdir storj-ipfs-quickstartcd storj-ipfs-quickstartnpm init CopyCopied! NPM will ask a few questions about your project and create a `package.json` file. 2\. Add the `got` HTTP client and the `form-data` library to your project dependencies. Install the latest versions of the `got` and `form-data` packages: npm install got form-data npm install got form-data CopyCopied! 3\. Create a file called `upload-file.mjs` and open it with your code editor. A `.mjs` extension indicates an ES6 module file. For more details see [here](https://stackoverflow.com/questions/57492546/what-is-the-difference-between-js-and-mjs-files) . Below is the code we need to upload a file and pin it on the Storj IPFS pinning service. Paste in the code below and read through it. Feel free to remove the comments - they're just there to highlight what's happening. // The 'got' module gives a promised-based HTTP client.import got from 'got'// The 'fs' built-in module provides access to the file system.import fs from 'fs'// The 'form-data' module helps us submit forms and file uploads// to other web applications.import FormData from 'form-data'/** * Uploads a file from `filepath` and pins it to the Storj IPFS pinning service. * @param {string} username your username for the Storj IPFS pinning service * @param {string} password your password for the Storj IPFS pinning service * @param {string} filepath the path to the file */async function pinFileToIPFS(username, password, filepath) { // The HTTP upload endpoint of the Storj IPFS pinning service const url = `https://www.storj-ipfs.com/api/v0/add` // Create a form with the file to upload let data = new FormData() data.append('file', fs.createReadStream(filepath)) // Execute the Upload request to the Storj IPFS pinning service return got.post(url, { username: username, password: password, headers: { 'Content-Type': `multipart/form-data; boundary= ${data._boundary}`, }, body: data, })}/** * The main entry point for the script that checks the command line arguments and * calls pinFileToIPFS. * * To simplify the example, we don't do fancy command line parsing. Just three * positional arguments for imagePath, name, and description */async function main() { const args = process.argv.slice(2) if (args.length !== 3) { console.error( `usage: ${process.argv[0]} ${process.argv[1]} ` ) process.exit(1) } const [username, password, filepath] = args const response = await pinFileToIPFS(username, password, filepath) console.log(response.body)}/** * Don't forget to call the main function! * We can't `await` things at the top level, so this adds * a .catch() to grab any errors and print them to the console. */main().catch((err) => { console.error(err) process.exit(1)}) // The 'got' module gives a promised-based HTTP client.import got from 'got'// The 'fs' built-in module provides access to the file system.import fs from 'fs'// The 'form-data' module helps us submit forms and file uploads// to other web applications.import FormData from 'form-data'/** * Uploads a file from `filepath` and pins it to the Storj IPFS pinning service. * @param {string} username your username for the Storj IPFS pinning service * @param {string} password your password for the Storj IPFS pinning service * @param {string} filepath the path to the file */async function pinFileToIPFS(username, password, filepath) { // The HTTP upload endpoint of the Storj IPFS pinning service const url = `https://www.storj-ipfs.com/api/v0/add` // Create a form with the file to upload let data = new FormData() data.append('file', fs.createReadStream(filepath)) // Execute the Upload request to the Storj IPFS pinning service return got.post(url, { username: username, password: password, headers: { 'Content-Type': `multipart/form-data; boundary= ${data._boundary}`, }, body: data, })}/** * The main entry point for the script that checks the command line arguments and * calls pinFileToIPFS. * * To simplify the example, we don't do fancy command line parsing. Just three * positional arguments for imagePath, name, and description */async function main() { const args = process.argv.slice(2) if (args.length !== 3) { console.error( `usage: ${process.argv[0]} ${process.argv[1]} ` ) process.exit(1) } const [username, password, filepath] = args const response = await pinFileToIPFS(username, password, filepath) console.log(response.body)}/** * Don't forget to call the main function! * We can't `await` things at the top level, so this adds * a .catch() to grab any errors and print them to the console. */main().catch((err) => { console.error(err) process.exit(1)}) CopyCopied! 4\. Run your script with node. You should now be able to run the script and give it the path to a file. You'll also need to supply your username and password for the Storj IPFS pinning service. node upload-file.mjs ipfs_beta_user ipfs_beta_password /path/file.extension node upload-file.mjs ipfs_beta_user ipfs_beta_password /path/file.extension CopyCopied! Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. ### [Example for pinning a folder using JavaScript](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-pinning-a-folder-using-java-script) This example builds on top of the example for pinning a single file. 1\. Add the `recursive-js` and `base-path-converter` libraries to your project dependencies. Install the latest versions of the `recursive-js` and `base-path-converter` packages: npm install recursive-js base-path-converter npm install recursive-js base-path-converter CopyCopied! 2\. Create a file called `upload-folder.mjs` and open it with your code editor. A `.mjs` extension indicates an ES6 module file. For more details see [here](https://stackoverflow.com/questions/57492546/what-is-the-difference-between-js-and-mjs-files) . Below is the code we need to upload a folder and pin it on the Storj IPFS pinning service. Paste in the code below and read through it. Feel free to remove the comments - they're just there to highlight what's happening. // The 'got' module gives a promised-based HTTP client.import got from 'got'// The 'fs' built-in module provides access to the file system.import fs from 'fs'// The 'form-data' module helps us submit forms and file uploads// to other web applications.import FormData from 'form-data'// The 'recursive-fs' module provides async recursive file system operations.import rfs from 'recursive-fs'// The 'base-path-converter' module trims file paths from a base path.import basePathConverter from 'base-path-converter'/** * Uploads a folder from `folderpath` and pins it to the Storj IPFS pinning service. * @param {string} username your username for the Storj IPFS pinning service * @param {string} password your password for the Storj IPFS pinning service * @param {string} folderpath the path to the folder */async function pinFolderToIPFS(username, password, folderpath) { // The HTTP upload endpoint of the Storj IPFS pinning service const url = `https://www.storj-ipfs.com/api/v0/add` // Create a form with the folder and its files to upload let data = new FormData() const { dirs, files } = await rfs.read(folderpath) for (const file of files) { data.append(`file`, fs.createReadStream(file), { filepath: basePathConverter(folderpath, file), }) } // Execute the Upload request to the Storj IPFS pinning service return got .post(url, { username: username, password: password, headers: { 'Content-Type': `multipart/form-data; boundary=${data._boundary}`, }, body: data, }) .on('uploadProgress', (progress) => { console.log(progress) })}/** * The main entry point for the script that checks the command line arguments and * calls pinFolderToIPFS. * * To simplify the example, we don't do fancy command line parsing. Just three * positional arguments for username, password, and folder path. */async function main() { const args = process.argv.slice(2) if (args.length !== 3) { console.error( `usage: ${process.argv[0]} ${process.argv[1]} ` ) process.exit(1) } const [username, password, folderpath] = args const response = await pinFolderToIPFS(username, password, folderpath) console.log(response.body)}/** * Don't forget to call the main function! * We can't `await` things at the top level, so this adds * a .catch() to grab any errors and print them to the console. */main().catch((err) => { console.error(err) process.exit(1)}) // The 'got' module gives a promised-based HTTP client.import got from 'got'// The 'fs' built-in module provides access to the file system.import fs from 'fs'// The 'form-data' module helps us submit forms and file uploads// to other web applications.import FormData from 'form-data'// The 'recursive-fs' module provides async recursive file system operations.import rfs from 'recursive-fs'// The 'base-path-converter' module trims file paths from a base path.import basePathConverter from 'base-path-converter'/** * Uploads a folder from `folderpath` and pins it to the Storj IPFS pinning service. * @param {string} username your username for the Storj IPFS pinning service * @param {string} password your password for the Storj IPFS pinning service * @param {string} folderpath the path to the folder */async function pinFolderToIPFS(username, password, folderpath) { // The HTTP upload endpoint of the Storj IPFS pinning service const url = `https://www.storj-ipfs.com/api/v0/add` // Create a form with the folder and its files to upload let data = new FormData() const { dirs, files } = await rfs.read(folderpath) for (const file of files) { data.append(`file`, fs.createReadStream(file), { filepath: basePathConverter(folderpath, file), }) } // Execute the Upload request to the Storj IPFS pinning service return got .post(url, { username: username, password: password, headers: { 'Content-Type': `multipart/form-data; boundary=${data._boundary}`, }, body: data, }) .on('uploadProgress', (progress) => { console.log(progress) })}/** * The main entry point for the script that checks the command line arguments and * calls pinFolderToIPFS. * * To simplify the example, we don't do fancy command line parsing. Just three * positional arguments for username, password, and folder path. */async function main() { const args = process.argv.slice(2) if (args.length !== 3) { console.error( `usage: ${process.argv[0]} ${process.argv[1]} ` ) process.exit(1) } const [username, password, folderpath] = args const response = await pinFolderToIPFS(username, password, folderpath) console.log(response.body)}/** * Don't forget to call the main function! * We can't `await` things at the top level, so this adds * a .catch() to grab any errors and print them to the console. */main().catch((err) => { console.error(err) process.exit(1)}) CopyCopied! 3\. Run your script with node. You should now be able to run the script and give it the path to a folder. You'll also need to supply your username and password for the Storj IPFS pinning service. node upload-folder.mjs ipfs_beta_user ipfs_beta_password /path/folder node upload-folder.mjs ipfs_beta_user ipfs_beta_password /path/folder CopyCopied! Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. [How to retrieve pinned objects](https://storj.dev/dcs/api/storj-ipfs-pinning#how-to-retrieve-pinned-objects) -------------------------------------------------------------------------------------------------------------- Any content uploaded is automatically pinned and retrievable through any software that supports IPFS natively via its CID like [IPFS Desktop](https://github.com/ipfs/ipfs-desktop) or [IPFS CLI](https://docs.ipfs.io/how-to/command-line-quick-start/) . Some browsers like [Brave](https://brave.com/ipfs-support/) include support, as well as some IPFS programs. For those applications that do not support IPFS natively, you can use any [public IPFS gateway](https://docs.ipfs.io/concepts/ipfs-gateway/) , or the Storj IPFS Gateway as described below. ### [HTTP via Storj IPFS Gateway](https://storj.dev/dcs/api/storj-ipfs-pinning#http-via-storj-ipfs-gateway) For best performance, we have provided a Storj IPFS Gateway. This gateway will only host content pinned to Storj, so it is not like other public IPFS gateways. You can construct a link like this: https://www.storj-ipfs.com/ipfs/ https://www.storj-ipfs.com/ipfs/ CopyCopied! In cases where the gateway is unable to retrieve a given CID (e.g., returns a 404 not found error), please double check that you are using the correct CID and that it was uploaded to the Storj IPFS service. ### [Peering your IPFS node with Storj pinning nodes](https://storj.dev/dcs/api/storj-ipfs-pinning#peering-your-ipfs-node-with-storj-pinning-nodes) If you run your own IPFS node that retrieves a lot of data pinned on the Storj IPFS Pinning Service, you may want to prioritize the connections to the Storj IPFS nodes. This will improve the download performance by bypassing the DHT lookup for the data. Prioritizing connections to certain peers is called **Peering**, and you can tell IPFS which peers to prioritize by editing the [`Peering` configuration](https://docs.ipfs.io/how-to/configure-node/#peering) in your IPFS config file. To _peer_ with Storj IPFS nodes, you could update the `Peering` section of your config to include their ID and addresses: { "Peering": { "Peers": [ { "ID": "12D3KooWFFhc8fPYnQXdWBCowxSV21EFYin3rU27p3NVgSMjN41k", "Addrs": [ "/ip4/5.161.92.43/tcp/4001", "/ip4/5.161.92.43/udp/4001/quic", "/ip6/2a01:4ff:f0:3b1e::1/tcp/4001", "/ip6/2a01:4ff:f0:3b1e::1/udp/4001/quic" ] }, { "ID": "12D3KooWSW4hoHmDXmY5rW7nCi9XmGTy3foFt72u86jNP53LTNBJ", "Addrs": [ "/ip4/5.161.55.227/tcp/4001", "/ip4/5.161.55.227/udp/4001/quic", "/ip6/2a01:4ff:f0:1e5a::1/tcp/4001", "/ip6/2a01:4ff:f0:1e5a::1/udp/4001/quic" ] }, { "ID": "12D3KooWSDj6JM2JmoHwE9AUUwqAFUEg9ndd3pMA8aF2bkYckZfo", "Addrs": [ "/ip4/5.161.92.36/tcp/4001", "/ip4/5.161.92.36/udp/4001/quic", "/ip6/2a01:4ff:f0:3764::1/tcp/4001", "/ip6/2a01:4ff:f0:3764::1/udp/4001/quic" ] } ] }} { "Peering": { "Peers": [ { "ID": "12D3KooWFFhc8fPYnQXdWBCowxSV21EFYin3rU27p3NVgSMjN41k", "Addrs": [ "/ip4/5.161.92.43/tcp/4001", "/ip4/5.161.92.43/udp/4001/quic", "/ip6/2a01:4ff:f0:3b1e::1/tcp/4001", "/ip6/2a01:4ff:f0:3b1e::1/udp/4001/quic" ] }, { "ID": "12D3KooWSW4hoHmDXmY5rW7nCi9XmGTy3foFt72u86jNP53LTNBJ", "Addrs": [ "/ip4/5.161.55.227/tcp/4001", "/ip4/5.161.55.227/udp/4001/quic", "/ip6/2a01:4ff:f0:1e5a::1/tcp/4001", "/ip6/2a01:4ff:f0:1e5a::1/udp/4001/quic" ] }, { "ID": "12D3KooWSDj6JM2JmoHwE9AUUwqAFUEg9ndd3pMA8aF2bkYckZfo", "Addrs": [ "/ip4/5.161.92.36/tcp/4001", "/ip4/5.161.92.36/udp/4001/quic", "/ip6/2a01:4ff:f0:3764::1/tcp/4001", "/ip6/2a01:4ff:f0:3764::1/udp/4001/quic" ] } ] }} CopyCopied! [How to list pinned objects](https://storj.dev/dcs/api/storj-ipfs-pinning#how-to-list-pinned-objects) ------------------------------------------------------------------------------------------------------ Listing pinned content follows the [IPFS HTTP RPC for /api/v0/pin/ls](https://docs.ipfs.tech/reference/kubo/rpc/#api-v0-pin-ls) with two minor differences: 1. None of the optional arguments are currently supported. 2. You must specify the credentials given when invited to participate in the beta as _HTTP basic authentication._ **_This is not the same as your Storj username and password. Do not use your Storj username and password to try and use the IPFS Pinning Service._** ### [Example for listing pins using cURL](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-listing-pins-using-c-url) For example, this is how it would work with cURL to list all pins for your user. Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/ls" curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/ls" CopyCopied! [How to unpin objects](https://storj.dev/dcs/api/storj-ipfs-pinning#how-to-unpin-objects) ------------------------------------------------------------------------------------------ Unpinning content follows the [IPFS HTTP RPC for /api/v0/pin/rm](https://docs.ipfs.tech/reference/kubo/rpc/#api-v0-pin-rm) with two minor differences: 1. None of the optional arguments are currently supported. 2. You must specify the credentials given when invited to participate in the beta as _HTTP basic authentication._ **_This is not the same as your Storj username and password. Do not use your Storj username and password to try and use the IPFS Pinning Service._** **_Unpinning the content does not remove it immediately from the IPFS network, and it may still be accessible through the Storj IPFS Gateway for some time._** ### [Example for removing a single pin using cURL](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-removing-a-single-pin-using-c-url) For example, this is how it would work with cURL and a pin with CID `QmExample`. Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/rm?arg=QmExample" curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/rm?arg=QmExample" CopyCopied! ### [Example for removing multiple pins using cURL](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-removing-multiple-pins-using-c-url) For example, this is how it would work with cURL and three pins with CIDs `QmExample1`, `QmExample2`, and `QmExample3`. Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/rm?arg=QmExample1&arg=QmExample2&arg=QmExample3" curl -u ipfs_beta_user:ipfs_beta_password -X POST "https://www.storj-ipfs.com/api/v0/pin/rm?arg=QmExample1&arg=QmExample2&arg=QmExample3" CopyCopied! [How to import CAR archives](https://storj.dev/dcs/api/storj-ipfs-pinning#how-to-import-car-archives) ------------------------------------------------------------------------------------------------------ The Content Addressable aRchives ([CAR](https://ipld.io/specs/transport/car/carv2/) ) format is used to store content addressable objects in the form of IPLD block data as a sequence of bytes; typically in a file with a .car filename extension. Importing a CAR archive to the Storj IPFS service will store its content and pin the root CID. ### [HTTP Upload endpoint](https://storj.dev/dcs/api/storj-ipfs-pinning#http-upload-endpoint-2) Importing CAR content follows the [IPFS HTTP RPC for /api/v0/dag/import](https://docs.ipfs.tech/reference/kubo/rpc/#api-v0-dag-import) with two minor differences: 1. The `stats` argument is implicitely set to `true`. No other arguments are supported. 2. You must specify the credentials given when invited to participate in the beta as _HTTP basic authentication._ **_This is not the same as your Storj username and password. Do not use your Storj username and password to try and use the IPFS Pinning Service._** ### [Example for pinning a single file using cURL](https://storj.dev/dcs/api/storj-ipfs-pinning#example-for-pinning-a-single-file-using-c-url-2) For example, this is how it would work with cURL and a file you wanted to pin called `/path/file.car`. Please replace **_ipfs\_beta\_user_** and **_ipfs\_beta\_password_** with the beta credentials you received when accepted into the beta. curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.car "https://www.storj-ipfs.com/api/v0/dag/import" curl -u ipfs_beta_user:ipfs_beta_password -X POST -F file=@/path/file.car "https://www.storj-ipfs.com/api/v0/dag/import" CopyCopied! The '`@`' before the file path is required for the import to work properly. For example, if the file you wanted to import was `/home/hello/myfile.car`, the curl argument would be `file=@/home/hello/myfile.car`. Previous [SDKs](https://storj.dev/dcs/api/sdk) Next [Uplink CLI API](https://storj.dev/dcs/api/uplink-cli) --- # Introduction to Storj - Storj Docs [Introduction](https://storj.dev/learn#introduction) ----------------------------------------------------- Storj makes open-source software that anyone can run - individuals with a Network Attached Storage Device or NAS, those with desktop computers that are always on, businesses, or data centers - that allows these users to share unused disk drive space and bandwidth with the network. Our software aggregates all of that storage capacity and bandwidth to create an extremely secure, private, and durable cloud storage service for developers. Storj makes that storage and bandwidth available as a distributed cloud object storage service for developers, with an enterprise-grade 99.95% availability, eleven 9s of durability, and S3 compatibility under the Storj brand. [What is Storj?](https://storj.dev/learn#what-is-storj) -------------------------------------------------------- Storj is an encrypted, secure, and affordable object storage service that enables you to store, back up, and archive large amounts of data to the decentralized cloud. [https://www.youtube.com/watch?v=JgKdBRIyIps](https://www.youtube.com/watch?v=JgKdBRIyIps) For developers who demand ownership of their data and who want to build with confidence, Storj is private by design and secure by default—delivering unparalleled data protection and privacy when compared to traditional centralized cloud object storage alternatives. Storj offers affordable and predictable pricing, S3 compatibility, a robust library of open source technical documentation, and familiar development tools - along with a vibrant user community - which enables developers to economically and easily learn and leverage decentralized cloud storage technology to take control of their data when building the next great application or service. [Peer Classes](https://storj.dev/learn#peer-classes) ----------------------------------------------------- There are 3 main components, or peer classes, on the network - Storage nodes, the application that enables people to share excess hard drive capacity and bandwidth with the network, Uplink Clients, developer tools (sometimes hosted) to upload and download data, and finally, the Satellite, a hosted set of services that handles access management, metadata management, storage node reputation, and data repair, as well as billing and payment. The Storage Node stores data for others, and gets paid for storage and bandwidth. All data stored on storage nodes is client-side encrypted and erasure-coded. Uplink Clients enables developers to store data on Storj, handling end-to-end encryption from the client-side (by default), and erasure coding, where files are split into 80 pieces then distributed across our network of storage nodes. Each of the 80 pieces is stored on different, diverse storage nodes, with different operators, power supplies, networks, and geographies, etc. - yielding tremendous security, performance, and durability advantages. The client-side managed, end-to-end encryption combined with our edge-based access management capabilities provide easy-to-use tools for building applications that are more private, more secure, and less susceptible to a range of common attack vectors. Uplink clients include both our self-hosted and Storj-hosted S3 compatible gateways, the CLI, and the libuplink Go library and bindings. The Satellite is a set of hosted services that handles developer account access, API access management, metadata management, storage node reputation, data audit, and data repair, as well as billing developers and payment for Storage Nodes. Storj Labs satellites are operated under the Storj brand. [How it's Different](https://storj.dev/learn#how-its-different) ---------------------------------------------------------------- To give you a sense of how the Storj service is different, it’s helpful to describe what happens with a round-trip upload and download of a file. Files are uploaded using an Uplink client, whether directly using the CLI or S3 compatible gateway, or indirectly using a tool that has integrated the libuplink library, such as FileZilla, Rclone or Restic. [What Happens When You Upload](https://storj.dev/learn#what-happens-when-you-upload) ------------------------------------------------------------------------------------- When a file is uploaded, it’s first encrypted by the Uplink client using an encryption key held by that client. Next, it’s erasure-coded, meaning it’s broken up into pieces, of which only a subset are required to reconstitute a file. The redundancy from erasure coding is far more efficient than replicating files and this technology used by most data storage systems, including DVDs, which is why you can still watch a movie even if there are scratches and fingerprints on the disk. For example, we may need 29 of the 80 pieces we uploaded. The Uplink Client then contacts the satellite to get a list of Storage Nodes on which to store the pieces. The satellite returns more than 80 Storage Node addresses. The Uplink Client uploads pieces peer-to-peer, in parallel, directly to the Storage Nodes. The Uplink client stops attempting to upload pieces once 80 pieces have been successfully uploaded to at least 80 Storage Nodes. The Uplink Client attempts a few more than 80 during the upload process to eliminate any long-tail effect and the related latency from the slowest Storage Nodes. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hPX7iDvFPPpCmAm73d1MD_6037d462443538c5f8ca2bb36022e0693d144c0e7d9711a0audit-image-2.gif)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hPX7iDvFPPpCmAm73d1MD_6037d462443538c5f8ca2bb36022e0693d144c0e7d9711a0audit-image-2.gif) [What Happens When You Download](https://storj.dev/learn#what-happens-when-you-download) ----------------------------------------------------------------------------------------- When the Uplink Client downloads a file, it’s essentially the same process as an upload but in reverse. The Uplink Client requests a file from the Satellite and the Satellite returns a list of Storage Nodes from which the Uplink Client can retrieve the pieces of the file. The Uplink Client starts attempting to download pieces from the given Storage Nodes, again, stopping once it has retrieved the required pieces needed to reconstitute the file after eliminating latency from the long-tail effect. The pieces are re-encoded and then decrypted by the Uplink client as only it has the encryption key. [Why Developers Love Storj](https://storj.dev/learn#why-developers-love-storj) ------------------------------------------------------------------------------- Even with the sophisticated privacy and security features and the default multi-region availability, developers love Storj because it's extremely easy for them to get started and build more secure and private applications. When uploading and downloading files, a developer or app issues a simple `cp` command - the Uplink Client does the rest, abstracting all of the complexity of encryption, erasure coding, and distributing pieces on storage nodes to the Storj software in the background. What's more, developers can use the Satellite Admin Console web interface or the `share` command with one either our CLI or developer library/SDK to abstract all the complexity of granular access management via client-side delegated authorization. [Features](https://storj.dev/learn#features) --------------------------------------------- Developers have a wide range of choices for S3-compatible object storage, but Storj provides a number of key advantages to help developers build more secure and private applications: **🛡 Security** Confidently store your data with files split, distributed, and stored multi-regionally across the globe providing no single point of failure, resistance to hacking, tampering, and bitrot, and an edge-based security model. 🔓 **Privacy** Own your data with default encryption and user-assigned access grants so no one can view or compromise your data without permission. 🔌 **Plug-in S3 Compatibility** Swap out a few lines of code, and you’ll be up and running in minutes. ☁️ **Availability** Download your data anytime you need it with multi-region architecture, no single point of failure, and satellite-automated data orchestration. No downtime, no bitrot, and no lost files. 🛠 **Durability** Automate file repair and know that Reed-Solomon erasure coding enables the highest levels of durability for all files uploaded to Storj. 💰 **Cost Efficiency** Get high availability multi-region cloud object storage for a fraction of the price of a single availability zone from centralized providers like AWS. 📂 **Open Source Freedom and Flexibility** Take advantage of absolute transparency through our open source code. You are not locked-in to our technology or cost structure - giving you the freedom of choice. 👨🏽‍💻 **Developer Friendly** Take advantage of familiar development tools and robust technical documentation, tutorials, and videos to help get you started and leverage all the benefits of decentralized cloud object storage. [](https://storj.dev/learn#) ----------------------------- 💬 **Community Driven** Share, discuss and collaborate with other open source developers in the Storj community and find answers to questions in our very active forum. Next [Access Management](https://storj.dev/learn/concepts/access) --- # Object Storage Tiered Pricing - Storj Docs [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud#production-cloud-pricing) ==================================================================================================== [Overview](https://storj.dev/dcs/pricing/production-cloud#overview) -------------------------------------------------------------------- Storj’s Production Cloud offerings combine the best of global and regional workflows with the power and convenience of local file system access. Production Cloud pairs **Object Mount** with our **Distributed Cloud Storage** for better performance and added value for every production team. * Access and edit your media in real time, with consistently low latency * Works with all your existing applications * No proprietary formats [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud#production-cloud-pricing-2) ------------------------------------------------------------------------------------------------------ | | **Production Cloud: Global** | **Production Cloud: Regional** | | --- | --- | --- | | **Use Case** | For teams that collaborate and share media globally and need instant access to assets. | For enterprise teams with compliance or regional needs that collaborate and share media in a specific region. | | **Storage Tier** | Global Collaboration | Regional Workflows | | **Price** | $40/TB/mo. | [Contact Sales](https://www.storj.io/landing/get-in-touch) | | **Egress** | Included | Included | | **API Access** | Included | Included | | **Licenses** | 10 licenses | 15 licenses | | **Minimum Footprint** | 20 TB | 300 TB | Previous [Pricing](https://storj.dev/dcs/pricing) Next [Object Mount Pricing](https://storj.dev/dcs/pricing/object-mount) --- # Object Mount Pricing - Storj Docs [Object Mount Pricing](https://storj.dev/dcs/pricing/object-mount#object-mount-pricing) ======================================================================================== [Overview](https://storj.dev/dcs/pricing/object-mount#overview) ---------------------------------------------------------------- Storj’s Object Mount adds the convenience and productivity boost of mounting your cloud storage as a local drive. * Works with any S3 compatible storage * Desktop or server-level access * Reduces download and egress fees Object Mount can be **combined** with Storj’s powerful object storage solutions, creating our **Production Cloud** offerings. Existing Storj customers can upgrade to Production Cloud to obtain Object Mount. Learn more on the [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud) page. Object Mount can also be licensed as a **stand-alone** product. If you have an established S3 storage solution and want to add Object Mount, see below for stand-alone pricing details. [Object Mount: Stand-Alone](https://storj.dev/dcs/pricing/object-mount#object-mount-stand-alone) ------------------------------------------------------------------------------------------------- Object Mount has two stand-alone licensing models available, depending on your size and storage footprint: | **Licensing Model** | **Best For** | **Ideal Use Case** | | --- | --- | --- | | **Named End-user Licensing** | Small, Medium and Large Accounts | Storage footprint less than 300 TB, or when customers prefer named end-user licensing. | | **Footprint-based Licensing** | Very Large and Enterprise Accounts | Enterprise engagements at scale, with storage footprints of 300 TB or greater. | ### [Details: Named End-user Licensing](https://storj.dev/dcs/pricing/object-mount#details-named-end-user-licensing) * Licenses are assigned to individual, named end-users * License pricing per user: $75/mo., billed annually * Licenses are not workflow-dependent * Minimum storage footprint: None * Includes support ### [Details: Footprint-based Licensing](https://storj.dev/dcs/pricing/object-mount#details-footprint-based-licensing) * Pricing is based on total storage footprint. [Contact Sales](https://www.storj.io/landing/get-in-touch) . * Includes 15 licenses * Add-on license pricing: $75/mo., billed annually * Includes support * Minimum storage footprint: 300 TB Previous [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud) Next [Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered) --- # Content response headers - Storj Docs Linksharing will respond with certain headers if they are set on an object's metadata. This metadata can be set when uploading a file using either native Storj upload using Uplink, or using an S3 gateway. A few common examples: * Uplink CLI: `uplink cp /tmp/myfile.txt sj://files/myfile.txt --metadata '{"content-type":"text/html","cache-control":"no-cache"}'` * AWS S3 CLI: `aws s3 cp /tmp/myfile.txt s3://files/myfile.txt --content-type text/html --cache-control no-cache` The following headers can be customized: * `Content-Type` * `Cache-Control` * `Content-Encoding` Linksharing will look for metadata header names in an object by the following order: * `Content-Type` (canonical form) * `content-type` (all lowercase, typically how S3 gateway sets this header metadata on upload) * any other case that is found first in the list Metadata header names set through AWS S3 CLI or SDKs will be lowercase. Uplink currently does not automatically normalize these, so it is recommended to consistently use lowercase header names when setting metadata with Uplink if you're using both Uplink and S3 to interact with your storage. See sections below for further details. [Content-Type](https://storj.dev/dcs/code/static-site-hosting/content-response-headers#content-type) ----------------------------------------------------------------------------------------------------- This header indicates the media type of content. If no type is set in metadata, Linksharing will attempt to detect the type based on the file extension of the object key. It will also detect if a default value of `application/octet-stream` or `binary/octet-stream` is set. S3 clients and SDKs typically set these defaults automatically if a type was not specified on upload. If you wish to avoid this detection on default types, you can set `X-Content-Type-Options: nosniff` in the request headers. If a type is missing from metadata and detection is disabled, then type defaults to `application/octet-stream`. See [Content-Type - HTTP - MDN Web Docs](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Type) for more information. [Cache-Control](https://storj.dev/dcs/code/static-site-hosting/content-response-headers#cache-control) ------------------------------------------------------------------------------------------------------- This header influences caching behavior of browsers and shared caches (e.g. proxies, CDNs). Linksharing does not set a default for this header. See [Cache-Control - HTTP - MDN Web Docs](https://developer.mozilla.org/docs/Web/HTTP/Headers/Cache-Control) for more information. [Content-Encoding](https://storj.dev/dcs/code/static-site-hosting/content-response-headers#content-encoding) ------------------------------------------------------------------------------------------------------------- This header indicates any encoding applied to the content. This is useful for indicating already compressed content that should be decompressed by the client when downloaded from Linksharing. For example, for static web assets. In the case of a CSS file, you would compress the file and upload it with `Content-Type: text/css` and `Content-Encoding: gzip` as the metadata. Linksharing does not set a default for this header unless you are accessing a compressed zip file, in which case it will be set to `gzip`. See [Content-Encoding - HTTP - MDN Web Docs](https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Encoding) for more information. Previous [Static site hosting](https://storj.dev/dcs/code/static-site-hosting) Next [Custom Domains](https://storj.dev/dcs/code/static-site-hosting/custom-domains) --- # Pricing Overview - Storj Docs [Pricing Overview](https://storj.dev/dcs/pricing#pricing-overview) =================================================================== [New Offerings and New Object Storage Tiers](https://storj.dev/dcs/pricing#new-offerings-and-new-object-storage-tiers) ----------------------------------------------------------------------------------------------------------------------- We’ve recently added new products, new capabilities, and have introduced simpler pricing tiers to make the Storj Platform an even easier choice for customers. **Changes include:** * **New Object Storage tiers** that better support customer needs, simplify fees, and eliminate segment fees: * **Object Mount is now available**, allowing you to connect to your object storage as a local file system; optimized for peak performance with Storj’s Object Storage. * **New Production Cloud offerings** that combine the unique benefits of Storj’s distributed cloud storage with local-like file access. * **SOC2 Type 2 certification** has been achieved by Storj on specific storage offerings, reinforcing our commitment to delivering enterprise-grade security and privacy. [Simplified Pricing](https://storj.dev/dcs/pricing#simplified-pricing) ----------------------------------------------------------------------- Storj has consistent and competitive pricing that provides the global scale productions need — without scaling up your monthly bill. **What to know about the new object storage tiered pricing:** * No action is needed at this time. * **Existing Projects** created before November 1, 2025 will continue to use the current pricing model ([Storage: Legacy Pricing](https://storj.dev/dcs/pricing/legacy) ) for a full additional year (through October 31, 2026). * **New Projects** created on or after November 1, 2025 will be charged using the new model ([Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered) ). [Choose a Storj Product Below to Learn More](https://storj.dev/dcs/pricing#choose-a-storj-product-below-to-learn-more) ----------------------------------------------------------------------------------------------------------------------- [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud) --------------------------------------------------------------------------- Details on Storj’s Production Cloud products and pricing. [Object Mount Pricing](https://storj.dev/dcs/pricing/object-mount) ------------------------------------------------------------------- Details on Storj’s Object Mount product and pricing. [Object Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered) ----------------------------------------------------------------------- Details on Storj’s Object Storage product and tiered pricing model. _Looking for Object Storage Legacy pricing? See: [Legacy Pricing](https://storj.dev/dcs/pricing/legacy) _ [Minimum Monthly Billing](https://storj.dev/dcs/pricing#minimum-monthly-billing) --------------------------------------------------------------------------------- There is a **$5 minimum monthly charge** for all object storage accounts. See the “Additional Pricing Notes“ section for your applicable pricing plan for details: * [Object Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered#minimums) * [Object Storage: Legacy Pricing](https://storj.dev/dcs/pricing/legacy#additional-pricing-notes) [Additional Pricing Notes](https://storj.dev/dcs/pricing#additional-pricing-notes) ----------------------------------------------------------------------------------- **US sales tax** will be included on all US invoices in accordance with state and local regulations (effective November 1, 2025). Exemption certificates should be emailed to accounting@storj.io. See our [Pricing Change FAQ](https://www.storj.io/pricing/change-faqs) for additional details. Previous [Custom Domains](https://storj.dev/dcs/code/static-site-hosting/custom-domains) Next [Production Cloud Pricing](https://storj.dev/dcs/pricing/production-cloud) --- # Using the Uplink CLI - Storj Docs [Introduction](https://storj.dev/dcs/api/uplink-cli#introduction) ------------------------------------------------------------------ An application that allows you to access Object Storage from the command line. Use this tool to upload and manage objects and buckets. To setup `uplink` see [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) . The `uplink` command can take the following child commands: | Command | Description | | --- | --- | | [access](https://storj.dev/dcs/api/uplink-cli/access-command) | set of commands to manage access grants | | [import](https://storj.dev/dcs/api/uplink-cli/import-command) | import a serialized access grant into the configuration | | [cp](https://storj.dev/dcs/api/uplink-cli/cp-command) | copy a file from outside of Storj bucket to inside or vice versa | | [ls](https://storj.dev/dcs/api/uplink-cli/ls-command) | list objects and prefixes or all buckets | | [mb](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command) | make a new bucket | | [meta](https://storj.dev/dcs/api/uplink-cli/meta-command) | metadata related commands | | [mv](https://storj.dev/dcs/api/uplink-cli/mv) | moves a Storj object to another location in Storj | | [rb](https://storj.dev/dcs/api/uplink-cli/rb-command) | remove a bucket | | [rm](https://storj.dev/dcs/api/uplink-cli/rm-command) | remove a file from a Storj bucket | | [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) | create an uplink config file | | [share](https://storj.dev/dcs/api/uplink-cli/share-command) | shares restricted access to objects | [Global flags](https://storj.dev/dcs/api/uplink-cli#global-flags) ------------------------------------------------------------------ | Flag | Description | | --- | --- | | `-h, --help` | prints help for the command | | `--summary` | prints a summary of what commands are available | | `--advanced` | if used in with `-h`, print advanced flags help | | `--config-dir string` | main directory for uplink configuration | [Advanced global flags](https://storj.dev/dcs/api/uplink-cli#advanced-global-flags) ------------------------------------------------------------------------------------ You can see them with the `uplink --help --advanced` command. | Global flags | Description | | --- | --- | | `--interactive` | Controls if interactive input is allowed | | `--config-dir string` | Directory that stores the configuration | | `--legacy-config-dir string` | Directory that stores legacy configuration. Only used during migration | | `--trace-id int64` | Specify a trace id manually. This should be globally unique. Usually you | | | don't need to set it, and it will be automatically generated. | | `--trace-sample float64` | The chance (between 0 and 1.0) to report tracing information. Set to 1 to | | | always send it. | | `--trace-verbose bool` | Flag to print out used trace ID | | `--trace-addr string` | Specify where to send traces | | `--trace-tags` | comma separated k=v pairs to be added to distributed traces | | `--events-addr string` | Specify where to send events | | `--debug-pprof string` | File to collect Golang pprof profiling data | | `--debug-monkit-trace string` | File to collect Monkit trace data. Understands file extensions .json and .svg | | `--debug-monkit-stats string` | File to collect Monkit stats | | `--analytics` | Whether to send usage information to Storj | | `--help`, `-h` | prints help for the command | | `--summary` | prints a summary of what commands are available | | `--advanced` | when used with -h, prints advanced flags help | Previous [Storj IPFS Pinning Service (Beta)](https://storj.dev/dcs/api/storj-ipfs-pinning) Next [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) --- # Configuring Storj for Partners - Storj Docs [Introduction](https://storj.dev/dcs/code/partner-program-tools#introduction) ------------------------------------------------------------------------------ How to configure the User agent for partner value attribution from commandline, from setup, in code and from configuration yaml. [Partner Program](https://storj.dev/dcs/code/partner-program-tools#partner-program) ------------------------------------------------------------------------------------ The Storj Partner Ecosystem enables developers to build Storj Connectors, which their customers can use to store data on Storj. The data itself is client-side encrypted, however we are able to measure the aggregate volume of storage and bandwidth usage. When a user of a Storj Connector stores data in a bucket, we are able to give the partner attribution for the stored data and the used bandwidth for the Connector Integration, and provide programmatic revenue share. You can learn more about our partner program [here](https://www.storj.io/partners/) . [Value Attribution](https://storj.dev/dcs/code/partner-program-tools#value-attribution) ---------------------------------------------------------------------------------------- Value attribution is done on a per bucket basis. To recognize which partner the shared revenue should go to, we use a user agent that identifies it. A bucket can only have one user agent value and it can be set only once, and only on an empty bucket. This has the following consequences: * Uploading an object to a bucket can only be done **after setting the user agent.** Otherwise, the bucket won't be empty and you will be unable to set the user agent. * If you upload an object to a bucket with a defined user agent, the shared revenue will go to the corresponding partner. If it is not your user agent, it won't be in your shared revenue. [Setting the User Agent](https://storj.dev/dcs/code/partner-program-tools#setting-the-user-agent) -------------------------------------------------------------------------------------------------- Before continuing, beware that partner value attribution is only possible if you are registered as such by Storj. You can access an up to date list of recognized user agents [here](https://github.com/storj/storj/blob/master/satellite/rewards/partners.go#L28) . ### [Uplink CLI](https://storj.dev/dcs/code/partner-program-tools#uplink-cli) UserAgent can only be configured by adding or updating the following line of the legacy uplink configuration ini file (the default path for the `config.ini` can be checked with `uplink setup --help --advanced` command, see the default value for `--legacy-config-dir` option in the output): client.user-agent = MyCompany client.user-agent = MyCompany CopyCopied! ### [Rclone with S3 Integration](https://storj.dev/dcs/code/partner-program-tools#rclone-with-s3-integration) $rclone mkdir storjs3:my-backup --user-agent "ix-storj-1" --s3-location-constraint "archive-1" $rclone mkdir storjs3:my-backup --user-agent "ix-storj-1" --s3-location-constraint "archive-1" CopyCopied! ### [S3 Gateway](https://storj.dev/dcs/code/partner-program-tools#s3-gateway) UserAgent can only be configured during setup: gateway setup --client.user-agent "MyCompany" gateway setup --client.user-agent "MyCompany" CopyCopied! or by adding or updating the following lines of the gateway configuration yaml (the default path for the `config.yaml` can be checked with `gateway setup --help` command, see default value for `--config-dir` option in the output): # User-Agent used for connecting to the satelliteclient.user-agent: 'MyCompany' # User-Agent used for connecting to the satelliteclient.user-agent: 'MyCompany' CopyCopied! ### [In code](https://storj.dev/dcs/code/partner-program-tools#in-code) UserAgent can be configured from Go code: uplink.Config{UserAgent: "MyCompany"}.OpenProject(...) uplink.Config{UserAgent: "MyCompany"}.OpenProject(...) CopyCopied! Previous [AWS SDK PHP](https://storj.dev/dcs/code/aws/php) Next [Presigned URLs in the serverless cloud](https://storj.dev/dcs/code/presigned-urls-serverless-cloud) --- # Download and install uplink - Storj Docs The native CLI tool for Storj First, [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) . **Install** the binary for your OS: WindowsLinuxmacOS Download the [Windows Uplink Binary](https://github.com/storj/storj/releases/latest/download/uplink_windows_amd64.zip) zip file In the Downloads folder, right-click and select "Extract all" [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3pxVa-qpfcR1iuwSu-osg_win-01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3pxVa-qpfcR1iuwSu-osg_win-01.png) Extract to your user's folder ("**Alexey"** in this example): [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5VOWlcnwm4uurnq7IqooH_win-02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5VOWlcnwm4uurnq7IqooH_win-02.png) Once extracted, do not try to open the file, as it can only be accessed via command line. Open **Windows PowerShell** and continue on to the next step. Then, check [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) Previous [Uplink CLI API](https://storj.dev/dcs/api/uplink-cli) Next [access](https://storj.dev/dcs/api/uplink-cli/access-command) --- # Setting Up AWS CLI Endpoint to Storj - Storj Docs This guide is so you can set Storj as the default endpoint so you can avoid having to repeatedly use the --endpoint option. These features can be achieved by installing the `awscli-plugin-endpoint` plugin. [Install plugin](https://storj.dev/dcs/code/aws/aws-cli-endpoint#install-plugin) --------------------------------------------------------------------------------- aws CLI v2.xaws CLI v1.x 1. [Install the AWS CLI v2.x](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) 2. Install `awscli-plugin-endpoint` plugin: pip3 install --no-deps awscli-plugin-endpoint pip3 install --no-deps awscli-plugin-endpoint CopyCopied! 3. Configure the path in your `~/.aws/config` file (replace the `site-packages-path` to your path from a previous step): aws configure set plugins.cli_legacy_plugin_path site-packages-path aws configure set plugins.cli_legacy_plugin_path site-packages-path CopyCopied! 4. Configure plugin in your `~/.aws/config` file: aws configure set plugins.endpoint awscli_plugin_endpoint aws configure set plugins.endpoint awscli_plugin_endpoint CopyCopied! aws configure set default.s3.endpoint_url https://gateway.storjshare.io aws configure set default.s3.endpoint_url https://gateway.storjshare.io CopyCopied! The resulting file would look like: [default]aws_access_key_id = access_key # replace meaws_secret_access_key = secret_key # replace mes3 = endpoint_url = https://gateway.storjshare.io [default]aws_access_key_id = access_key # replace meaws_secret_access_key = secret_key # replace mes3 = endpoint_url = https://gateway.storjshare.io CopyCopied! You can now use the AWS CLI without specifying an endpoint: aws s3 ls aws s3 ls CopyCopied! [s3api](https://storj.dev/dcs/code/aws/aws-cli-endpoint#s3api) --------------------------------------------------------------- To configure `s3api` endpoint you can use this command: aws configure set default.s3api.endpoint_url https://gateway.storjshare.io aws configure set default.s3api.endpoint_url https://gateway.storjshare.io CopyCopied! [Set a Storj profile](https://storj.dev/dcs/code/aws/aws-cli-endpoint#set-a-storj-profile) ------------------------------------------------------------------------------------------- You can also use a different profile for Storj: aws configure set profile.storj.s3.endpoint_url https://gateway.storjshare.ioaws configure set profile.storj.s3.multipart_threshold 1TB aws configure set profile.storj.s3.endpoint_url https://gateway.storjshare.ioaws configure set profile.storj.s3.multipart_threshold 1TB CopyCopied! To use AWS CLI with a separate profile `storj`: aws s3 --profile storj ls aws s3 --profile storj ls CopyCopied! Previous [Access](https://storj.dev/dcs/access) Next [AWS SDK Nodejs](https://storj.dev/dcs/code/aws/nodejs) --- # Object Storage Legacy Pricing - Storj Docs [Object Storage: Legacy Pricing](https://storj.dev/dcs/pricing/legacy#object-storage-legacy-pricing) ===================================================================================================== Legacy pricing will be retired on **November 1, 2025** and replaced by our new [tiered pricing model](https://storj.dev/dcs/pricing/tiered) . Projects created **before November 1, 2025** will retain legacy pricing for **one calendar year** or until they **upgrade or migrate**, whichever comes first. [Overview](https://storj.dev/dcs/pricing/legacy#overview) ---------------------------------------------------------- Storj’s Object Storage Legacy Pricing Model charges fees based on three types of metered services: * Object Storage * Egress Bandwidth * Segments | **Service Type** | **Metered Units** | **Billed Increment** | **Pricing Unit** | **Pricing** | **Description** | | --- | --- | --- | --- | --- | --- | | **Object Storage** | Bytes | GB Hour | GB Month | $0.004 per GB Month | Storage is calculated based on bytes uploaded, including encryption-based overhead. | | **Egress Bandwidth** | Bytes | GB | Total Volume | $0.007 per GB | Bandwidth is calculated based on bytes downloaded, including long-tail elimination-related bandwidth. | | **Segments** | Segments | Segment Hour | Segment Month | $0.0000088 per Segment Month | Segment usage depends on storage and file sizes. The default minimum size per segment is 64MB. | For object storage, billing is aggregated at the **project** level. Within a project, usage is tracked at the bucket level and aggregated for invoicing to the project. The following sections describe how charges are calculated for each type of service. [Object Storage Fees](https://storj.dev/dcs/pricing/legacy#object-storage-fees) -------------------------------------------------------------------------------- Object storage is priced per GB per month. **Simple example:** A 1 TB file, stored for a full month, would cost approximately $4.00. * **Calculation** = Size x Time Stored x Price * **Price** = 1,000 Mb x 1 Month x $0.004 = $4.00 In actuality, the Storj platform tracks things in much finer detail: calculating size using the actual bytes uploaded and calculating time based on hours stored in the Platform. * **Bytes uploaded** include the bytes associated with actual objects, plus any nominal overhead associated with encryption. For example, a 1 TB file, after encryption, might actually consume 1,001 GB of storage. * **Byte hours** are calculated based on the number of hours bytes are stored on the Platform: from the time when an object is uploaded to when it is deleted. Storj uses a standardized 720-hour month (30 days x 24 hours) and byte hours are measured in 1 hour increments. **Note:** Storj uses simple base 10 conversion to convert between Bytes, GB, TB, etc. Example: 1 TB = 1,000 GB = 1,000,000 Bytes. [Egress Bandwidth Fees](https://storj.dev/dcs/pricing/legacy#egress-bandwidth-fees) ------------------------------------------------------------------------------------ Egress Bandwidth, also referred to as Download Bandwidth, is priced per GB. All data that is transferred is billed as Egress Bandwidth. Egress Bandwidth is measured in increments of bytes. **Note:** When an object is downloaded, there are a number of factors that can impact the actual amount of bandwidth used: * Storj’s file retrieval process includes requests for pieces from _more_ than the minimum number of storage nodes required. While only a subset of pieces are necessary to reconstitute an object, in order to avoid potential long-tail performance lag from a single slow storage node, the Storj Platform will request retrieval from a few additional storage nodes. The Platform will terminate all incomplete downloads once the required quantity of pieces are successfully downloaded and the object can be completely re-encoded. (For more detail, review our [Product Overview](https://storj.dev/learn#what-happens-when-you-upload) .) * In addition, if a user terminates a download before completion, the amount of data transferred might exceed the amount of data that the customer’s application receives. This may create minor discrepancies between the total size of downloaded files vs. the actual bandwidth consumed to retrieve those files. **Example:** A user downloads a single 1 TB file. To improve performance (and eliminate long-tail lag), up to 1.3 TB of download bandwidth may be used. * **Calculation** = Size x Price * **Price** = 1,300 Mb x $0.007 = $9.10. **Note:** If you ever decide the Storj Platform is no longer the best fit for your company and you wish to extract your data and move to another provider, contact us (submit a ticket on our [support portal](https://supportdcs.storj.io/) ). We can assist with the migration and, by following this process, the Egress fees associated with your migration can be waived. [Segment Fees](https://storj.dev/dcs/pricing/legacy#segment-fees) ------------------------------------------------------------------ Storj’s distributed object storage is optimized for large files — those that are many MB or larger. On the other end of the spectrum, very small files can actually generate more storage overhead (to maintain the file’s metadata) than for the file itself. Consequently, Storj charges a small fee “Per Segment“ to better accommodate small-file overhead. If a user is storing mostly large files, the segment fee will be inconsequential. The segment fee is priced per segment per month, in increments of segment hours. The calculation of segment fees is based on a standard 720-hour month (30 days x 24 hours). The default segment size on Storj Satellites is 64MB (but is configurable). Any file smaller than 64MB (by default) is stored as one segment. Files larger than 64MB are stored in multiple 64MB segments. Each segment is stored as pieces on the network. Only a subset of pieces of the total (e.g.: 29 of the 80) are required to reconstitute any given segment. All segments are required to reconstitute a file. ### [File Size and Segment Consumption](https://storj.dev/dcs/pricing/legacy#file-size-and-segment-consumption) Using the default segment size of 64 MB: | **File Qty. & Size** | **Will Consume** | | --- | --- | | A single 1 MB file | One segment | | A single 10 MB file | One segment | | A single 64 MB file | One segment | | A single 256 Mb file | Four segments (four 64 MB segments) | | A single 300 MB file | Five segments (four 64 MB segments plus one more for the remaining 44 MB) | | A single 1 GB file | Sixteen 64 MB segments | **Note:** Every object stored on the Storj network is represented by _at least_ one segment. **Note:** Be aware that sixteen 1 MB files use the same amount of metadata resources as a 1 GB file. ### [Segment Cost Examples](https://storj.dev/dcs/pricing/legacy#segment-cost-examples) **Note:** The examples below assume a Segment Limit increase has been applied to a project. Contact Storj Support for assistance with Segment Limit increases. **Example - Large Files:** A user uploads 100,000 files, each with a size of one GB, for a total of 100 TB. Each 1 GB file consumes sixteen 64MB segments, so the 100,000 files are stored as 1,600,000 segments. Halfway through the month, the user deletes the files. * **Calculation** = Segments x Time Stored x Price * **Price** = 1.6M Segments x 1/2 Month x $0.0000088 = $7.04 **Example - Small Files:** A user uploads 1,600,000 files, each with a size of just one MB, for a total of 1,600 GB (1.6 TB). The 1,600,000 files are stored as 1,600,000 segments. Halfway through the month, the user deletes the files. * **Calculation** = Segments x Time Stored x Price * **Price** = 1.6M Segments x 1/2 Month x $0.0000088 = $7.04 **Take Note:** The Segment Fees for storing just 1.6 TB of small files _is the same_ as for storing 100 TB of large files! ### [Additional Object Details](https://storj.dev/dcs/pricing/legacy#additional-object-details) The Storj Platform distinguishes between two types of objects: **Remote** and **Inline** objects. * **Remote objects** are files _large_ enough to slice, erasure-code, and then store the many pieces of the file across multiple (up to 80) storage nodes. * **Inline objects** are those _small_ files where the file itself is smaller than the metadata associated with it. To improve efficiency, the Storj Platform stores these small objects “inline“ in the satellite metadata database. _**Tip:** If needing to store a large number of small files, a best practice is to employ a packing strategy (e.g.: .zip, .rar, archive, etc.) to combine the many small files into one or more larger files before uploading._ [Project Limits](https://storj.dev/dcs/pricing/legacy#project-limits) ---------------------------------------------------------------------- All Projects have Project Limits on certain important constructs. Increases in Project Limits may impact the price of your use of Storj. To learn more, check out the [Usage Limits](https://storj.dev/learn/concepts/limits) and [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) sections of the documentation. [Additional Pricing Notes](https://storj.dev/dcs/pricing/legacy#additional-pricing-notes) ------------------------------------------------------------------------------------------ Storj has a $5 minimum monthly usage fee for all object storage accounts. This helps cover the cost of payment processing and basic operations so we can continue offering fast, secure, and reliable storage — even for small accounts. **What does this mean for you?** * Any monthly usage that results in an invoice less than $5 will result in the minimum usage fee. * If your usage exceeds $5 per month, you will not be charged a minimum usage fee. * If you bought a starter package via a partner before August 1, 2025, you will not be charged a minimum usage fee until your starter package expires. The starter package expires one year from purchase or when the starter package credits have been fully used. * If you pay with STORJ token, you will not be charged a minimum usage fee. Previous [Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered) Next [Third-Party Tools](https://storj.dev/dcs/third-party-tools) --- # AWS SDK PHP - Storj Docs [1\. Install or include the Amazon S3 SDK](https://storj.dev/dcs/code/aws/php#1-install-or-include-the-amazon-s3-sdk) ---------------------------------------------------------------------------------------------------------------------- e.g. with composer composer require aws/aws-sdk-php composer require aws/aws-sdk-php CopyCopied! ### [2\. Import the S3 Client](https://storj.dev/dcs/code/aws/php#2-import-the-s3-client) use Aws\S3\S3Client; use Aws\S3\S3Client; CopyCopied! ### [3\. Create S3 Client](https://storj.dev/dcs/code/aws/php#3-create-s3-client) $s3 = new S3Client([ 'version' => 'latest', 'endpoint' => 'https://gateway.storjshare.io', 'credentials' => [ 'key' => 'your_key', 'secret' => 'your_secret' ],]); $s3 = new S3Client([ 'version' => 'latest', 'endpoint' => 'https://gateway.storjshare.io', 'credentials' => [ 'key' => 'your_key', 'secret' => 'your_secret' ],]); CopyCopied! ### [4\. List of objects](https://storj.dev/dcs/code/aws/php#4-list-of-objects) $results = $s3->getPaginator('ListObjects', [ 'Bucket' => 'your_bucket' ]); foreach ($results as $result) { foreach ($result['Contents'] as $object) { echo $object['Key'] . PHP_EOL; }} $results = $s3->getPaginator('ListObjects', [ 'Bucket' => 'your_bucket' ]); foreach ($results as $result) { foreach ($result['Contents'] as $object) { echo $object['Key'] . PHP_EOL; }} CopyCopied! ### [5\. Get one object](https://storj.dev/dcs/code/aws/php#5-get-one-object) $result = $s3->getObject([ 'Bucket' => 'your_bucket_name', 'Key' => $id, // Name of object e.g. image.png]);header('Content-Type: ' . $result['ContentType']);echo $result['Body']; $result = $s3->getObject([ 'Bucket' => 'your_bucket_name', 'Key' => $id, // Name of object e.g. image.png]);header('Content-Type: ' . $result['ContentType']);echo $result['Body']; CopyCopied! ### [6\. Upload an object](https://storj.dev/dcs/code/aws/php#6-upload-an-object) $s3->putObject([ 'Bucket' => 'your_bucket', 'Key' => $key, 'Body' => $image_base64, 'ContentType' => $content_type,]); $s3->putObject([ 'Bucket' => 'your_bucket', 'Key' => $key, 'Body' => $image_base64, 'ContentType' => $content_type,]); CopyCopied! Previous [AWS SDK Nodejs](https://storj.dev/dcs/code/aws/nodejs) Next [Partner Program Tools](https://storj.dev/dcs/code/partner-program-tools) --- # AWS SDK Nodejs - Storj Docs [1\. Install or include the Amazon S3 SDK](https://storj.dev/dcs/code/aws/nodejs#1-install-or-include-the-amazon-s3-sdk) ------------------------------------------------------------------------------------------------------------------------- e.g. with npm npm install --save aws-sdk npm install --save aws-sdk CopyCopied! ### [2\. Import the S3 client](https://storj.dev/dcs/code/aws/nodejs#2-import-the-s3-client) import S3 from "aws-sdk/clients/s3"; import S3 from "aws-sdk/clients/s3"; CopyCopied! ### [3\. Create client object with MT credentials](https://storj.dev/dcs/code/aws/nodejs#3-create-client-object-with-mt-credentials) const accessKeyId = "access key here";const secretAccessKey = "secret access key here";const endpoint = "https://gateway.storjshare.io";const s3 = new S3({ accessKeyId, secretAccessKey, endpoint, s3ForcePathStyle: true, signatureVersion: "v4", connectTimeout: 0, httpOptions: { timeout: 0 }}); const accessKeyId = "access key here";const secretAccessKey = "secret access key here";const endpoint = "https://gateway.storjshare.io";const s3 = new S3({ accessKeyId, secretAccessKey, endpoint, s3ForcePathStyle: true, signatureVersion: "v4", connectTimeout: 0, httpOptions: { timeout: 0 }}); CopyCopied! ### [4\. List objects and log to console](https://storj.dev/dcs/code/aws/nodejs#4-list-objects-and-log-to-console) (async () => { const { Buckets } = await s3.listBuckets({}).promise(); console.log(Buckets);})(); (async () => { const { Buckets } = await s3.listBuckets({}).promise(); console.log(Buckets);})(); CopyCopied! ### [5\. Upload an object](https://storj.dev/dcs/code/aws/nodejs#5-upload-an-object) (async () => { // `file` can be a readable stream in node or a `Blob` in the browser const params = { Bucket: "my-bucket", Key: "my-object", Body: file }; await s3.upload(params, { partSize: 64 * 1024 * 1024 }).promise();})(); (async () => { // `file` can be a readable stream in node or a `Blob` in the browser const params = { Bucket: "my-bucket", Key: "my-object", Body: file }; await s3.upload(params, { partSize: 64 * 1024 * 1024 }).promise();})(); CopyCopied! ### [6\. Get URL that points to an object](https://storj.dev/dcs/code/aws/nodejs#6-get-url-that-points-to-an-object) The `getSignedUrl` function creates a cryptographically signed url. No contact with the gateway is needed here; this happens instantaneously. const params = { Bucket: "my-bucket", Key: "my-object"}const url = s3.getSignedUrl("getObject", params);// e.g. create an where src points to url const params = { Bucket: "my-bucket", Key: "my-object"}const url = s3.getSignedUrl("getObject", params);// e.g. create an where src points to url CopyCopied! Previous [AWS CLI Endpoint](https://storj.dev/dcs/code/aws/aws-cli-endpoint) Next [AWS SDK PHP](https://storj.dev/dcs/code/aws/php) --- # Object Storage Pricing - Storj Docs [Object Storage: Tiered Pricing](https://storj.dev/dcs/pricing/tiered#object-storage-tiered-pricing) ===================================================================================================== As of **November 1, 2025**, Storj has transitioned to a new **tiered pricing model** for object storage. Projects created **before November 1, 2025** retain legacy pricing for **one calendar year** or until they **upgrade or migrate**, whichever comes first. See details on our [legacy pricing model](https://storj.dev/dcs/pricing/legacy) . [Overview](https://storj.dev/dcs/pricing/tiered#overview) ---------------------------------------------------------- Storj’s new pricing model introduces **three distinct storage tiers** designed to meet different performance, compliance, and budget requirements: | | **Global Collaboration** | **Regional Workflows** | **Active Archive** | | --- | --- | --- | --- | | **Best for** | Consistent performance for global teams. Powered by a globally distributed edge network and a redundant global region for low-latency anywhere. | Region-specific storage built for compliance and predictable performance. Keeps data local while meeting residency and regulatory requirements. | Cost-effective region for long-term retention. Archive and backup data are instantly accessible without paying for peak performance. | | **Storage cost** | **$15/TB/month** | **$10/TB/month** | **$6/TB/month** | | **Egress cost** | 1X included, $0.02/GB additional | 1X included, $0.01/GB additional | $0.02/GB | | **Minimum storage duration** | None | None | 30 days | | **Minimum object size** | 50 kB | 50 kB | 100 kB | [Billing Units and Rounding Policy](https://storj.dev/dcs/pricing/tiered#billing-units-and-rounding-policy) ------------------------------------------------------------------------------------------------------------ Storj bills based on **GB** and **GB-months** (not MB or MB-months). Usage is rounded up to the nearest whole GB **per tier** (Global Collaboration, Regional Workflows, Active Archive) for each usage type. Within a tier, Storj sums all storage usage across objects and rounds once for storage, and sums all egress usage and rounds once for egress. **Important:** Rounding is applied per tier total, not per object. You can store as many small objects as you want without each one being rounded up individually. For example, if you store 1,000 objects of 1 MB each in a single tier, your total storage is 1,000 MB (~1 GB) and would be billed as 1 GB of storage—not 1,000 GB. **Note:** Small objects below the [minimum object size](https://storj.dev/dcs/pricing/tiered#minimums) threshold (50-100 kB depending on tier) are billed as if they meet that minimum. This is separate from the GB rounding policy described here. **Examples:** * If your storage usage in the **Regional Workflows** tier for the month is **500 MB**, it is billed as **1 GB** of storage for that tier. * If your egress usage in the **Global Collaboration** tier for the month is **1001 MB**, it is billed as **2 GB** of egress for that tier. * If you use **500 MB** of storage and **500 MB** of egress in the **Active Archive** tier in a month, your invoice shows **1 GB** of storage and **1 GB** of egress for that tier (not a combined 1 GB line item). This rounding rule applies separately to **storage and egress bandwidth totals within each tier**. Also, Storj uses simple base 10 conversion to convert between Bytes, KB, GB, TB, etc. **Example:** 1 TB = 1,000 GB = 1,000,000 KBytes. [Storage Fees](https://storj.dev/dcs/pricing/tiered#storage-fees) ------------------------------------------------------------------ Storage costs are calculated per GB per month, rounded up to the nearest GB. **Example:** * Storing **1 TB** in the **Regional Workflows** tier for a full month = **$10**. * **Calculation:** 1 TB × 1 month × $10 / TB = $10. Storage is measured continuously (per hour) throughout the month, based on the actual bytes stored. [Egress Fees](https://storj.dev/dcs/pricing/tiered#egress-fees) ---------------------------------------------------------------- Egress (download) bandwidth is billed per GB and rounded up to the nearest GB. * **Global Collaboration:** 1X included; $0.02/GB additional * **Regional Workflows:** 1X included; $0.01/GB additional * **Active Archive:** $0.02/GB (no free allowance) Bandwidth includes all data transferred out of the Storj network. **Storj Free Egress** (On plans with 1X free egress) Your **free egress** = your **storage used** (measured in GB-months). **Example 1: Full Month** You store **1,000 GB** for the entire month → You get **1,000 GB** of free egress. **Example 2: Partial Month** You upload **2,000 GB** on the 15th of the month (data stored for half the month). → Storage used = **1,000 GB-months** → You get **1,000 GB of free egress** for that month. **Example 3: Mixed Usage** → Days 1–10: 500 GB stored → Days 11–30: 1,500 GB stored Average storage = **1,250 GB-months** → You can **egress 1,250 GB for free** during that month **Rule of thumb:** As long as your total downloads (egress) for the month don’t exceed your GB-months of storage, you pay $0 for bandwidth on plans with 1X free egress. [Minimums](https://storj.dev/dcs/pricing/tiered#minimums) ---------------------------------------------------------- Each tier has a few minimums that affect billing: * **Minimum Object Size:** Objects smaller than the listed minimum (50-100 kB, depending on tier) are billed as if they meet that minimum threshold. * **Minimum Storage Duration (Active Archive tier only):** Data deleted before **30 days** will still be billed for the full 1 month period. * **Minimum Monthly Usage:** A **$5 minimum monthly fee** applies to all active storage accounts. You won’t be charged the minimum if: * Your usage exceeds $5 * You pay with **STORJ token** * You purchased a **starter package** prior to August 1, 2025 (valid until expiration). [Project Limits](https://storj.dev/dcs/pricing/tiered#project-limits) ---------------------------------------------------------------------- All Projects have Project Limits on certain important constructs. Increases in Project Limits may impact the price of your use of Storj services. To learn more, check out the [Usage Limits](https://storj.dev/learn/concepts/limits) and [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) sections of the documentation. * * * **Effective Date:** November 1, 2025 **Last Updated:** December 1, 2025 Previous [Object Mount Pricing](https://storj.dev/dcs/pricing/object-mount) Next [Storage: Legacy Pricing](https://storj.dev/dcs/pricing/legacy) --- # Hosting a Static Website - Storj Docs You can use your own domain name and host your own static website on Storj **Static websites** are files, including HTML, CSS, and Javascript files, presented to the user exactly as they are stored on disk. [Part 1: Uplink CLI](https://storj.dev/dcs/code/static-site-hosting#part-1-uplink-cli) --------------------------------------------------------------------------------------- 1. Download the uplink binary ([Set Up Uplink CLI with Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/set-up-uplink-cli) ) and upload your static site files to Storj. You may also upload your files in any other manner, but you will need the Uplink CLI for the remaining steps. 2. Share the bucket or object prefix (not individual objects) that will be the root of your website/subdomain. At the root, name your home page `index.html`. The website will serve the index.html file automatically e.g. `http://www.example.test` and `http://www.example.test/index.html` will serve the same content. Anything shared with `--dns` will be _readonly_ and available _publicly_ (no secret key needed). 3. Finally, you can optionally add the `--tls` flag in order to return an additional DNS entry used for securing your domain with TLS. WindowsLinuxmacOS ./uplink.exe share --dns sj:/// --tls --not-after=none ./uplink.exe share --dns sj:/// --tls --not-after=none CopyCopied! Notably, this mechanism allows you to host multiple websites from the same bucket by using different prefixes. You may also create multiple subdomains by using different hostnames (however, the Uplink CLI only generates info for one at a time). The command above prints a zone file with the information needed to create 3 DNS records. Your CNAME should match the linkshare service domain (`link.storjshare.io` by default). $ORIGIN example.com.$TTL 3600 IN CNAME link.storjshare.io.txt- IN TXT storj-root:/txt- IN TXT storj-access:txt- IN TXT storj-tls:true $ORIGIN example.com.$TTL 3600 IN CNAME link.storjshare.io.txt- IN TXT storj-root:/txt- IN TXT storj-access:txt- IN TXT storj-tls:true CopyCopied! Remember to update the `$ORIGIN` from `example.com` to your domain name (keep the trailing `.`). You may also change the DNS `$TTL`. For example, running uplink share --dns www.example.com sj://bucket/prefix uplink share --dns www.example.com sj://bucket/prefix CopyCopied! will output a zone file like the following: $ORIGIN example.com.$TTL 3600www.example.com IN CNAME link.storjshare.io.txt-www.example.com IN TXT storj-root:bucket/prefixtxt-www.example.com IN TXT storj-access:abcdefghijklmnopqrstuvwxzytxt-www.example.com IN TXT storj-tls:true $ORIGIN example.com.$TTL 3600www.example.com IN CNAME link.storjshare.io.txt-www.example.com IN TXT storj-root:bucket/prefixtxt-www.example.com IN TXT storj-access:abcdefghijklmnopqrstuvwxzytxt-www.example.com IN TXT storj-tls:true CopyCopied! [Part 2: DNS Provider](https://storj.dev/dcs/code/static-site-hosting#part-2-dns-provider) ------------------------------------------------------------------------------------------- 1\. In your DNS provider, create a CNAME record on your hostname using the CNAME from your generated zone file as the target name. Ensure you include the trailing `.` at the end of your CNAME if your DNS providers allows. 2\. Create 2 TXT records, prepending `txt-` to your hostname. **Root Path:** the bucket or object prefix key that you want your root domain to resolve to (and that contains your index.html file). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6lBTvetkB98edSAjvyB_q_root.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6lBTvetkB98edSAjvyB_q_root.png) **Access Key:** the readonly and public access key to your root path. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jYrqviRrJEWf_dUioa0TE_access.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jYrqviRrJEWf_dUioa0TE_access.png) 3\. You can check to make sure your DNS records are ready with `dig @1.1.1.1 txt-. TXT` 4\. Optionally, if you create a page titled `404.html`in the root of your shared prefix, it will be served in 404 conditions. 5\. That's it! You should be all set to access your website! e.g.`http://www.example.test` **Why is my browser telling me that my connection is not secure?** While Linksharing links are secure, when you use a custom domain the browser is expecting a TLS certificate for your domain to be present on the Storj servers hosting the link. We do not generate this certificate by default, so you will need to upgrade to a Pro Account and follow the relevant steps for enabling TLS (HTTPS) for custom domains here: [Custom Domains](https://storj.dev/dcs/code/static-site-hosting/custom-domains) Previous [Rails Active Storage](https://storj.dev/dcs/code/rails-activestorage) Next [Content response headers](https://storj.dev/dcs/code/static-site-hosting/content-response-headers) --- # Rails 7 ActiveStorage Connected to Storj - Storj Docs This guide will show you how to connect ActiveStorage in Rails 7 to Storj (an AWS S3 compatible object storage). You can also look at the [source code of this example](https://github.com/amozoss/active-storj) . We have a webinar walking you through it, but you can also refer to the steps below: [Prerequisites:](https://storj.dev/dcs/code/rails-activestorage#prerequisites) ------------------------------------------------------------------------------- * Installed ruby 3.1.2 or later * Installed rails 7.0.4.2 or later * Storj S3 compatiable access and secret key (see [Getting started](https://storj.dev/dcs/getting-started) ) * A bucket created on Storj (see [Create buckets](https://storj.dev/dcs/buckets/create-buckets) ) [Configure ActiveStorage to Storj](https://storj.dev/dcs/code/rails-activestorage#configure-active-storage-to-storj) --------------------------------------------------------------------------------------------------------------------- Create a new rails app rails new active-storj rails new active-storj CopyCopied! Install ActiveStorage rails active_storage:install rails active_storage:install CopyCopied! Edit `Gemfile`, add the `aws-sdk-s3` gem and run `bundle install` gem "aws-sdk-s3", require: false gem "aws-sdk-s3", require: false CopyCopied! Edit the rails credentials rails credentials:edit rails credentials:edit CopyCopied! Add to the credentials your access key and secret key (see [Getting started](https://storj.dev/dcs/getting-started) ) under `storj:` storj: access_key_id: secret_access_key: storj: access_key_id: secret_access_key: CopyCopied! Edit `config/storage.yml`, enter the following to configure ActiveStorage to use Storj. Be sure to replace the bucket with the one created earlier (see [Create buckets](https://storj.dev/dcs/buckets/create-buckets) ) storj: service: S3 access_key_id: <%= Rails.application.credentials.dig(:storj, :access_key_id) %> secret_access_key: <%= Rails.application.credentials.dig(:storj, :secret_access_key) %> region: global endpoint: https://gateway.storjshare.io bucket: active-storj storj: service: S3 access_key_id: <%= Rails.application.credentials.dig(:storj, :access_key_id) %> secret_access_key: <%= Rails.application.credentials.dig(:storj, :secret_access_key) %> region: global endpoint: https://gateway.storjshare.io bucket: active-storj CopyCopied! Edit `config/environments/development.rb`, change the ActiveStorage service to `:storj` config.active_storage.service = :storj config.active_storage.service = :storj CopyCopied! [Use active storage images hosted by Storj](https://storj.dev/dcs/code/rails-activestorage#use-active-storage-images-hosted-by-storj) -------------------------------------------------------------------------------------------------------------------------------------- First we'll need a basic app to interact with generated with [Rails scaffolding](https://guides.rubyonrails.org/v3.2/getting_started.html#getting-up-and-running-quickly-with-scaffolding) rails generate scaffold Name name rails generate scaffold Name name CopyCopied! Edit `config/routes.rb` set `root` to `"names#index` root "names#index" root "names#index" CopyCopied! Edit `app/models/name.rb` to have `has_one_attached` class Name < ApplicationRecord has_one_attached :main_imageend class Name < ApplicationRecord has_one_attached :main_imageend CopyCopied! Edit `app/views/names/_form.html.erb` to include a `field_field` to allow the user to choose a file to upload
<%= form.label :main_image %> <%= form.file_field :main_image %>
<%= form.label :main_image %> <%= form.file_field :main_image %>
CopyCopied! Navigate to [http://localhost:3000/names/new](http://localhost:3000/names/new) and you should see the following [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/exMR-EZ3OKl8eokEZk-Ox_screenshot-2023-02-02-at-41007-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/exMR-EZ3OKl8eokEZk-Ox_screenshot-2023-02-02-at-41007-pm.png) Click "Create Name" Edit `app/views/names/show.html.erb` to include `<%= image_tag @name.main_image %>` to display the image

<%= notice %>

<%= render @name %> <%= image_tag @name.main_image %>
<%= link_to "Edit this name", edit_name_path(@name) %> | <%= link_to "Back to names", names_path %> <%= button_to "Destroy this name", @name, method: :delete %>

<%= notice %>

<%= render @name %> <%= image_tag @name.main_image %>
<%= link_to "Edit this name", edit_name_path(@name) %> | <%= link_to "Back to names", names_path %> <%= button_to "Destroy this name", @name, method: :delete %>
CopyCopied! Edit `app/assets/stylesheets/application.css` to style the image to fix the size of the screen img { width: 100vh;} img { width: 100vh;} CopyCopied! Navigate to [http://localhost:3000/names/1](http://localhost:3000/names/1) to see your image [Enable direct to Storj upload](https://storj.dev/dcs/code/rails-activestorage#enable-direct-to-storj-upload) -------------------------------------------------------------------------------------------------------------- Edit `config/importmap.rb` to include the `@rails/activestorage` package pin "@rails/activestorage", to: "https://ga.jspm.io/npm:@rails/activestorage@7.0.4/app/assets/javascripts/activestorage.esm.js" pin "@rails/activestorage", to: "https://ga.jspm.io/npm:@rails/activestorage@7.0.4/app/assets/javascripts/activestorage.esm.js" CopyCopied! Edit `app/javascript/controllers/application.js` to initialize the ActiveStorage import * as ActiveStorage from '@rails/activestorage'const application = Application.start()ActiveStorage.start() import * as ActiveStorage from '@rails/activestorage'const application = Application.start()ActiveStorage.start() CopyCopied! Modify `app/views/names/_form.html.erb` `form.file_field` to include `direct_upload: true`
<%= form.label :main_image %> <%= form.file_field :main_image, direct_upload: true %>
<%= form.label :main_image %> <%= form.file_field :main_image, direct_upload: true %>
CopyCopied! Previous [Presigned URLs in the serverless cloud](https://storj.dev/dcs/code/presigned-urls-serverless-cloud) Next [Static site hosting](https://storj.dev/dcs/code/static-site-hosting) --- # Getting started with Storj Testnet on Linux - Storj Docs See [https://github.com/storj/storj/wiki/Test-network](https://github.com/storj/storj/wiki/Test-network) Previous [Getting started with Storj Testnet on FreeNAS (freeBSD)](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd) Next [Getting started with Storj Testnet on Windows](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows) --- # meta - Storj Docs Metadata related command [Usage](https://storj.dev/dcs/api/uplink-cli/meta-command#usage) ----------------------------------------------------------------- windowslinuxmacos ./uplink.exe meta [command] ./uplink.exe meta [command] CopyCopied! [Child commands](https://storj.dev/dcs/api/uplink-cli/meta-command#child-commands) ----------------------------------------------------------------------------------- | Command | Description | | --- | --- | | [meta get](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command) | Get a Storj object's metadata | [Flags](https://storj.dev/dcs/api/uplink-cli/meta-command#flags) ----------------------------------------------------------------- | Flag | Description | | --- | --- | | `--help`, `-h` | help for meta | Previous [mb](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command) Next [meta get](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command) --- # Storage Node Getting Started - Storj Docs [Introduction](https://storj.dev/node#introduction) ---------------------------------------------------- Storj is an S3-compatible platform and suite of decentralized applications that allows you to store data in a secure and decentralized manner. Storage Node Operators contribute unused hard drive capacity to the network, enabling the storage network to be distributed around the world. [Become a Storage Node Operator](https://storj.dev/node#become-a-storage-node-operator) ---------------------------------------------------------------------------------------- [Host a node](https://storj.dev/node/get-started/setup) -------------------------------------------------------- Learn how to configure and run your Storage Node [Requirements](https://storj.dev/node/get-started/setup) --------------------------------------------------------- Understand what you need to start hosting a node [Payout Information](https://storj.dev/node/payouts) ----------------------------------------------------- Find out what you could earn for being part of the Storj Network [Set up your node](https://storj.dev/node#set-up-your-node) ------------------------------------------------------------ Install the software that works best for you. ### [General Hardware](https://storj.dev/node#general-hardware) [⌨️ CLI Install](https://storj.dev/node/get-started/install-node-software/cli) ------------------------------------------------------------------------------- [🖥 GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) ------------------------------------------------------------------------------------------------- ### [Network Attached Storage (NAS) systems](https://storj.dev/node#network-attached-storage-nas-systems) [💻 TrueNAS Storage Node App](https://cdn.truenas.com/docs/scale/scaletutorials/apps/addstorjnode/) ---------------------------------------------------------------------------------------------------- [💻 QNAP Storage Node App](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app) ----------------------------------------------------------------------------------------------------------- [💻 Want to Contribute?](https://storj.dev/node#want-to-contribute) -------------------------------------------------------------------- All of our code for Storj is completely open source. Have a code change you think would make Storj better? Please send a pull request along! Make sure to sign our [Contributor License Agreement (CLA)](https://docs.google.com/forms/d/e/1FAIpQLSdVzD5W8rx-J_jLaPuG31nbOzS8yhNIIu4yHvzonji6NeZ4ig/viewform) first. See our [license section](https://github.com/storj/storj#license) for more details. Next [Quickstart Node Setup](https://storj.dev/node/get-started/setup) --- # mb - Storj Docs Create a new bucket [Usage](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command#usage) ---------------------------------------------------------------------- windowslinuxmacos ./uplink.exe mb [flags] sj:// ./uplink.exe mb [flags] sj:// CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command#flags) ---------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--help`, `-h` | help for `mb` | [Examples](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command#examples) ---------------------------------------------------------------------------- [Create bucket](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command#create-bucket) -------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe mb sj://cakes ./uplink.exe mb sj://cakes CopyCopied! Nested buckets are not supported. Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tu46BijIJlozZB2Rhhjd5_bucketcakescreated.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tu46BijIJlozZB2Rhhjd5_bucketcakescreated.png) Previous [ls](https://storj.dev/dcs/api/uplink-cli/ls-command) Next [meta](https://storj.dev/dcs/api/uplink-cli/meta-command) --- # import - Storj Docs Imports a serialized access grant into the configuration. [Usage](https://storj.dev/dcs/api/uplink-cli/import-command#usage) ------------------------------------------------------------------- windowslinuxmacos ./uplink.exe import [flags] NAME (ACCESS | FILE) ./uplink.exe import [flags] NAME (ACCESS | FILE) CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/import-command#flags) ------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--help`, `-h` | help for import | | `--force`, `-f` | overwrite the existing access grant | [Examples](https://storj.dev/dcs/api/uplink-cli/import-command#examples) ------------------------------------------------------------------------- [Import access grant from a file](https://storj.dev/dcs/api/uplink-cli/import-command#import-access-grant-from-a-file) ----------------------------------------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe import cheesecake cheesecake.access ./uplink.exe import cheesecake cheesecake.access CopyCopied! ### [Import access grant with a key](https://storj.dev/dcs/api/uplink-cli/import-command#import-access-grant-with-a-key) windowslinuxmacos ./uplink.exe import cheesecake 13df....qa ./uplink.exe import cheesecake 13df....qa CopyCopied! These two commands will have the same output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/QMHA8C75PyqDP6qfMVNfR_access-imported.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/QMHA8C75PyqDP6qfMVNfR_access-imported.png) Previous [cp](https://storj.dev/dcs/api/uplink-cli/cp-command) Next [ls](https://storj.dev/dcs/api/uplink-cli/ls-command) --- # access - Storj Docs Set of commands to manage accesses. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command#usage) ------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access [command] ./uplink.exe access [command] CopyCopied! [Child commands](https://storj.dev/dcs/api/uplink-cli/access-command#child-commands) ------------------------------------------------------------------------------------- | Command | Description | | --- | --- | | [access create](https://storj.dev/dcs/api/uplink-cli/access-command/access-create) | Create an access from a setup token. `uplink setup` is an alias for this. | | [access export](https://storj.dev/dcs/api/uplink-cli/access-command/access-export) | Export an access to a file | | [access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) | Save an existing access. `uplink import` is an alias for this. | | [access inspect](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command) | Inspect allows you to expand a serialized access into its constituent parts | | [access list](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command) | Prints name and associated satellite of all available accesses | | [access register](https://storj.dev/dcs/api/uplink-cli/access-command/access-register) | Register an access grant for use with a hosted S3 compatible gateway and linksharing | | [access remove](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove) | Removes an access from local store | | [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) | Restrict an access | | [access revoke](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke) | Revoke an access | | [access use](https://storj.dev/dcs/api/uplink-cli/access-command/access-use) | Set default access to use | [Flags](https://storj.dev/dcs/api/uplink-cli/access-command#flags) ------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--help`, `-h` | help for access | Previous [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) Next [access create](https://storj.dev/dcs/api/uplink-cli/access-command/access-create) --- # Sign up and host a Node on Storj - Storj Docs [Introduction](https://storj.dev/node/get-started/setup#introduction) ---------------------------------------------------------------------- By becoming a Storage Node Operator you enable your unused hard drive space to be accessible by the Storj storage services. Once your node is up and running you will be compensated in STORJ for any storage and bandwidth usage accessing your node. **Failure to complete these steps will prevent your storage node from working.** [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) ------------------------------------------------------------------------------------- Includes Hardware Requirements (Recommended), System Requirements, Internet Connection, Power Supply. [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) ------------------------------------------------------------------------------------ Most, if not all ISPs give a dynamic IP address, which means your IP can change at any time. As a workaround, you need a dynamic DNS service to ensure your storage node is connected. [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) ------------------------------------------------------------------------------- This is a protocol based on UDP which promises more efficient usage of the internet connection with parallel downloads and uploads. [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) -------------------------------------------------------------------------- This can take several hours or days, depending on your machine's processing power and luck. Plan to run your Node on a NAS, Raspberry Pi, or similar? Create your identity on a more powerful machine and transfer it over. [Step 5. Install Node Software](https://storj.dev/node/get-started/install-node-software) ------------------------------------------------------------------------------------------ Install the software that works best for you. * * * Recommended step: [Payout](https://storj.dev/node/payouts) ----------------------------------------------------------- Understand how Node Operators are compensated for the resources used by Storj Satellites every month. Previous [Overview](https://storj.dev/node) Next [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) --- # access list - Storj Docs Prints name and associated satellite of all available accesses. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command#usage) --------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access list [flags] ./uplink.exe access list [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command#flags) --------------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--help`, `-h` | help for list | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command#examples) --------------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access list ./uplink.exe access list CopyCopied! =========== ACCESSES LIST: name / satellite ================================cheesecake / 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777pumpkin-pie / 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs@eu1.storj.io:7777tarte / 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6@ap1.storj.io:7777 =========== ACCESSES LIST: name / satellite ================================cheesecake / 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777pumpkin-pie / 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs@eu1.storj.io:7777tarte / 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6@ap1.storj.io:7777 CopyCopied! Previous [access inspect](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command) Next [access register](https://storj.dev/dcs/api/uplink-cli/access-command/access-register) --- # access export - Storj Docs This command allows you to export the Access Grant from Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-export#usage) --------------------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access export ./uplink.exe access export CopyCopied! [Example](https://storj.dev/dcs/api/uplink-cli/access-command/access-export#example) ------------------------------------------------------------------------------------- Once you created/imported access to the Uplink, you can export it using its name and specify a filename. windowsmacoslinux ./uplink.exe access export us1 us1.txt ./uplink.exe access export us1 us1.txt CopyCopied! Exported access to: us1.txt Exported access to: us1.txt CopyCopied! Previous [access create](https://storj.dev/dcs/api/uplink-cli/access-command/access-create) Next [access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) --- # Understanding the Commercial Storage Node Operator Program - Storj Docs Welcome to the Commercial Storage Node Operator Program documentation. This program is designed to facilitate the participation of node operators in data centers and enterprise-grade facilities within the Storj network, ensuring that their nodes meet specific certifications and characteristics. This guide will provide information about the program's purpose, eligibility, advantages, and how it differs from the public network. [Why We Started the Program](https://storj.dev/node/commercial-node#why-we-started-the-program) ------------------------------------------------------------------------------------------------ The Commercial Storage Node Operator Program was initiated to address the needs of large enterprise customers who require data storage facilities with specific security and compliance certifications such as SOC2 or ISO 27001. These customers are attracted to the Storj network's price, performance, and security but are constrained by their internal security controls from using the public network. To accommodate these requirements, we developed product capabilities that restrict the distribution of data to subsets of nodes operating in facilities that meet these enterprise demands. [What is the Commercial Storage Node Operator Program?](https://storj.dev/node/commercial-node#what-is-the-commercial-storage-node-operator-program) ----------------------------------------------------------------------------------------------------------------------------------------------------- The Commercial Storage Node Operator Program is a way for node operators in data centers and enterprise-grade facilities to participate in the Storj network and certify that their nodes meet specific requirements. It also offers these operators the opportunity to earn revenue at a scale that is economically viable for them while sharing large volumes of underutilized storage and bandwidth capacity. [Who is Eligible](https://storj.dev/node/commercial-node#who-is-eligible) -------------------------------------------------------------------------- The Commercial Storage Node Operator Program is open to: * Operators in enterprise-grade facilities, typically with one or more compliance-oriented certifications. * Operators with substantial underutilized storage capacity. * Operators with fully depreciated operational hardware that is in storage or offline. * Operators with access to low-cost storage hardware. [Advantages of the Program](https://storj.dev/node/commercial-node#advantages-of-the-program) ---------------------------------------------------------------------------------------------- This program provides several benefits to the Storj network, including: * Attracting enterprise customers that would otherwise be inaccessible due to the limitations of the public network. * Enabling data center and commercial facility operators to participate economically, increasing the network's storage capacity without introducing concentration risk. * Facilitating smaller operators in winning more data storage opportunities when large professional operators are not competing directly on the same network. * Supporting the growth of Storj use cases by serving the needs of enterprise customers with diverse storage requirements. [How Does it Compare to the Public Network](https://storj.dev/node/commercial-node#how-does-it-compare-to-the-public-network) ------------------------------------------------------------------------------------------------------------------------------ The Commercial Storage Node Operator Program differs from the public network in several ways: * Commercial node operators face different terms of service and node selection criteria, especially regarding the /24 IP address block restriction. * Data sets with specific requirements stored on nodes in this program are not subject to the /24 restriction, allowing them to fill their nodes more rapidly. * Commercial node operators have a distinct cost structure, often accepting lower payout rates due to their operational efficiency. Still, they can earn meaningful revenue thanks to the removal of the /24 restriction on these data sets. * Both types of nodes (public and commercial) operate on the Storj network but function effectively as separate tiers, providing a choice for customers to store data on one tier or the other. * Performance, durability, and reliability remain comparable between the two tiers. * Storj offers premium enterprise pricing for customers storing data on nodes meeting special criteria. The end result is a fair opportunity for all participants to achieve an economically rewarding outcome without direct competition between individual and commercial operators for the same workloads. [Current State](https://storj.dev/node/commercial-node#current-state) ---------------------------------------------------------------------- We have already recruited an initial set of node operators with SOC2-certified facilities. The program has undergone market testing with this tier of service, and we are now onboarding the first set of enterprise customers. We are also extending invitations to our existing node operators to join the program. [How to Participate](https://storj.dev/node/commercial-node#how-to-participate) -------------------------------------------------------------------------------- If your facility is suitable for the Commercial Storage Node Operator Program, please [request to join the program](https://www.storj.io/partners/commercial-nodes) , and someone from our partnership team will contact you shortly. For further assistance or inquiries, please contact our support team. Previous [QNAP Storage Node App](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app) Next [Setup](https://storj.dev/node/commercial-node/setup) --- # Concepts - Storj Docs [Storage Node Concepts](https://storj.dev/node/concepts#storage-node-concepts) ------------------------------------------------------------------------------- Before running your Storage Node for the first time, please note the Storage Node concepts to be used. | **Concepts** | **Description** | | --- | --- | | `-p` | How to specify ports - which are points through which information flows between your Node and the Storj network. | | | \-p :/tcp | | | \-p :/udp | | | /tcp and /udp will allow your node to connect with the network via both TCP and UDP ports. | | | \-p 28967:28967 is the core port used to connect with the network. | | | \-p 14002:14002 is the port used for the storage node GUI dashboard. | | `WALLET` | A wallet address to receive STORJ token payouts for running the node. | | `EMAIL` | Email address so we can notify you when a new version has been released. **(recommended)** | | `ADDRESS` | External IP address or the DDNS you configured and the port you opened on your router : If you are using a custom port other than 28967, you have to change the -p 28967:28967 to -p :28967 | | `STORAGE` | How much disk space do you want to allocate to the Storj network? Be sure not to over-allocate space! Allow at least 10% extra for the overhead. If you over-allocate space, you may corrupt your database when the system attempts to store pieces when no more physical space is actually available on your drive. The minimum storage shared requirement is 500 GB, meaning you need a disk of at least 550 GB to allow for the 10% overhead. If you set up a new node, ensure the storage destination folder doesn't already have a config.yaml and/or storage folder inside, otherwise the storage node container could fail to start. | | `` | Replace it with the location of your identity files. You can copy the absolute path from the output of the identity commands you ran earlier. | | `` | Replace it with the local directory where you want the files to be stored. Please consider using a subfolder instead of the root of the disk; this could prevent starting from scratch if the disk were to disappear/accidentally disconnect. The network-attached location could work, but it is neither supported nor recommended! Note: the current database backend is BoltDB which requires mmap, hence you have to use a file system that supports mmap. | [Storage Node Dashboard Concepts](https://storj.dev/node/concepts#storage-node-dashboard-concepts) --------------------------------------------------------------------------------------------------- | Concept | Description | | --- | --- | | **Satellite** | Satellites act as the mediator between clients (people uploading and downloading data) and Storage Node Operators (people storing data). Satellites facilitate the storage interaction and decide which storage nodes will store which pieces. | | **Bandwidth Used This Month** | The amount of total bandwidth you've provided to the network since the beginning of the current period. | | **Usage / Repair / Audit** | Usage bandwidth is the bandwidth a Storage Node uses so customers can download their data, for which a Storage Node Operator is paid. Repair bandwidth is the bandwidth usage resulting from regenerating a bad Storage Node's deleted data that is part of the repair process, for which a Storage Node Operator sending the data to new nodes is paid. Audit bandwidth is the data downloaded from the Storage Node, which the Satellite uses to measure file durability and Node reputation. | | **Egress / Ingress** | Egress is the data the customer downloads from the network. Ingress is the data the network uploads to a Storage Node. | | **Disk Space Used This Month** | The amount of total disk space used on a storage node in the current monthly period, for which a storage node is paid $1.50/TB. | | **Disk Space Remaining** | The amount of disk space available to use by the network for the remaining month. | | **Uptime Checks** | Uptime checks occur to make sure a Storage Node is still online. This is the percentage of uptime checks a Storage Node has passed. | | **Audit Checks** | Audit checks occur to ensure the data sent to a Storage Node is still held on the node and intact. This is the audit score, represented as a percentage. With a score less than 60% node will be disqualified. | Previous [Node Dashboard](https://storj.dev/node/commercial-node/dashboard) Next [Payout](https://storj.dev/node/payouts) --- # ls - Storj Docs List objects and prefixes or all buckets [Usage](https://storj.dev/dcs/api/uplink-cli/ls-command#usage) --------------------------------------------------------------- windowslinuxmacos ./uplink.exe ls [sj://BUCKET[/PREFIX]] [flags] ./uplink.exe ls [sj://BUCKET[/PREFIX]] [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/ls-command#flags) --------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--encrypted` | if true, show paths as base64-encoded encrypted paths | | `--expanded`, `-x` | Use expanded output, showing object expiration times and whether there is custom metadata attached | | `--help`, `-h` | help for ls | | `--pending` | if true, list incomplete objects instead | | `--recursive`, `-r` | if true, list recursively | [Examples](https://storj.dev/dcs/api/uplink-cli/ls-command#examples) --------------------------------------------------------------------- _We consider the following object hierarchy throughout these examples:_ [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cvEUiGkZBSQPWr_GwlRLL_ls-example-hierarchy2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cvEUiGkZBSQPWr_GwlRLL_ls-example-hierarchy2.png) _We assume the object has been uploaded using a different encryption key than the other objects in the project._ [List buckets](https://storj.dev/dcs/api/uplink-cli/ls-command#list-buckets) ----------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe ls ./uplink.exe ls CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/37CrYbSUci3Pdlh1QcuwW_ls-project.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/37CrYbSUci3Pdlh1QcuwW_ls-project.png) ### [List objects in a bucket](https://storj.dev/dcs/api/uplink-cli/ls-command#list-objects-in-a-bucket) windowslinuxmacos ./uplink.exe ls sj://images ./uplink.exe ls sj://images CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yqXPSB-VzWVfHnSdD0i3A_ls-bucket.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yqXPSB-VzWVfHnSdD0i3A_ls-bucket.png) ### [List by prefix](https://storj.dev/dcs/api/uplink-cli/ls-command#list-by-prefix) windowslinuxmacos ./uplink.exe ls sj://images/cakes ./uplink.exe ls sj://images/cakes CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jC9kW-YXQ7fi3xje1o5Vs_ls-prefix.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jC9kW-YXQ7fi3xje1o5Vs_ls-prefix.png) ### [List recursively](https://storj.dev/dcs/api/uplink-cli/ls-command#list-recursively) windowslinuxmacos ./uplink.exe ls --recursive ./uplink.exe ls --recursive CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EbQXgIH4f3qxT1oP7K9kk_ls-example-hierarchy3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EbQXgIH4f3qxT1oP7K9kk_ls-example-hierarchy3.png) ### [List encrypted paths of all objects in a bucket](https://storj.dev/dcs/api/uplink-cli/ls-command#list-encrypted-paths-of-all-objects-in-a-bucket) windowslinuxmacos ./uplink.exe ls sj://recipes --encrypted --recursive ./uplink.exe ls sj://recipes --encrypted --recursive CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CBy2GPMCGBtZtHw7V7PVm_ls-encrypted.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CBy2GPMCGBtZtHw7V7PVm_ls-encrypted.png) Notice that since `sj://recipes/cakes/very-secret-recipe.txt` was encrypted with a different key, we cannot view it using regular ls and the default access, but with `--encrypted` we can see that it is indeed stored in sj://recipes Previous [import](https://storj.dev/dcs/api/uplink-cli/import-command) Next [mb](https://storj.dev/dcs/api/uplink-cli/uplink-mb-command) --- # Generating and Managing Access Grants - Storj Docs An Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a restricted path-based encryption key - everything an application needs to locate an object on the network, access that object, and decrypt it. Learn more about [Access Management](https://storj.dev/learn/concepts/access) and [Access Grants](https://storj.dev/learn/concepts/access/access-grants) or check out the [FAQ](https://storj.dev/support/faqs) and [When to use different encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/when-to-use-different-encryption-keys) . The Access Grant screen allows you to create or delete Access Grants, generate credentials for the Storj S3-compatible Gateway from an Access Grant, create an API key to generate an access grant in the CLI. * * * [Create S3 Credentials](https://storj.dev/dcs/access#create-s3-credentials) ---------------------------------------------------------------------------- Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/access#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | [Create Access Grant](https://storj.dev/dcs/access#create-access-grant) ------------------------------------------------------------------------ A Storj access grant is a serialized, self-contained credential that allows users to access a specific bucket, or object, within a Storj project. It encapsulates everything needed for authentication and authorization on the Storj network. Create Access Grant in the Storj Console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access-grant) * **Type:** Access Grant 4. Click **Next** to provide permissions, either Full Access or Advanced: * **Permissions:** All * **Buckets:** Feel free to specify the bucket (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) 5. Click **Next** to provide Access encryption Information (Skip this section if you have opted into [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase **This passphrase is important!** Encryption keys derived from it are used to encrypt your data at rest, and your data will have to be re-uploaded if you want it to change! Importantly, if you want two access grants to have access to the same data, **they must use the same passphrase**. You won't be able to access your data if the passphrase in your access grant is different than the passphrase you uploaded the data with. Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6. Click **Create Access** to finish creation of your Access key. 7. Click **Confirm** the Confirm details pop-up message 8. Your Access Grant is created. Write it down and store it, or click the **Download** button. You will need the Access Grant for the following steps. [Create Keys for CLI](https://storj.dev/dcs/access#create-keys-for-cli) ------------------------------------------------------------------------ 1. You need to have a Storj account and Uplink CLI installed. See [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) 2. The project should be configured to use a manual managed encryption (see [Storj Managed vs. Self-Managed Encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) ) 3. To start, proceed through the initial steps of creating a new Access Grant. 4. Navigate to "Access Keys" page and click the **New Access Key** button, then type an access name and choose **API Key** as an Access type. 5. On the next step, select either **Full Access** or **Advanced** if you want to choose the permissions, buckets, and set an expiry date for this access key. 6. Once you create the access key, copy and save the **Satellite Address** and **API Key** in a safe place, or download them as they will only appear once. 7. Make sure you've already [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) and run `uplink setup`. windowslinuxmacos ./uplink.exe setup ./uplink.exe setup CopyCopied! For anyone who has previously configured an Uplink, please use a named access. If you want to replace the default access, you need to either [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) and use the [access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) command with`--force` flag to import it, or use the[access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) command with `--force` flag to create an Access Grant in CLI and import it to the specified access in the local store of Uplink. 8. Follow the prompts. When asked for your API Key, enter it (you should have saved it in step 5 above). 9. Generate the Access Grant by running `uplink share` with no restrictions. If you chose an access name, you'll need to specify it in the following command as `--access=name` windowslinuxmacos ./uplink.exe access restrict --readonly=false ./uplink.exe access restrict --readonly=false CopyCopied! Keep your full-rights Access Grant secret, it contains the encryption key and will enable uploading, downloading or deleting your data from the entire project! 10. Your Access Grant should have been output. The alternative for using the `uplink setup` command and then `uplink access restrict` is to use the `uplink access create` command instead, it will print the Access Grant right away. * * * [Delete Access Grant](https://storj.dev/dcs/access#delete-access-grant) ======================================================================== To Delete an Access Grant, select three dots on the right side of the Access Grant and choose **Delete Access**: **Important:** If you delete an Access Grant from the Satellite user interface, that Access Grant will immediately cease to function, and all hierarchically derived child Access Grants and Storj gateway access credentials based on that Access Grant will also cease to function. Any data uploaded with that Access Grant will persist on Storj. If you didn't back up the Encryption Passphrase used with the Access Grant you are deleting, you will not be able to decrypt that data without that Encryption Passphrase, and it will be effectively unrecoverable. You don't need to know everything in the whitepaper about our Access Grants, macaroon-based API Keys or our encryption implementation, but if you understand the general principles, you'll find these are some very sophisticated (but easy to use) tools for creating more secure and private applications. Previous [share](https://storj.dev/dcs/api/uplink-cli/share-command) Next [AWS CLI Endpoint](https://storj.dev/dcs/code/aws/aws-cli-endpoint) --- # Advanced Usage - Storj Docs [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) Previous [Revoke an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/revoke-an-access-to-an-object) Next [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) --- # access remove - Storj Docs This command allows you to remove the access from local store of Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove#usage) --------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access remove ./uplink.exe access remove CopyCopied! [Arguments](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove#arguments) ----------------------------------------------------------------------------------------- | Argument | Description | | --- | --- | | `` | Access name to delete | [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove#global-flags) ----------------------------------------------------------------------------------------------- | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--advanced` | when used with -h, prints advanced flags help | [Example](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove#example) ------------------------------------------------------------------------------------- You need to have an access in the local store of Uplink before proceeding. See [access create](https://storj.dev/dcs/api/uplink-cli/access-command/access-create) ,[access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) , and [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) commands for information how to create/import/setup an access. If you want to remove the current access, you need to switch to another before proceeding, using the [access use](https://storj.dev/dcs/api/uplink-cli/access-command/access-use) command. windowslinuxmacos ./uplink.exe access remove us2 ./uplink.exe access remove us2 CopyCopied! Removed access "us2" from "/home/user/.config/storj/uplink/access.json" Removed access "us2" from "/home/user/.config/storj/uplink/access.json" CopyCopied! Previous [access register](https://storj.dev/dcs/api/uplink-cli/access-command/access-register) Next [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) --- # An Overview of Building Storj Connectors - Storj Docs An overview of Storj Connectors [Building Storj Connectors](https://storj.dev/learn/concepts/connectors#building-storj-connectors) --------------------------------------------------------------------------------------------------- Connectors bridge the gap between the applications we use every day and the underlying storage infrastructure on which application data is stored. Our team has worked with our partners to build a series of connectors between Storj, our decentralized cloud storage service, and our partners’ applications. [What is a Storj Connector](https://storj.dev/learn/concepts/connectors#what-is-a-storj-connector) --------------------------------------------------------------------------------------------------- A Storj connector is an application-level integration that enables the use of decentralized cloud storage in consumer software. Storj connectors enable Satellites to measure the volume of data associated with a bucket and give attribution to them. Put simply, a Connector enables application developers to store, retrieve, and manage data on the decentralized cloud on behalf of the app users. Storj connectors are different from standard libuplink integrations, as they provide application developers and open source projects a means to monetize their cloud usage programmatically on the Storj network. So, using Storj with your favorite open source project can help you lower your cloud storage costs, while also financially supporting the project itself. ### [How to build Connectors](https://storj.dev/learn/concepts/connectors#how-to-build-connectors) The Storj Connector Framework is a basic set of utility methods and operations to provide a consistent approach to integrating and orchestrating among data sources, endpoints, and the Storj network. Some of the aspects addressed in the framework are: * Buffering/resource management * Abstraction * Data transformation * Configuration * Authentication * Logging Generally, a Storj connector will interface directly with [libuplink](https://pkg.go.dev/storj.io/uplink) , our native Go library, which enables you to programmatically interface with Storj. A basic architectural diagram of how a Storj Connector fits into the stack is located below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fQgO9I6_fVG25opF3vI1r_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fQgO9I6_fVG25opF3vI1r_image.png) ### [Get Started - and Monetize OSS!](https://storj.dev/learn/concepts/connectors#get-started-and-monetize-oss) We hope that the Storj Connector Partner Program will empower a new class of entrepreneurs to ‘be the cloud’, and create more sustainable business models built on top of open-source software.\\ Previous [When to use different encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/when-to-use-different-encryption-keys) Next [Data Model Consistency](https://storj.dev/learn/concepts/consistency) --- # Understanding Hierarchical Data Structure and Advanced Terminology - Storj Docs How data is logically segmented on the network [Hierarchy of Data Storage](https://storj.dev/learn/concepts/data-structure#hierarchy-of-data-storage) ------------------------------------------------------------------------------------------------------- **Projects** Projects allow you to invite team members, manage billing, and manage access for various apps or users. **Buckets** Buckets represent a collection of objects. You can upload, download, list, and delete objects of any size or shape. **Objects** Each object typically includes the data itself, a variable amount of [metadata](https://en.wikipedia.org/wiki/Metadata) , and a [globally unique identifier](https://en.wikipedia.org/wiki/Globally_unique_identifier) (Object key) which uniquely identifies the object in a bucket. Objects within buckets are represented by keys, where keys can optionally be listed using the "/" delimiter. Objects are always end-to-end encrypted. ### [Advanced Concepts](https://storj.dev/learn/concepts/data-structure#advanced-concepts) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/F1tpWMp1WeBWlJyUfdem3_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/F1tpWMp1WeBWlJyUfdem3_image.png) **Bucket:** represent a collection of objects. You can upload, download, list, and delete objects of any size or shape. A bucket is an unbounded but named collection of files identified by object keys. Every object has a unique key within a bucket. **Object:** Each object typically includes the data itself, a variable amount of [metadata](https://en.wikipedia.org/wiki/Metadata) , and a [globally unique identifier](https://en.wikipedia.org/wiki/Globally_unique_identifier) (Object key) which uniquely identifies the object in a bucket. Objects within buckets are represented by keys, where keys can optionally be listed using the "/" delimiter. Objects are always end-to-end encrypted. **Object Key:** An object key is a unique identifier for a file within a bucket. An object key is an arbitrary string of bytes. Object keys contain forward slashes at access control boundaries. Unless otherwise requested, we encrypt the object key before they ever leave the customer’s application’s computer. **Segment:** represents a single array of bytes up to 64 MB. **Inline Segment:** A inline segment is a file smaller than the meta data required to keep track of all of the pieces on the network for it. Since inline segments are smaller than the metadata for remote segments these inline segments are stored directly on the satellite. this means inline segments are **NOT** stored on the decentralized network. **Remote Segment:** A remote segment is a segment that will be erasure encoded and distributed across the network. A remote segment is larger than the metadata required to keep track of it on the network. **Stripe:** a further subdivision of a segment. A stripe is a fixed amount of bytes that is used as an encryption and erasure encoding boundary size. Erasure encoding happens on stripes individually, whereas encryption may happen on a small multiple of stripes at a time. All segments are encrypted, but only remote segments erasure encode stripes. A stripe is the unit on which audits are performed. [See section 4.8.3 in whitepaper for more details.](https://storj.io/storjv3.pdf) **Erasure Share:** When a stripe is erasure encoded, it generates multiple pieces called erasure shares. Only a subset of the erasure shares are needed to recover the original stripe. Each erasure share has an index identifying which erasure share it is (e.g., the first, the second, etc.). **Piece:** When a remote segment’s stripes are erasure encoded into erasure shares, the erasure shares for that remote segment with the same index are concatenated together, and that concatenated group of erasure shares is called a piece. If there are n erasure shares after erasure encoding a stripe, then there are n pieces after processing a remote segment. The nth piece is the concatenation of all of the with erasure shares from that segment’s stripes. Previous [Data Model Consistency](https://storj.dev/learn/concepts/consistency) Next [Decentralization](https://storj.dev/learn/concepts/decentralization) --- # Understanding Data Model Consistency - Storj Docs Storj cloud storage provides strong read after write consistency Previous [Connectors](https://storj.dev/learn/concepts/connectors) Next [Data Structure](https://storj.dev/learn/concepts/data-structure) --- # Sharing Your First Object - Storj Docs [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) [Import an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access) [Revoke an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/revoke-an-access-to-an-object) Previous [Delete an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/delete-an-object) Next [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) --- # Linux Configuration for UDP - Storj Docs If you are running your node on Linux, you might see warnings about the receive buffer size. UDP transfers on high-bandwidth connections can be limited by the size of the UDP receive buffer. This buffer holds packets that have been received by the kernel, but not yet read by the application. Once this buffer fills up, the kernel will drop any new incoming packet. Our software attempts to increase the UDP receive buffer size. However, on Linux, an application is only allowed to increase the buffer size up to a maximum value set in the kernel, and the default maximum value is too small for high-bandwidth UDP transfers. We recommend increasing the maximum buffer size by running the following to increase it to ~2.5MB. sysctl -w net.core.rmem_max=7500000 sysctl -w net.core.rmem_max=7500000 CopyCopied! To make this value persistent across reboots, run the following instead (as root): echo "net.core.rmem_max=7500000" >> /etc/sysctl.d/udp_buffer.confsysctl -w net.core.rmem_max=7500000 echo "net.core.rmem_max=7500000" >> /etc/sysctl.d/udp_buffer.confsysctl -w net.core.rmem_max=7500000 CopyCopied! Reference: [udp receive buffer size in quic-go](https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size) Previous [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) Next [macOS/FreeBSD Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/macosfreebsd-configuration-for-udp) --- # Step 1. Understand Prerequisites - Storj Docs Proceeding constitutes acceptance of our [Terms and conditions](https://www.storj.io/legal/supplier-terms-conditions) . Please read carefully before continuing. [Hardware and Network Requirements](https://storj.dev/node/get-started/prerequisites#hardware-and-network-requirements) ------------------------------------------------------------------------------------------------------------------------ ### [Recommended](https://storj.dev/node/get-started/prerequisites#recommended) * One processor core for each storage node process * One hard drive per storage node process. NO SMR. Connect drives without RAID controllers OR configure the RAID controller to passthrough/IT mode. * 2 TB of available space per storage node process * 1.5 TB per month of transit per TB of storage node capacity; unlimited preferred * 3 Mbps upload bandwidth per TB of capacity * 5 Mbps download bandwidth per TB of capacity * Uptime (online and operational) of 99.5% per month ### [Minimum](https://storj.dev/node/get-started/prerequisites#minimum) * One processor core for each storage node process * One hard drive per storage node process. NO SMR. Connect drives without RAID controllers OR configure the RAID controller to passthrough/IT mode. * 500 GB of available space per storage node process * 1.5 TB per month of transit per TB of storage node capacity * 1 Mbps upload bandwidth per TB of capacity * 3 Mbps download bandwidth per TB of capacity * Uptime (online and operational) of 99.3% per month, max total downtime of 5 hours monthly [System Requirements](https://storj.dev/node/get-started/prerequisites#system-requirements) -------------------------------------------------------------------------------------------- Linux (Preferred)MacOsWindows CentOS - A maintained version of CentOS Debian - 64-bit version of one of these Debian or Raspbian versions: * Stretch 9 (stable) / Raspbian Stretch or later Fedora - 64-bit version of one of these Fedora versions: * 28 or later Ubuntu - 64-bit version of one of these Ubuntu versions: * Bionic 18.04 (LTS) or later > **Make sure you use static mount for your hard drive via** **/etc/fstab**: See [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) > . [Internet Connection](https://storj.dev/node/get-started/prerequisites#internet-connection) -------------------------------------------------------------------------------------------- **Do not connect your computer directly to the internet without the assistance of a firewall.**  ------------------------------------------------------------------------------------------------ **Make sure you’re connected to the Internet through a router and not through a modem without a firewall.** Our software serves requests from the Internet, but not all software you may have installed is designed to be exposed to the Internet directly. This is especially true for users on Windows with applications responding to requests on all IPs. It is highly recommended to have your Storage Node connected via LAN instead of WiFi to ensure a consistent and stable connection. [Power Supply](https://storj.dev/node/get-started/prerequisites#power-supply) ------------------------------------------------------------------------------ If you live in a location where power outages or brownouts are a frequent occurrence, please consider protecting your hardware with an Uninterrupted Power Supply (UPS). This will help protect against damage to your hardware and against the corruption of databases resulting from abrupt shutdowns, which could lead to the unrecoverable loss of your node. [Information for consideration](https://storj.dev/node/get-started/prerequisites#information-for-consideration) ---------------------------------------------------------------------------------------------------------------- We do not recommend purchasing anything specifically for use with Storj alone. It's better to use what you already own and have online. Node usage depends on customer activity, and not on the hardware or configuration options. Node usage is not predictable. Please try to avoid using [SMR drives](https://forum.storj.io/t/psa-beware-of-hdd-manufacturers-submarining-smr-technology-in-hdds-without-any-public-mention/6003) , they can work but may require additional tuning and additional hardware resources. If it's not avoidable, please use the [search function on our forum](https://forum.storj.io/search?q=smr) to find an appropriate solution. A network-attached storage location may work, but this is neither supported nor recommended! Please consider running the node locally on your file server/NAS instead. If that is not possible, then the only working network protocol for network storage is iSCSI. exFAT file system should be avoided. It has a big cluster size, so the actual used space will differ from the accounted used space. Each file will consume at least 128kiB of disk space. You may end up only storing half as much data as you could with an alternative file system. Please consider backing up your data and reformat the disk to a native filesystem for your OS (NTFS for Windows or ext4 for Linux) and then perform a restore to place your data back on the drive. A single BTRFS/zfs pool may work poorly without proper tuning and caching (RAM or adding an SSD cache). You may also have issues with a [discrepancy between used and reported space](https://forum.storj.io/t/disk-usage-discrepancy/24715?u=alexey) . This is only information for your consideration, it is not a requirement. If you use RAID for the storage node data, please consider using it with redundancy. Avoid RAID0, striped volume, concatenated volume, merged JBOD, MergeFS, simple LVM volume, simple MDRAID, simple MDRAID + BTRFS, simple ZFS pool, simple Storage Space in Windows Storage Spaces, etc. With one disk failure, the node will be unrecoverable. Please note, RAID with parity usually works as slow as the slowest disk in the pool, so it's not advisable to run more than one node on such a pool. They will affect each other, making them all perform slowly. RAID with parity may be tuned and improved with RAM/SSD. You may also have a [usage discrepancy issue](https://forum.storj.io/t/disk-usage-discrepancy/24715?u=alexey) as well. See also [**RAID vs No RAID choice** thread on the forum](https://forum.storj.io/t/raid-vs-no-raid-choice/6776) . Using NTFS under Linux is not recommended. It works slower (2-3 times) than ext4 and may cause corruption due to not being a fully compatible implementation of NTFS under Linux. You will likely need to re-attach it from time to time to a Windows PC to check and fix a corrupted file system. This check under Linux rarely fixes all issues. It may also have a [usage discrepancy issue](https://forum.storj.io/t/disk-usage-discrepancy/24715?u=alexey) . It's better to use a native filesystem for your OS: NTFS for Windows, ext4 for Linux. In almost all cases you will need to backup all of the data, reformat the partition to the native filesystem, and then restore the data back. However, this is not a requirement. Previous [Quickstart Node Setup](https://storj.dev/node/get-started/setup) Next [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) --- # Quickstart Uplink CLI - Storj Docs [Introduction](https://storj.dev/learn/tutorials/quickstart-uplink-cli#introduction) ------------------------------------------------------------------------------------- Set up your Uplink CLI in a 2-step process. [Step 1. Create an Account](https://storj.dev/learn/tutorials/quickstart-uplink-cli#step-1-create-an-account) -------------------------------------------------------------------------------------------------------------- Go to storj.io, and [start for free](https://storj.io/signup) . [Step 2. Download and Install the binary for your OS](https://storj.dev/learn/tutorials/quickstart-uplink-cli#step-2-download-and-install-the-binary-for-your-os) ------------------------------------------------------------------------------------------------------------------------------------------------------------------ WindowsLinuxmacOS Download the [Windows Uplink Binary](https://github.com/storj/storj/releases/latest/download/uplink_windows_amd64.zip) zip file In the Downloads folder, right-click and select "Extract all" [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/oKwJdejxfzapgH0sJBSaO_qsuplinkwindows01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/oKwJdejxfzapgH0sJBSaO_qsuplinkwindows01.png) Extract to your user's folder ("**Alexey"** in this example): [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/okywjcPwdjfWjcUMWGKla_qsuplinkwindows02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/okywjcPwdjfWjcUMWGKla_qsuplinkwindows02.png) Once extracted, do not try to open the file, as it can only be accessed via the command line. Open **Windows PowerShell** and continue on to the next step. Previous [Getting started with Storj Testnet on Windows](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows) Next [Uploading Your First Object CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object) --- # Interacting With Your First Object CLI - Storj Docs Listing, downloading, and deleting Objects [List an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/list-an-object) [Download an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/download-an-object) [Delete an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/delete-an-object) Previous [View Distribution of an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/view-distribution-of-an-object) Next [List an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/list-an-object) --- # meta get - Storj Docs [Usage](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command#usage) ---------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe meta get PATH [KEY] [flags] ./uplink.exe meta get PATH [KEY] [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command#flags) ---------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--help`, `-h` | help for get | [Retrieve all metadata of an object](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command#retrieve-all-metadata-of-an-object) -------------------------------------------------------------------------------------------------------------------------------------------- Suppose you have uploaded your object with metadata using this command: windowslinuxmacos ./uplink.exe cp cheesecake.jpg sj://cakes --metadata '{\"baker\":\"cheeseman\", "\picture-author\": "\picman\"}' ./uplink.exe cp cheesecake.jpg sj://cakes --metadata '{\"baker\":\"cheeseman\", "\picture-author\": "\picman\"}' CopyCopied! Retrieving all metadata defined for object `sj://cakes/cheesecake.jpg` is done with: windowslinuxmacos ./uplink.exe meta get sj://cakes/cheesecake.jpg ./uplink.exe meta get sj://cakes/cheesecake.jpg CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zxWOIDRiLXcedbjVc6OmG_meta-get.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zxWOIDRiLXcedbjVc6OmG_meta-get.png) ### [Query for a specific key in metadata](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command#query-for-a-specific-key-in-metadata) You can retrieve the value of key `baker` for object `sj://cakes/cheesecake.jpg` using: windowslinuxmacos ./uplink.exe meta get sj://cakes/cheesecake.jpg baker ./uplink.exe meta get sj://cakes/cheesecake.jpg baker CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/B2qjHGPbKsZHONu74SsL0_meta-get-key.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/B2qjHGPbKsZHONu74SsL0_meta-get-key.png) Querying for a non-existent key will raise an error. Previous [meta](https://storj.dev/dcs/api/uplink-cli/meta-command) Next [mv](https://storj.dev/dcs/api/uplink-cli/mv) --- # rb - Storj Docs rb is the command to remove an empty bucket, or empty a bucket and then remove it. [Usage](https://storj.dev/dcs/api/uplink-cli/rb-command#usage) --------------------------------------------------------------- windowslinuxmacos ./uplink.exe rb sj://BUCKET [flags] ./uplink.exe rb sj://BUCKET [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/rb-command#flags) --------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--force` | if true, empties the bucket of objects first | | `--bypass-governance-retention` | Bypass Object Lock governance mode restrictions | [Global flags](https://storj.dev/dcs/api/uplink-cli/rb-command#global-flags) ----------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--config-dir string` | main directory for uplink configuration | | `--help`, `-h` | help for the command | | `--summary` | prints a summary of what commands are available | | `--advanced` | if used in with `-h`, print advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/rb-command#examples) --------------------------------------------------------------------- [Delete empty bucket](https://storj.dev/dcs/api/uplink-cli/rb-command#delete-empty-bucket) ------------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe rb sj://cakes ./uplink.exe rb sj://cakes CopyCopied! Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zb6IxHgf6VxL2NIRb4J9F_rb-empty-bucket.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zb6IxHgf6VxL2NIRb4J9F_rb-empty-bucket.png) ### [Delete bucket and all the objects it contains](https://storj.dev/dcs/api/uplink-cli/rb-command#delete-bucket-and-all-the-objects-it-contains) windowslinuxmacos ./uplink.exe rb sj://cakes --force ./uplink.exe rb sj://cakes --force CopyCopied! Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WA_RPCu8OqqEAswu5yBJL_rb-force.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WA_RPCu8OqqEAswu5yBJL_rb-force.png) Deleting large buckets is a time-consuming process. It would roughly take 1 hour per 10,000 objects. We are working on adding progress reporting. If you need to delete very large buckets and the waiting time is unacceptable, please [file a support request](https://supportdcs.storj.io/hc/en-us) . ### [Delete bucket and all the objects it contains with override of Governance object lock/object versioning](https://storj.dev/dcs/api/uplink-cli/rb-command#delete-bucket-and-all-the-objects-it-contains-with-override-of-governance-object-lock-object-versioning) Please note, objects with a Compliance object lock cannot be deleted by anyone, including Storj until the retention period will expire. Changing a Compliance object lock settings for the bucket doesn't affect existing objects. Compliance locked objects can be removed before expiration only with the entire account, you need to [file a support request](https://supportdcs.storj.io/hc/en-us) . windowslinuxmacos ./uplink.exe rb sj://cakes --force --bypass-governance-retention ./uplink.exe rb sj://cakes --force --bypass-governance-retention CopyCopied! Previous [mv](https://storj.dev/dcs/api/uplink-cli/mv) Next [rm](https://storj.dev/dcs/api/uplink-cli/rm-command) --- # Step 3. Configure QUIC - Storj Docs [Before starting](https://storj.dev/node/get-started/quic-requirements#before-starting) ---------------------------------------------------------------------------------------- **Failure to complete these steps will prevent your storage node from working.** [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [What is QUIC?](https://storj.dev/node/get-started/quic-requirements#what-is-quic) ----------------------------------------------------------------------------------- QUIC is a protocol based on UDP which promises more efficient usage of the internet connection with parallel downloads and uploads. This is exactly how our software operates. See [https://en.wikipedia.org/wiki/QUIC](https://en.wikipedia.org/wiki/QUIC) [How to configure QUIC?](https://storj.dev/node/get-started/quic-requirements#how-to-configure-quic) ----------------------------------------------------------------------------------------------------- You need to port forward not only TCP, but also UDP. You also need to allow the node's port for the UDP protocol in your firewall, see [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) . In case of Docker installation, you should use `tcp` and `udp` notations in the port mapping of your `docker run` command, see [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) [What else should be configured?](https://storj.dev/node/get-started/quic-requirements#what-else-should-be-configured) ----------------------------------------------------------------------------------------------------------------------- Linux users, please take a look at [Linux Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/linux-configuration-for-udp) . macOS/FreeBSD users, plese take a look at [macOS/FreeBSD Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/macosfreebsd-configuration-for-udp) . Windows users, please take a look at the Firewall configuration instructions in the [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) section for Windows. If you configured QUIC while your node was running, you need to restart it to apply the changes (the QUIC connectivity will be checked on startup and on every check-in on the satellite (1h by default)). DockerWindows docker restart -t 300 storagenode docker restart -t 300 storagenode CopyCopied! Previous [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) Next [Linux Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/linux-configuration-for-udp) --- # Step 5. Install Node Software - Storj Docs Select what works best for you: [General Hardware](https://storj.dev/node/get-started/install-node-software#general-hardware) ---------------------------------------------------------------------------------------------- [⌨️ CLI Install](https://storj.dev/node/get-started/install-node-software/cli) ------------------------------------------------------------------------------- [🖥 GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) ------------------------------------------------------------------------------------------------- [Network Attached Storage (NAS) systems](https://storj.dev/node/get-started/install-node-software#network-attached-storage-nas-systems) ---------------------------------------------------------------------------------------------------------------------------------------- [💻 TrueNAS Storage Node App](https://apps.truenas.com/resources/deploy-storj/) -------------------------------------------------------------------------------- [💻 QNAP Storage Node App](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app) ----------------------------------------------------------------------------------------------------------- Previous [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) Next [CLI Install](https://storj.dev/node/get-started/install-node-software/cli) --- # Delete an Object - Storj Docs [Delete our object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/delete-an-object#delete-our-object) --------------------------------------------------------------------------------------------------------------------------------------------------- Let's delete our photo with the following command: windowsmacoslinux ./uplink.exe rm sj://cakes/cheesecake.jpg ./uplink.exe rm sj://cakes/cheesecake.jpg CopyCopied! Result [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/S3cXDL76beDFiDktMTcDU_deleteobject.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/S3cXDL76beDFiDktMTcDU_deleteobject.png) Previous [Download an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/download-an-object) Next [Sharing Your First Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object) --- # List an Object - Storj Docs [List the object in our bucket](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/list-an-object#list-the-object-in-our-bucket) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- To view the cheesecake photo in our bucket, let's use the list command: windowsmacoslinux ./uplink.exe ls sj://cakes ./uplink.exe ls sj://cakes CopyCopied! Result [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Oi5zbmxWWcTU4hvoxhk_L_listobjects.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Oi5zbmxWWcTU4hvoxhk_L_listobjects.png) Previous [Interacting With Your First Object CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object) Next [Download an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/download-an-object) --- # access inspect - Storj Docs Inspect allows you to explode a serialized access into its constituent parts. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command#usage) ------------------------------------------------------------------------------------------ windowslinuxmacos ./uplink.exe access inspect [ACCESS-GRANT] [flags] ./uplink.exe access inspect [ACCESS-GRANT] [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command#flags) ------------------------------------------------------------------------------------------ | Flag | Description | | --- | --- | | `--help`, `-h` | help for inspect | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command#examples) ------------------------------------------------------------------------------------------------ windowslinuxmacos ./uplink.exe access inspect cheesecake ./uplink.exe access inspect cheesecake CopyCopied! is equivalent to: windowslinuxmacos ./uplink.exe access --access cheesecake inspect ./uplink.exe access --access cheesecake inspect CopyCopied! and will output something like: { "satellite_addr": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777", "encryption_access": { "default_path_cipher": "ENC_AESGCM" }, "api_key": "...", "macaroon": { "head": "...", "caveats": [], "tail": "..." }} { "satellite_addr": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777", "encryption_access": { "default_path_cipher": "ENC_AESGCM" }, "api_key": "...", "macaroon": { "head": "...", "caveats": [], "tail": "..." }} CopyCopied! Previous [access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) Next [access list](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command) --- # Understanding Security & Access Management - Storj Docs Distributed and decentralized cloud storage is a fantastic way to take advantage of underutilized storage and bandwidth, but in order to provide highly available and durable cloud storage, we needed to build in some fairly sophisticated security and privacy controls. Since we had to build with the assumption that any Peer Class besides the Uplink could be run by an untrusted person, we had to implement a zero-knowledge security architecture. This turns out to not only make our system far more resistant to attacks than traditional architectures but also brings significant benefits to developers building apps on Storj. [Access Management Paradigm](https://storj.dev/learn/concepts/access#access-management-paradigm) ------------------------------------------------------------------------------------------------- The access management paradigm for Storj is based on a set of security and privacy principles that are incorporated at the code level either as a necessary component of the decentralized architecture or as a feature to enable developers to build more secure and private applications. 1. Data and metadata stored on Storj is encrypted and the Satellite never has access to encryption keys 2. Authorization management should be delegated to the edge, but provide easy-to-use tools for granular levels of access control 3. Identity and Access Management for users of applications that store data on Storj should be handled by those applications These security and privacy principles are ultimately manifested in Storj as a set of tools developers can use for access management, providing granular control over how data is accessed and shared within their applications, on top of a decentralized, distributed system. Access management on Storj requires coordination of two parallel constructs: * **Authorization** - a determination of whether a particular request to perform an action on a resource is valid. Authorization management is implemented using hierarchically deterministic API Keys based on [macaroons](https://research.google/pubs/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/) . * **Encryption** - Data and metadata stored on Storj are encrypted using hierarchically deterministic Encryption Keys. Objects are encrypted with a randomized encryption key that is salted with a predetermined salt. Paths and randomized encryption keys are encrypted with a passphrase using AES 256 GCM or Secretbox. Both of these constructs work together to provide an access management framework that is secure and private, as well as extremely flexible for application developers. To make the implementation of these constructs as easy as possible for developers to use, the Storj developer tools abstract the complexity of encoding objects for access management and encryption/decryption. Understanding how **Authorization** and **Encryption** work together is critical to designing an appropriate access management flow for an application [Combining Authorization and encryption Management: Access Grants](https://storj.dev/learn/concepts/access#combining-authorization-and-encryption-management-access-grants) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Storj uses hierarchically deterministic Access Grants as an access management layer for objects. An Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a restricted path-based encryption key—everything an application needs to locate an object on the network, access that object, and decrypt it. The key benefit of this approach is that these Access Grants and any associated restrictions can be entirely managed client-side, without a central Access Control List or other server-side mechanism involved in the access management process. We call this delegated authorization. Read more about [Access Grants](https://storj.dev/learn/concepts/access/access-grants) . Previous [Product Overview](https://storj.dev/learn) Next [Access Grants](https://storj.dev/learn/concepts/access/access-grants) --- # ZkSync Payments - Storj Docs How to configure L2 Payments with zkSync Era [Background](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#background) -------------------------------------------------------------------------------- L2 scaling aligns with our goal of bringing decentralized cloud storage to the masses - via more efficient and autonomous payments. Here are a few of the benefits of receiving payouts through this approach: **Better Scalability** With zkSync Era, payouts will consume less block space on the Ethereum network because transactions are bundled together and processed in batches. The system is currently capable of processing 2000 transactions per second! **Lower Layer 2 Transfer Fees** ZkSync also dramatically lowers network transfer fees (compared to Layer 1 fees) for operators sharing their hard drive space and bandwidth on the Storj network. ZkSync Era accounts are tied to your existing Ethereum keys and current transaction fees on L2 are as low as ~0.000543 ETH at 210 Gwei. As the zkSync Era ecosystem grows, interoperability between projects and exchanges means even more savings. These fees can be reinvested in the community, creating new incentives for network operators to drive growth. **Pay Network Fees in STORJ Token** One of the most interesting things about zkSync Era is it supports "gasless meta-transactions" that allow users to pay transaction fees in the tokens being transferred. For example, if you want to transfer STORJ from L2 to an exchange, smart contract, or other address, there is no need for you to own ETH or any other tokens. [Introducing zkSync Era starting from July 2023!](https://forum.storj.io/t/july-5-2023-ethereum-layer-1-and-zksync-payouts-for-the-month-of-june-are-complete/23167?u=alexey) [Get Started and Opt-in](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#get-started-and-opt-in) -------------------------------------------------------------------------------------------------------- To opt-in to [zkSync Era](https://zksync.io/) you need to do a simple change in your Node configuration by following these steps: [Binary versions (include Windows/Linux GUI)](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#binary-versions-include-windows-linux-gui) ------------------------------------------------------------------------------------------------------------------------------------------------ Open your storage node's `config.yaml` (see [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) ) and add/change the line operator.wallet-features: ['zksync-era'] operator.wallet-features: ['zksync-era'] CopyCopied! Please enter everything in lowercase and double-check for spelling mistakes. This is a very basic implementation without any validations. Once you have added/updated the line to your config file, save it and restart your node. [Docker versions](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#docker-versions) ------------------------------------------------------------------------------------------ If you use a docker version, you can also specify the `zksync-era` wallet feature as an option after the image name, for example: docker run ... storjlabs/storagenode:latest --operator.wallet-features=zksync-era docker run ... storjlabs/storagenode:latest --operator.wallet-features=zksync-era CopyCopied! Please enter everything in lowercase and double-check for spelling mistakes. This is a very basic implementation without any validations. If you decided to specify the `zksync-era` wallet feature as an option, you need to stop and remove the container and run it back with all your parameters include added option for wallet feature, otherwise you can just restart the container. [How to check the opt-in for zkSync Era](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#how-to-check-the-opt-in-for-zk-sync-era) ----------------------------------------------------------------------------------------------------------------------------------------- 1. Navigate to your personal web-dashboard You should see an indication of zkSync enabled: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1dzgaZpKadOoLc2krD5Y1_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1dzgaZpKadOoLc2krD5Y1_image.png) 2. Opt-in for zkSync Era payouts for STORJ payments 3. Navigate to [zkSync Bridge](https://portal.zksync.io/bridge) . See also [How to add STORJ token to my Wallet](https://forum.storj.io/t/zksync-era-to-transfer-storj-in-binance-wallet/26119/10?u=alexey) . 4. Connect your L1 Ethereum wallet If you have problems accessing your wallet, you might want to change your payout address to an address that you can access (for which you control the private keys). zkSync Era supported wallets: * WalletConnect, an open source protocol for connecting decentralized applications to mobile wallets. * hardware wallets like Trezor/Ledger * software wallets like Metamask, MEW, Fortmatic, Portis, Oper, Dapper, Lattice, Torus and many other. * see also https://docs.zksync.io/build/tooling/wallets.html zkSync Era enables our Storage Node Operators to more easily interact directly with the world of DeFi through solutions like ZigZag (zkSync Lite only), Uniswap V3, Binance, ByBit and [others](https://zksync.io/explore#exchanges) . We are excited to share this update around payment scaling with our community of operators. If you have any questions about using zkSync Era, check out our documentation. **If you have ideas, or would like to talk with the team, please feel free to [reach out on our forum](http://forum.storj.io/) **. You can read more about our approach to storage node payouts in general [here](https://storj.dev/node/payouts) . [Understanding zkSync Era fee](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#understanding-zk-sync-era-fee) --------------------------------------------------------------------------------------------------------------------- The fee for transaction on zkSync Era (L2 -> L1) can be checked on the [Bridge](https://portal.zksync.io/bridge/withdraw) [Transfer tokens from zkSync Era to Ethereum](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos#transfer-tokens-from-zk-sync-era-to-ethereum) =================================================================================================================================================== 1. Navigate to [txSync zkSync Era Bridge](https://app.txsync.io/bridge) 2. Connect your Etherum Wallet [![](https://link.storjshare.io/raw/jvdvvzqjy5sncsehbjh6frkgb46a/docs%2Fimages%2FtxSync-zkSync-Era-WalletConnect.png)](https://link.storjshare.io/raw/jvdvvzqjy5sncsehbjh6frkgb46a/docs%2Fimages%2FtxSync-zkSync-Era-WalletConnect.png) 3. Configure your Wallet to use the zkSync Era Mainnet, following wizard for the chosen Wallet, if you did not already. 4. Sign the connection [![](https://link.storjshare.io/raw/juoh36vchvhrapbh7mhpzj7rc7aa/docs%2Fimages%2FtxSync-zkSync-Era-Sign.png)](https://link.storjshare.io/raw/juoh36vchvhrapbh7mhpzj7rc7aa/docs%2Fimages%2FtxSync-zkSync-Era-Sign.png) 5. Select the STORJ token both for the transfer and the fee, specify an amount and provide a destination Ethereum address [![](https://link.storjshare.io/raw/juuomyaaekbsqeuj7eybu5r7wnoq/docs%2Fimages%2FtxSync-zkSync-Era-withdraw.png)](https://link.storjshare.io/raw/juuomyaaekbsqeuj7eybu5r7wnoq/docs%2Fimages%2FtxSync-zkSync-Era-withdraw.png) 6. Confirm your selection by button **Continue**. 7. You will need to sign a transaction in your connected Wallet to transfer your tokens to the provided address. Previous [Payout](https://storj.dev/node/payouts) Next [FAQs](https://storj.dev/node/faq) --- # access import - Storj Docs This command allows you to import the Access Grant to Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#usage) --------------------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access import [flags] ./uplink.exe access import [flags] CopyCopied! [Arguments](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#arguments) ----------------------------------------------------------------------------------------- | Argument | Description | | --- | --- | | `` | Name to save the access as | | `` | Serialized access value or file path to save | [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#flags) --------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `-f, --force` | Force overwrite an existing saved access | | `--use` | Switch the default access to the newly created one | [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#global-flags) ----------------------------------------------------------------------------------------------- | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--advanced` | when used with -h, prints advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#examples) --------------------------------------------------------------------------------------- Please [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) or [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) before proceeding. ### [Import Access Grant from the file](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#import-access-grant-from-the-file) Save the created Access Grant to the file `access.txt`. As result, this command will import the Access Grant from the file to the access with the specified name into Uplink. windowsmacoslinux ./uplink.exe access import main access.txt ./uplink.exe access import main access.txt CopyCopied! Imported access "main" to "/home/user/.config/storj/uplink/access.json" Imported access "main" to "/home/user/.config/storj/uplink/access.json" CopyCopied! ### [Import Access Grant from the console](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#import-access-grant-from-the-console) As result, the Access Grant will be imported from the console to the access with the specified name. windowslinuxmacos ./uplink.exe access import main 18fglgkoitmfvkogmoitr.... ./uplink.exe access import main 18fglgkoitmfvkogmoitr.... CopyCopied! Imported access "main" to "/home/user/.config/storj/uplink/access.json" Imported access "main" to "/home/user/.config/storj/uplink/access.json" CopyCopied! ### [Import Access Grant and replace the existing access](https://storj.dev/dcs/api/uplink-cli/access-command/access-import#import-access-grant-and-replace-the-existing-access) You will import the created access grant to uplink as a named access windowslinuxmacos ./uplink.exe access import main access.txt --force ./uplink.exe access import main access.txt --force CopyCopied! Imported access "main" to "/home/user/.config/storj/uplink/access.json Imported access "main" to "/home/user/.config/storj/uplink/access.json CopyCopied! Previous [access export](https://storj.dev/dcs/api/uplink-cli/access-command/access-export) Next [access inspect](https://storj.dev/dcs/api/uplink-cli/access-command/access-inspect-command) --- # access register - Storj Docs Register your access for use with a hosted gateway. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-register#usage) ----------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access register ./uplink.exe access register CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-register#flags) ----------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--auth-service string` | the address to the service you wish to register your access with (default "auth.storjshare.io:7777") | | `--ca-cert string` | path to a file in PEM format with certificate(s) or certificate chain(s) to validate the auth | | | service against | | `--public` | if the access should be public. Default false | | `--format string` | Format of the output credentials, use 'env', 'aws' or `om` (Object Mount) when using in scripts | | `--aws-profile string` | If using --format=aws, output the --profile tag using this profile | [Example](https://storj.dev/dcs/api/uplink-cli/access-command/access-register#example) --------------------------------------------------------------------------------------- Once you have an access grant from the [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) or `uplink share` you can register it with a GatewayMT auth service and designate the access to be public (no secret ket necessary to access) or private. If you want to use it to host a static site or share a URL, you must create a public access. windowslinuxmacos ./uplink.exe access register --public=true ./uplink.exe access register --public=true CopyCopied! ========== CREDENTIALS ===================================================================Access Key ID: jw7w7n2...Secret Key : jycbodr...Endpoint : https://gateway.storjshare.io ========== CREDENTIALS ===================================================================Access Key ID: jw7w7n2...Secret Key : jycbodr...Endpoint : https://gateway.storjshare.io CopyCopied! Previous [access list](https://storj.dev/dcs/api/uplink-cli/access-command/access-list-command) Next [access remove](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove) --- # access use - Storj Docs This command allows you to switch the current access for Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-use#usage) ------------------------------------------------------------------------------ windowslinuxmacos ./uplink.exe access use ./uplink.exe access use CopyCopied! [Arguments](https://storj.dev/dcs/api/uplink-cli/access-command/access-use#arguments) -------------------------------------------------------------------------------------- | Argument | Description | | --- | --- | | `` | Access name to use | [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-use#global-flags) -------------------------------------------------------------------------------------------- | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--advanced` | when used with -h, prints advanced flags help | [Example](https://storj.dev/dcs/api/uplink-cli/access-command/access-use#example) ---------------------------------------------------------------------------------- You need to have more than one accesses in the local store of Uplink before proceeding. See[access create](https://storj.dev/dcs/api/uplink-cli/access-command/access-create) ,[access import](https://storj.dev/dcs/api/uplink-cli/access-command/access-import) , and [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) commands for information how to create/import/setup an access. windowslinuxmacos ./uplink.exe access use us1 ./uplink.exe access use us1 CopyCopied! Switched default access to "us1" Switched default access to "us1" CopyCopied! Previous [access revoke](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke) Next [cp](https://storj.dev/dcs/api/uplink-cli/cp-command) --- # Understanding Storj's Edge Services - Storj Docs [Overview](https://storj.dev/learn/concepts/edge-services#overview) -------------------------------------------------------------------- Storj Edge Services are hosted components that provide S3 compatibility and publicly-available data sharing services and are composed of the Storj Gateway MT, the auth service and the link sharing service. Storj Edge Services use server-side encryption. **Note:** All of the Edge Services use [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) . ### [Edge Services](https://storj.dev/learn/concepts/edge-services#edge-services) The three components comprising the edge services are: **S3 Compatible Gateway** Storj includes a globally distributed, multi-region cloud-hosted [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . **Linkshare Service** The [Linksharing Service](https://storj.dev/learn/concepts/linksharing-service) is a globally distributed, multi-region cloud-hosted gateway for standard HTTP requests, for sharing objects with users via a web browser. **Auth Service** Both the Storj S3-compatible gateway and the Linkshare service leverage the [Auth Service](https://storj.dev/learn/concepts/edge-services/auth-service) for access management via a registered Access Grant.\\ Previous [Edge Security Models](https://storj.dev/learn/concepts/security-models) Next [Auth Service](https://storj.dev/learn/concepts/edge-services/auth-service) --- # Setting Up Custom Domains - Storj Docs Linksharing now supports secure custom domains via HTTPS for Pro Accounts! With this update, custom domains can now be secured with TLS, providing an added layer of security and confidence for both you and your users. Some users may be impacted by changes that enable secure custom domains. If you are proxying your linksharing content via a CDN such as Cloudflare and are seeing unexpected errors, please read our troubleshooting steps below in our [FAQ](https://storj.dev/dcs/code/static-site-hosting/custom-domains#frequently-asked-questions) . [Introduction](https://storj.dev/dcs/code/static-site-hosting/custom-domains#introduction) ------------------------------------------------------------------------------------------- This document will provide you with all the information you need to set up a custom domain for your Linksharing content, including the benefits of the feature, step-by-step instructions, and frequently asked questions. We have a webinar walking you through it, but you can also refer to the steps below: [What are custom domains?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#what-are-custom-domains) ------------------------------------------------------------------------------------------------------------------ The custom domains feature allows users to use their own domain name to access the content they have stored using Storj. Instead of using the default URL provided by linksharing, users can access their content using a custom domain that they have set up. ### [Key Benefits](https://storj.dev/dcs/code/static-site-hosting/custom-domains#key-benefits) **Memorable**: A custom domain is easier to remember than a generic linksharing domain. This makes it more likely that users will return to the content in the future. **Consistent**: Using a custom domain for all of a user's shared content helps to establish a consistent brand image and makes it easier for users to recognize the source of the content. **Secure**: The use of a custom domain over HTTPS (as opposed to HTTP) can significantly improve security. This allows users to ensure that their links are coming from a trusted source, and protects user data and prevents man-in-the-middle attacks. Additionally, this feature represents a major improvement over the existing Linksharing service, which only allowed for custom domains over HTTP without additional configuration and addition of third party products. [Step-by-Step Instructions](https://storj.dev/dcs/code/static-site-hosting/custom-domains#step-by-step-instructions) ===================================================================================================================== [Prerequisites](https://storj.dev/dcs/code/static-site-hosting/custom-domains#prerequisites) --------------------------------------------------------------------------------------------- A Pro Account is required if you want the custom domain to be served via HTTPS 1. A Storj account: **[https://www.storj.io/signup](https://www.storj.io/signup) **. 2. The Uplink CLI tool installed on your local machine: **[Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) ** 3. A custom domain registered with a domain name registrar. 4. Access to the DNS records for the custom domain. [Instructions](https://storj.dev/dcs/code/static-site-hosting/custom-domains#instructions) ------------------------------------------------------------------------------------------- ### [](https://storj.dev/dcs/code/static-site-hosting/custom-domains#) For this step you will execute `uplink share` for the bucket or object prefix (not individual objects) that you want to share (this will be the root for your custom domain). The following placeholders should be replaced in the sample code provided below: * **__**: This is your custom subdomain (sub.domain.com) * **__**: The bucket you want to share * **__** (optional): The path to the specific folder you want to share (this is known as a prefix) windowsLinuxmacOS ./uplink.exe share --dns sj:/// ./uplink.exe share --dns sj:/// CopyCopied! Anything shared with `--dns` will be _readonly_ and available _publicly_ (no secret key needed). For securing your domain with TLS you can add the `--tls` flag, which returns an additional TXT record to secure your domain (Pro Accounts only). The command above prints a zone file with the information needed to create 3 DNS records (4 if `--tls` was used). Your CNAME should match the linkshare service domain (`link.storjshare.io` by default). $ORIGIN example.com.$TTL 3600 IN CNAME link.storjshare.io.txt- IN TXT storj-root:/txt- IN TXT storj-access:txt- IN TXT storj-tls:true $ORIGIN example.com.$TTL 3600 IN CNAME link.storjshare.io.txt- IN TXT storj-root:/txt- IN TXT storj-access:txt- IN TXT storj-tls:true CopyCopied! [Setting up a custom domain](https://storj.dev/dcs/code/static-site-hosting/custom-domains#setting-up-a-custom-domain) ----------------------------------------------------------------------------------------------------------------------- 1. Purchase a domain name from a domain name registrar. 2. Configure your DNS records to include the following * Create a CNAME record on your hostname using the CNAME from your generated zone file as the target name. * Create two TXT records, prepending `txt-` to your hostname. The value of each of these should also be in the generated file above: * `storj-root:/` * `storj-access:` Your final set of DNS entries should look like the following: | Type | Name | Content | | --- | --- | --- | | CNAME | www.example.com | link.storjshare.io. | | TXT | txt-www.example.com | storj-root:**_/_** | | TXT | txt-www.example.com | storj-access:**__** | To enable HTTPS for your custom domain (Pro Accounts Only) create one last TXT record: | Type | Name | Content | | --- | --- | --- | | TXT | txt-www.example.com | storj-tls:true | 3. You should now be able to access your content using your custom domain! DNS propagation usually takes less than a few hours, but can take up to 48 hours in some cases. [Pro account example](https://storj.dev/dcs/code/static-site-hosting/custom-domains#pro-account-example) --------------------------------------------------------------------------------------------------------- Here is an example the steps required to host a website on a custom domain (e.g. my-website.storj.dev) with a Pro Account. Replace `my-website.storj.dev` in the following example with your own domain. 1. Create a bucket $uplink mb sj://my-website $uplink mb sj://my-website CopyCopied! 2. Upload a website $echo '
Hello world!
' > index.html$uplink cp index.html sj://my-website $echo '
Hello world!
' > index.html$uplink cp index.html sj://my-website CopyCopied! 3. Create a DNS share The following command will publically share all objects in the bucket. If you'd rather restrict access to a prefix in the bucket (e.g. `public`), adjust the path accordingly before creating the share (e.g. `sj://my-website/public`). Also adjust the `storj-root` DNS txt record in the next step (e.g. `storj-root:my-website/public`). The output will give the DNS records that need to be setup. $uplink share --dns my-website.storj.dev sj://my-website --tls --not-after=none=========== DNS INFO =====================================================================Remember to update the $ORIGIN with your domain name. You may also change the $TTL.$ORIGIN example.com.$TTL 3600my-website.storj.dev IN CNAME link.storjshare.io.txt-my-website.storj.dev IN TXT storj-root:my-websitetxt-my-website.storj.dev IN TXT storj-access:jut6dmkf3e25gumtobqrjlehb4wqtxt-my-website.storj.dev IN TXT storj-tls:true $uplink share --dns my-website.storj.dev sj://my-website --tls --not-after=none=========== DNS INFO =====================================================================Remember to update the $ORIGIN with your domain name. You may also change the $TTL.$ORIGIN example.com.$TTL 3600my-website.storj.dev IN CNAME link.storjshare.io.txt-my-website.storj.dev IN TXT storj-root:my-websitetxt-my-website.storj.dev IN TXT storj-access:jut6dmkf3e25gumtobqrjlehb4wqtxt-my-website.storj.dev IN TXT storj-tls:true CopyCopied! 4. Once DNS records from the previous command are set, double check they're set correctly with `dig` $dig cname my-website.storj.dev +shortlink.storjshare.io. $dig cname my-website.storj.dev +shortlink.storjshare.io. CopyCopied! $dig txt txt-my-website.storj.dev +short"storj-root:my-website""storj-access:jxlyox27wuxye23ebhebzhmqqzfa""storj-tls:true" $dig txt txt-my-website.storj.dev +short"storj-root:my-website""storj-access:jxlyox27wuxye23ebhebzhmqqzfa""storj-tls:true" CopyCopied! Adjusting the `storj-root` alone won't change public access. Access is tied to the original `uplink share` comand. If you've already created a share at the root bucket, you must revoke that share to disallow access and recreate the share with the new restriction. 5. Navigate to your custom domain (e.g https://my-website.storj.dev/) [Considerations if setting up DNS with a CDN like Cloudflare](https://storj.dev/dcs/code/static-site-hosting/custom-domains#considerations-if-setting-up-dns-with-a-cdn-like-cloudflare) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ### [When HTTPS is enabled for custom domains (Pro Accounts Only)](https://storj.dev/dcs/code/static-site-hosting/custom-domains#when-https-is-enabled-for-custom-domains-pro-accounts-only) Cloudflare will default to [proxying DNS records](https://developers.cloudflare.com/learning-paths/get-started-free/onboarding/proxy-dns-records/) . Proxying must be disabled for the `CNAME` record, if you've added the `storj-tls:true` TXT record. If enabled, Cloudflare will terminate TLS and hinder the ability of the linksharing service to procure and renew TLS certificates for your custom domain. Disabling the proxy will mean the requests are sent directly to the linksharing service which will provide an end-to-end encryption from the user to the service. ### [Using Cloudflare as a proxy](https://storj.dev/dcs/code/static-site-hosting/custom-domains#using-cloudflare-as-a-proxy) If you still want to use Cloudflare as the proxy for your custom domain and use HTTPS, these steps should be followed: * Ensure the `storj-tls:true` DNS TXT record is removed. * Change the [TLS encryption mode](https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes) to "Flexible". * Enable [Always Use HTTPS](https://developers.cloudflare.com/ssl/edge-certificates/additional-options/always-use-https) . This is helpful if you require HTTPS, but don't have a Pro Account yet. Cloudflare will be managing the TLS certificate and provide HTTPS for your custom domain. [Frequently Asked Questions](https://storj.dev/dcs/code/static-site-hosting/custom-domains#frequently-asked-questions) ----------------------------------------------------------------------------------------------------------------------- ### [How do I set up a custom domain for my linksharing?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#how-do-i-set-up-a-custom-domain-for-my-linksharing) To set up a custom domain, you need to create several DNS entries in your domain's DNS configuration, such as a CNAME record that points to the linksharing service domain, a TXT record that contains the root of your file share (either a bucket or prefix), and a TXT record that contains your access key. Please refer to the steps above for more details. ### [What are the requirements for using a custom domain with linksharing?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#what-are-the-requirements-for-using-a-custom-domain-with-linksharing) To use a custom domain with linksharing, you must have a valid domain name, access to its DNS configuration, and the ability to create and manage DNS records. ### [Why is my browser telling me that my connection is not secure?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#why-is-my-browser-telling-me-that-my-connection-is-not-secure) While Linksharing links are secure, when you use a custom domain the browser is expecting a TLS certificate for your domain to be present on the Storj servers hosting the link. We do not have this certificate by default, so you will need to upgrade to a [Pro Account (Paid Tier)](https://storj.dev/learn/concepts/limits#pro-account-paid-tier) and follow the relevant steps above to enable TLS (HTTPS) in the browser. ### [Why am I seeing an "Invalid SSL certificate" error from Cloudflare?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#why-am-i-seeing-an-invalid-ssl-certificate-error-from-cloudflare) Problem: Customers using Cloudflare (or likely anything as a reverse proxy) who have certain TLS settings may see an error. In an effort to improve security and bring users SSL certs without the need for a CDN proxy, we no longer support self-signed certificates for custom domains. [![Cloudflare Invalid SSL Certificate Error](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dsxcEfc44l_gwzQHRiRKS_167760201695824623.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dsxcEfc44l_gwzQHRiRKS_167760201695824623.png) **Solution: Update your Cloudflare SSL/TLS encryption mode to "Flexible"** [![Cloudflare Flexible SSL/TLS encryption](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Y_EKNdQvTeG-lHQ52HbX9_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Y_EKNdQvTeG-lHQ52HbX9_image.png) ### [How do I verify my custom domain?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#how-do-i-verify-my-custom-domain) Verifying your custom domain with linksharing involves adding a TXT record to your domain's DNS configuration that contains a unique string or value provided by the service. The service then checks for the presence of this value in your domain's DNS records to confirm that you have control over the domain. ### [How do I troubleshoot issues with my custom domain setup?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#how-do-i-troubleshoot-issues-with-my-custom-domain-setup) If you are having trouble setting up your custom domain, common solutions include: * Ensuring that your domain name registration is valid and not expired * Checking your DNS configuration for typos or misconfigurations * Waiting for DNS changes to propagate * Contacting your domain provider * Asking or searching in the [Storj community forum](https://forum.storj.io/) ### [Can I use a custom domain for multiple file sharing buckets?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#can-i-use-a-custom-domain-for-multiple-file-sharing-buckets) Yes, you can use a custom domain for multiple file sharing buckets or prefixes by creating separate CNAME, TXT, and access key records for each bucket and associating them with a unique subdomain or path. ### [How do I update my custom domain after it has been set up?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#how-do-i-update-my-custom-domain-after-it-has-been-set-up) Updating your custom domain typically involves making changes to your domain's DNS configuration, such as updating the values of existing records or adding new records. It is important to ensure that any changes are properly propagated and tested before relying on the updated configuration. ### [What happens to my existing links when I switch to a custom domain?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#what-happens-to-my-existing-links-when-i-switch-to-a-custom-domain) Existing and new links that use the default domain name provided by linksharing will continue to work in addition to your custom domain. ### [What's the difference between HTTPS and TLS?](https://storj.dev/dcs/code/static-site-hosting/custom-domains#whats-the-difference-between-https-and-tls) HTTPS (Hypertext Transfer Protocol Secure) is a protocol for secure communication over the internet, while TLS (Transport Layer Security) is a security protocol that provides privacy and data integrity between two communicating computer applications. TLS is the successor to SSL and is the standard protocol used to secure HTTPS. [Glossary](https://storj.dev/dcs/code/static-site-hosting/custom-domains#glossary) ----------------------------------------------------------------------------------- * **Linksharing**: A service provided by Storj for creating and managing shared links for files stored on the Storj network * **Uplink CLI**: A command line interface tool for the Storj API that allows you to interact with the API from the terminal. * **Access Key ID**: A unique identifier used to grant access to a file sharing service * **Bucket**: A container used to store files on a file sharing service * **Prefix**: A string that is added to a bucket to create a unique file path identifier * **Custom Domain (or Hostname)**: A domain name that you own and is used to access your file sharing content * **Domain Name Registrar**: A company that sells domain names * **DNS Record**: An entry in a domain name system (DNS) database that specifies the location of a server and other details about a particular domain name or hostname. * **CNAME Record**: A type of DNS record that maps an alias to a true hostname * **TXT Record**: A type of DNS record used to store information about a domain * **Transport Layer Security (TLS)**: Security protocol that provides privacy and data integrity between two communicating computer applications. TLS is the successor to SSL and is the standard protocol used to secure HTTPS. * **HTTPS (Hypertext Transfer Protocol Secure)**: Protocol for secure communication over the internet using TLS protocol. Previous [Content response headers](https://storj.dev/dcs/code/static-site-hosting/content-response-headers) Next [Pricing](https://storj.dev/dcs/pricing) --- # Download an Object - Storj Docs [Download our object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/download-an-object#download-our-object) --------------------------------------------------------------------------------------------------------------------------------------------------------- To download our cheesecake photo, let's use the copy command: windowsmacoslinux ./uplink.exe cp sj://cakes/cheesecake.jpg ~/Downloads/cheesecake.jpg ./uplink.exe cp sj://cakes/cheesecake.jpg ~/Downloads/cheesecake.jpg CopyCopied! Result [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/w2PAkMtn5GYCDJAt30cmP_downloadobject.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/w2PAkMtn5GYCDJAt30cmP_downloadobject.png) Previous [List an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/list-an-object) Next [Delete an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object/delete-an-object) --- # Revoke an Access to an Object - Storj Docs You can revoke an access grant to an object at any time with the command `uplink revoke`. windowsmacoslinux ./uplink.exe access revoke asdfRF... ./uplink.exe access revoke asdfRF... CopyCopied! The access will be revoked permanently for this parent access grant. If you want to share this content again you should create a new access grant through the web interface. [Revoke a named access grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/revoke-an-access-to-an-object#revoke-a-named-access-grant) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access revoke access-name ./uplink.exe access revoke access-name CopyCopied! Previous [Import an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access) Next [Advanced Usage](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens) --- # macOS/FreeBSD Configuration for UDP - Storj Docs If you are running your node on macOS/FreeBSD (Darwin/BSD), you might see warnings about the receive buffer size. UDP transfers on high-bandwidth connections can be limited by the size of the UDP receive buffer. This buffer holds packets that have been received by the kernel, but not yet read by the application. Once this buffer fills up, the kernel will drop any new incoming packet. Our software attempts to increase the UDP receive buffer size. However, on macOS/FreeBSD, an application is only allowed to increase the buffer size up to a maximum value set in the kernel, and the default maximum value is too small for high-bandwidth UDP transfers. We recommend increasing the maximum buffer size by running the following to increase it to ~7.5MB. Accordingly [article of Cameron Sparr](https://medium.com/@CameronSparr/increase-os-udp-buffers-to-improve-performance-51d167bb1360) , on BSD/Darwin systems you need to add about a 15% padding to the kernel limit socket buffer, i.e. `7.5MB * 1.15 = 8.625MB`. You may check the current UDP/IP buffer limit by typing the following command: sysctl kern.ipc.maxsockbuf sysctl kern.ipc.maxsockbuf CopyCopied! If the value is less than 8625000 bytes you should add the following lines to the `/etc/sysctl.d/udp_buffer.conf` file (execute as root): echo "kern.ipc.maxsockbuf=8625000" >> /etc/sysctl.d/udp_buffer.conf echo "kern.ipc.maxsockbuf=8625000" >> /etc/sysctl.d/udp_buffer.conf CopyCopied! Changes to `/etc/sysctl.d/udp_buffer.conf` do not take effect until reboot. To update the values immediately, type the following commands as root: sudo sysctl -w kern.ipc.maxsockbuf=8625000 sudo sysctl -w kern.ipc.maxsockbuf=8625000 CopyCopied! Previous [Linux Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/linux-configuration-for-udp) Next [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) --- # Getting started with Storj Testnet on FreeNAS (freeBSD) - Storj Docs If you want to try it on Linux, you can read the article [https://github.com/storj/storj/wiki/Test-network](https://github.com/storj/storj/wiki/Test-network) In addition, you can try it on Windows: [Getting started with Storj Testnet on Windows](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows) . Author: Our fellow Community member @Odmin FreeNAS® is an embedded open-source network-attached storage (NAS) operating system based on FreeBSD and released under a [2-clause BSD license](https://opensource.org/licenses/BSD-2-Clause) . A NAS has an operating system optimized for file storage and sharing. FreeNAS® provides a browser-based, graphical configuration interface. The built-in networking protocols provide storage access to multiple operating systems. A plugin system is provided for extending the built-in features by installing additional software. FreeNAS has independent [hardware recommendations](https://ixsystems.com/documentation/freenas/11.2/intro.html#hardware-recommendations) for newly built system, so before you begin, please make sure that you meet **at least the minimum hardware requirements**. Once your hardware is ready you can [move forward with installation](https://ixsystems.com/documentation/freenas/11.2/install.html) . [Install Storj inside a FreeNAS Jail](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#install-storj-inside-a-free-nas-jail) ==================================================================================================================================================================== We will create a ZFS dataset and create a new FreeNAS Jail to run a local Storj test network (Storj-Sim), following the steps outlined below. [Create a new ZFS dataset for store Storj data:](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#create-a-new-zfs-dataset-for-store-storj-data) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip0.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip1.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip2.png) _**Figure 1.** Creating a new dataset for storage_ ### [Specify options for a new dataset - see **Figure 2**.](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#specify-options-for-a-new-dataset-see) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip3.png) _**Figure 2.** Options of the new dataset_ Please make sure you have the following settings configured: * **Name** - `Stojv3_data` * **Compression** - `lz4` * **Share Type** - `Unix` * **Enable atime** - `OFF` * **ZFS Deduplication** - `OFF` Then click on **Advanced Mode**. Depend on your HDD pool configuration, you can see the default value for Record Size (in our case 32K) - see **Figure 3**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip4.png) _**Figure 3.** Record Size for the Pool_ [Create a new FreeNAS Jail](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#create-a-new-free-nas-jail) ------------------------------------------------------------------------------------------------------------------------------------------------ To activate Pool for Jail Manager, just click **CONFIG**. See **Figure 4**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip5.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip6.png) _**Figure 4.** Creation of a new Jail_ Then click **ADD**. Fill in a new Jail name and select the latest FreeBSD release (**Figure 5**) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip7.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip8.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip9.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip9.png) _**Figure 5.** Adding a new Jail with parameters_ Select both options - **DHCP Autoconfiguration IPv4** and **VNET** (**Figure 6**) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip10.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip10.png) _**Figure 6.** DHCP Autoconfiguration IPv4 and VNET_ Check configuration and click **SUBMIT** (**Figure 7**) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip11.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip11.png) _**Figure 7.** Submit configuration of a new Jail_ Wait until the new Jail has been created, then click the three dots on the right side and specify the mount point inside a Jail to store data (**Figure 8**) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip12.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip12.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip13.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip13.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip14.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip14.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip15.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip15.png) _**Figure 8.** Mount point_ Select our dataset (we created it earlier with name `Storjv3_data`) as a source and mount point inside a Jail (which will be `storj_data`) as a destination - see **Figure 9**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip16.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip16.png) _**Figure 9.** Options of mountpoint_ Here is an example - see **Figure 10**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip17.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip17.png) _**Figure 10.** Example of options for the mountpoint_ Now you can start a Jail - see **Figure 11**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip18.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip18.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip19.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip19.png) _**Figure 11.** Starting a Jail_ [Configure the FreeNAS Jail](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#configure-the-free-nas-jail) -------------------------------------------------------------------------------------------------------------------------------------------------- Select the three dots on the right side and select **Shell** to access the Jail console - see **Figure 12**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip20.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip20.png) _**Figure 12.** Starting a Jail shell_ Let’s enable SSH access and allow connections to the Jail for your favorite SSH client. See example on **Figure 13**. sysrc sshd_enable="YES" sysrc sshd_enable="YES" CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip21.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip21.png) _**Figure 13.** Example of the command execution_ [Install useful packages](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#install-useful-packages) ------------------------------------------------------------------------------------------------------------------------------------------- pkg install nano git bash pkg install nano git bash CopyCopied! Set `PermitRootLogin` to `yes` in the `/etc/ssh/sshd_config`: nano /etc/ssh/sshd_config nano /etc/ssh/sshd_config CopyCopied! Uncomment `PermitRootLogin` and set to `yes` (see **Figure 14**), then save the file (Press **Ctrl+X** for exit and **Y** for save changes). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip22.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip22.png) _**Figure 14.** Changing PermitRootLogin option in the text editor_ Start the SSH service: service sshd start service sshd start CopyCopied! Set a new password for root user: passwd passwd CopyCopied! Now you can log in via SSH using login: `root` and **your password** (check the Jail section for the IP address) - see **Figure 15**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip23.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip23.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip24.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip24.png) _**Figure 15.** IP address for connections to the Jail_ [Install the latest Go package](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#install-the-latest-go-package) ------------------------------------------------------------------------------------------------------------------------------------------------------- pkg install go pkg install go CopyCopied! Check Go version (**Figure 16**) go version go version CopyCopied! _**Figure 16.** Check Go version_ go env go env CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip25.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip25.png) _**Figure 17.** Example of environment variables for Go_ Add a new user for Storj with Username `storj` and set shell: `bash` - see **Figure 18**. adduser storj adduser storj CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip26.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip26.png) _**Figure 18.** Adding a new storj user_ Become a storj user: sudo su storj sudo su storj CopyCopied! ### [Setup Go Environment](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#setup-go-environment) Open your `.profile` file and add a global variables as follows at the end of the file. See **Figure 19**. nano /home/storj/.profile nano /home/storj/.profile CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip27.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip27.png) _**Figure 19.** Adding a global variables to the `.profile`_ Press **Ctrl+X** for exit and **Y** for save changes ### [Update the current shell session](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#update-the-current-shell-session) source ~/.profile source ~/.profile CopyCopied! [Compile Storj from Source](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#compile-storj-from-source) =============================================================================================================================================== Connect to the Jail shell and execute: git clone https://github.com/storj/storj.git storjcd storjgo install -race -v storj.io/storj/cmd/storj-sim storj.io/storj/cmd/bootstrap storj.io/storj/cmd/satellite storj.io/storj/cmd/storagenode storj.io/storj/cmd/uplink storj.io/storj/cmd/gateway storj.io/storj/cmd/identity storj.io/storj/cmd/certificates git clone https://github.com/storj/storj.git storjcd storjgo install -race -v storj.io/storj/cmd/storj-sim storj.io/storj/cmd/bootstrap storj.io/storj/cmd/satellite storj.io/storj/cmd/storagenode storj.io/storj/cmd/uplink storj.io/storj/cmd/gateway storj.io/storj/cmd/identity storj.io/storj/cmd/certificates CopyCopied! check the binary folder ls /home/storj/go/bin/ ls /home/storj/go/bin/ CopyCopied! Let´s create a local test network, containing the Satellite, Uplink, S3 gateway and 10 storage nodes and run it. storj-sim network setupstorj-sim network run storj-sim network setupstorj-sim network run CopyCopied! Now the test network is ready and you can see the output like this - see **Figure 20**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip28.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-sim/freeBSD/mceclip28.png) _**Figure 20.** Example of the output of a local test network_ More information - [Test network](https://github.com/storj/storj/wiki/Test-network) [See also](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd#see-also) ============================================================================================================= * [S3 Gateway](https://storj.dev/learn/self-host/gateway-st) * [Uplink CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli) * [Libuplink Walkthrough](https://github.com/storj/storj/wiki/Libuplink-Walkthrough) Previous [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) Next [Getting started with Storj Testnet on Linux](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-linux) --- # Comparison: Capability Based Access and Access Control Lists - Storj Docs Why decentralized cloud has a better security model than Cloud ACL From a security-design standpoint, the capability model introduces a fundamentally better approach to identity and access management than Public Cloud’s ACL framework. By tying access to keys, rather than a centralized control system, capability-based models push security to the edge, decentralizing the large ACL attack vector and creating a more secure IAM system. The capability-based model solves both the ambient authority trap and the confused deputy problem by design. **What is a capability?** Often referred to as simply a ‘key,’ a capability is the single thing that both designates a resource and authorizes some kind of access to it. The capability is an unforgeable [token](https://en.wikipedia.org/wiki/Access_token) of authority. Those coming from the Blockchain world will be very familiar with the capability-based security model, as it is the model implemented in Bitcoin where “your key is your money”. This gives the client-user full insight into their privilege set, illustrating the core tenet of the Capability Mindset: “[don’t separate designation from authority.](https://crypto.stanford.edu/cs155old/cs155-spring09/papers/ConfusedDeputy.html) ”. Similar to how in the Blockchain world, “your keys are your money,” with Storj, your keys are your data, and access grants add additional capabilities that allow the owners of data to caveat it, or granularly delegate access for sharing, programmatically. Key-based ownership of object data will enable users to intuitively control their data as a first principle, and then delegate it as they see fit. The decentralized cloud eliminates the increasingly apparent risk of data loss/extortion due to holding data on one single provider (like Amazon, Google, or Microsoft). Storj presents a better model where object data is encrypted, erasure-coded, and spread across thousands of nodes stratified by reputation whereby any and every computer can be the cloud. Previous [Access Revocation](https://storj.dev/learn/concepts/access/access-revocation) Next [Encryption Keys](https://storj.dev/learn/concepts/access/encryption-and-keys) --- # Revoking Client-Side Delegated Authorization - Storj Docs Storj provides an easy way to revoke client-side delegated authorization with hierarchically deterministic API keys While delegated authorization and the ability to generate Access Grants at the edge provides the opportunity to create more private and secure applications, there are design considerations to take into account when building applications with data sharing capabilities based on long-lived bearer tokens. While it is possible to create Access Grants with time-based restrictions and to required Access Grants be refreshed as they expire, applications must be able to revoke access to data. Access grant revocation is supported on Storj in two ways: 1. Deleting a primary Access Grant - from the Satellite Admin Console, it is possible to delete a primary Access Grant. Deleting a primary Access Grant also immediately invalidates all child Restricted Access Grants derived from that primary Access Grant. 2. Adding an Access Grant to the Revocation service - by adding an Access Grant to the authorization revocation service, only the API Key associated with that Access Grant is revoked (along with any child Restricted Access Grants further derived from that Access Grant). This can be done via the CLI. Imagine the case where you have used a primary Access Grant to create dozens of child Restricted Access Grants. Deleting the primary Access Grant immediately invalidates all of the Access Grants derived from that primary Access Grant. Conversely, adding one of the child Restricted Access Grants to the Access Revocation service invalidates only that Access Grant and any child Restricted Access Grants derived from it. Deleting a Primary Access Key has the same effect as adding it to the Access Revocation service. The main differences is that primary Access Grants are created from the Satellite Admin Console and therefore the Satellite is aware that the associated API Key was created. The Satellite has no way to know if further child Restricted Access Grants were created client side. While this makes for much more private application sharing, it does require that the associated Access Grants be managed appropriately. Previous [Access Management at the Edge](https://storj.dev/learn/concepts/access/access-management-at-the-edge) Next [Capability Based Access vs Access Control Lists](https://storj.dev/learn/concepts/access/capability-based-access-control) --- # setup - Storj Docs Create an uplink config file [Usage](https://storj.dev/dcs/api/uplink-cli/setup-command#usage) ------------------------------------------------------------------ windowslinuxmacos ./uplink.exe setup [flags] ./uplink.exe setup [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/setup-command#flags) ------------------------------------------------------------------ | Flag | Description | | --- | --- | | `--auth-service string` | If generating backwards-compatible S3 Gateway credentials, use this auth service (default "https://auth.storjshare.io") | | `-f`, `--force` | Force overwrite an existing saved access | | `--use` | Switch the default access to the newly created one | [Global flags](https://storj.dev/dcs/api/uplink-cli/setup-command#global-flags) -------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | help for setup | | `--advanced` | when used with -h, prints advanced flags help | [Example](https://storj.dev/dcs/api/uplink-cli/setup-command#example) ---------------------------------------------------------------------- 1\. Start the CLI wizard. WindowsLinuxmacOS [PowerShell](https://storj.dev/dcs/api/uplink-cli/setup-command#power-shell) ----------------------------------------------------------------------------- [FAQ](https://storj.dev/support/faqs) . ./uplink.exe setup ./uplink.exe setup CopyCopied! 2\. Choose an access name, by default this should be left blank, so hit 'enter' If you would like to choose your own access name, please be sure to only use lowercase letters. Including any uppercase letters will result in your access name not getting recognized when creating buckets. Enter name to import as [default: main]: Enter name to import as [default: main]: CopyCopied! 3\. Enter the [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) you generated: Enter API key or Access grant: Enter API key or Access grant: CopyCopied! 4\. Enter the satellite address (generated when you created access grant): Satellite address: Satellite address: CopyCopied! 5\. Create (or use existing) an encryption passphrase and then confirm. This is used to encrypt your files on your machine before they are uploaded to the network: Passphrase:Again: Passphrase:Again: CopyCopied! 6\. (Optional) Disable encryption for object keys to enable lexicographical sort (More info: [Object Listings](https://storj.dev/dcs/buckets/object-listings) ) Would you like to disable encryption for object keys (allows lexicographical sorting of objects in listings)? (y/N): Would you like to disable encryption for object keys (allows lexicographical sorting of objects in listings)? (y/N): CopyCopied! 7\. (Optional) Generate S3 Compatible Gateway Credentials Would you like S3 backwards-compatible Gateway credentials? (y/N): Would you like S3 backwards-compatible Gateway credentials? (y/N): CopyCopied! Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6\. Your Uplink is configured and ready to use! Previous [rm](https://storj.dev/dcs/api/uplink-cli/rm-command) Next [share](https://storj.dev/dcs/api/uplink-cli/share-command) --- # Understanding Coordination Avoidance in the Storj Network - Storj Docs Rather than coming to a global consensus around the entire state of the network (as in blockchains like ethereum, etc.) The Storj Network is **Coordination Avoidant.** The network does not need global consistency (as per CAP Theorem) as each uplink user only needs to be able to recover _their_ files. [Advantages Over Coordination-dependant Systems](https://storj.dev/learn/concepts/decentralization/coordination-avoidance#advantages-over-coordination-dependant-systems) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- By ensuring coordination avoidance within Storj, we’re able to deliver better performance and scalability over other decentralized systems—two issues that are critical to achieving broad adoption with traditional storage users. Decentralized systems that are coordination dependent, like Bitcoin, require an increasing number of resources as they scale. To compete with centralized cloud storage platforms like Amazon S3, Microsoft Azure, and Google Cloud, Storj must be able to scale into the exabyte range, and beyond—something we feel confident it will be able to achieve. We believe our approach of decentralizing both storage and metadata tiers in the network allows greater scalability, performance, and reliability than systems that rely on seeking consensus. ### [Comparison to Blockchain Networks](https://storj.dev/learn/concepts/decentralization/coordination-avoidance#comparison-to-blockchain-networks) Blockchain consensus offers very strong guarantees, but this comes at a heavy cost in coordination overhead. Coordination is not always necessary for correctness and minimizing coordination is key to maximizing scalability, availability, and high performance in database systems. One fundamental design decision of the Storj network was not to utilize blockchain consensus for file transfers to increase those properties of the Storj network. Storj takes a pragmatic approach to avoiding blockchain consensus while still maintaining correctness for file transfers. But, at the same time by default, Storj uses blockchain consensus with the Ethereum-based STORJ token for payment processing to storage node operators. Storj is an enterprise, production-ready version of the Storj network, complete with guaranteed SLAs. All user uploads and downloads on Storj uses metainformation from Storj [Satellites which are special nodes on the network that audit storage nodes](https://storj.io/blog/2018/12/decentralized-auditing-and-repair-the-low-key-life-of-data-resurrection/) and ensure Storage Nodes properly storing files and managing metadata for users storing data on the network. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9K_5V8vYA1l3jjFHSe3bl_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9K_5V8vYA1l3jjFHSe3bl_image.png) As shown in the above architecture, there are three primary peer classes within the Storj network. All are open source, and capable of being run by any third party, making the network architecture fundamentally decentralized. The Storj network can leverage the decentralized nature of storage nodes and Satellites to create partitions in the network to isolate users and file transfers from each other, which helps minimize coordination across the Storj network. For extremely high throughput demands, organizations can run their own Satellite. This avoids coordination overhead with the rest of Storj and allows users to make their own decisions about what database infrastructure their Satellite will use and relax consistency guarantees if they wish. Previous [Decentralization](https://storj.dev/learn/concepts/decentralization) Next [Definitions](https://storj.dev/learn/concepts/definitions) --- # Understanding File Repair in a Distributed Network - Storj Docs This section describes at a high level how the system maintains availability of data on the network in the event that one or more storage nodes fail or leave the network. All of the nodes on the network are operated by third party volunteers. One key to the durability of the network is the distribution of data over a heterogeneous network of statistically uncorrelated nodes. Since the storage nodes are operated by different people, in different regions, on different power supplies, with different internet connections, etc., the risk of failure is highly distributed. While the risk of failure for any individual node is very low, the risk of 51 out of 80 nodes failing simultaneously is astronomically low. Hard drives don’t last forever, and we expect and plan for nodes to fail, as well as to voluntarily leave the network. While we provide a way for nodes to leave the network via Graceful Exit, without impacting the availability of pieces, we also have tools to address situations where storage nodes fail or leave the network without triggering Graceful Exit. (Graceful Exit is a command that allows a Storage Node to upload the pieces it is holding peer-to-peer to other Storage Nodes. When that Storage Node then exits the network, it does so without loss of any pieces. If a Storage Node does fail or leave the network without completing Graceful Exit, file availability isn’t impacted by the loss of one piece. You only need any subset of the total pieces to retrieve a file (e.g. 29 of the 80). Over time, though, if enough nodes were to fail or leave the network without intervention, it’s possible that a file would eventually be lost. For this reason, we have a function that can rebuild missing pieces and store them on healthy storage nodes called File Repair. File Repair works in conjunction with the Audit and Uptime Checker services that are constantly sampling the network to ensure that the network is monitoring the health and availability of Storage Nodes. The network constantly audits Storage Nodes by requesting a tiny byte range from a piece the node should be storing. If a Storage Node is healthy, it will be able to return the appropriate data. Even though the data is end-to-end encrypted and neither the Storage Node nor the Satellite have the encryption keys, the satellite can determine the validity of the response and determine if the node is storing the data it’s supposed to be storing. Other data elements (uptime, for example) are combined with audits to determine a Storage Node’s reputation, the statistical model by which nodes are allowed to operate or disqualified. All of this analysis of Storage Nodes is fed into the data science engine which keeps track of all the objects on the network on a segment by segment basis. If, through the failure, loss or unavailability of Storage Nodes, the number of available pieces of a segment reaches the Repair Threshold, Repair Workers download the required pieces of that object, re-encode the object, regenerate the missing pieces, then upload pieces to healthy storage nodes so that sufficient pieces are available to guarantee the availability of the object. There are a number of great blog posts on the math behind the redundancy model using erasure codes and how the repair system works. Probably the most important takeaway is that erasure codes are an alternative to replication that deliver much higher durability at a much lower expansion factor. As a result, an approach whereby objects are erasure coded and distributed over dozens, hundreds, or thousands of endpoints will provide superior durability to making multiple replications in a small number of endpoint locations or using erasure codes in a single location. If you want the details, check out: * [Replication is bad for decentralized storage, part 1: Erasure codes for fun and profit](https://storj.io/blog/replication-is-bad-for-decentralized-storage-part-1-erasure-codes-for-fun-and-profit/) * [Why (Proof-of-) Replication is Bad for Decentralized Storage, Part 2: Churn and Burn](https://storj.io/blog/why-proof-of-replication-is-bad-for-decentralized-storage-part-2-churn-and-burn/) * [Reputation Matters When it Comes to Storage Nodes](https://storj.io/blog/reputation-matters-when-it-comes-to-storage-nodes/) * [Decentralized Auditing and Repair! The Low-key Life of Data Resurrection](https://storj.io/blog/decentralized-auditing-and-repair-the-low-key-life-of-data-resurrection/) Previous [File Redundancy](https://storj.dev/learn/concepts/file-redundancy) Next [Immutability](https://storj.dev/learn/concepts/immutability) --- # Create a Bucket - Storj Docs You need to have a satellite account and installed Uplink CLI as described in [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) [Create a bucket in our Project](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-a-bucket#create-a-bucket-in-our-project) --------------------------------------------------------------------------------------------------------------------------------------------------------------------- Let's create a bucket to store photos of cake for our "food app" project: windowsmacoslinux ./uplink.exe mb sj://cakes ./uplink.exe mb sj://cakes CopyCopied! Result [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VE2SKIz_0DR32w_SqGKly_bucketcakescreated.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VE2SKIz_0DR32w_SqGKly_bucketcakescreated.png) Previous [Set Up Uplink CLI with Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/set-up-uplink-cli) Next [Upload an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object) --- # Upload an Object - Storj Docs You need to have a satellite account and installed Uplink CLI as described in [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) [The Object we'll upload](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object#the-object-we-ll-upload) -------------------------------------------------------------------------------------------------------------------------------------------------------- Right-click and save as **cheesecake.jpg** to your **Desktop**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Agk7hc0TSkbDdOVi_kAmL_cheesecake.jpeg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Agk7hc0TSkbDdOVi_kAmL_cheesecake.jpeg) [Upload our object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object#upload-our-object) -------------------------------------------------------------------------------------------------------------------------------------------- To upload our photo, let's use the copy command: windowsmacoslinux ./uplink.exe cp ~/Desktop/cheesecake.jpg sj://cakes ./uplink.exe cp ~/Desktop/cheesecake.jpg sj://cakes CopyCopied! Result [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-kJd4nJmCle8qwhaY5-bW_uploadfile.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-kJd4nJmCle8qwhaY5-bW_uploadfile.png) Previous [Create a Bucket](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-a-bucket) Next [View Distribution of an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/view-distribution-of-an-object) --- # Generating Presigned URLs in Serverless Cloud with Go - Storj Docs This document will guide you through the process of creating presigned URLs in a serverless cloud environment using the Go programming language. Most applications will need some secure, server-side logic to enforce access-control.  Usually, though, the “goldilocks size” for infrastructure is _as little as possible_.  A minimum viable security solution would do well to be stateless. Presigned URLs work well here because they are inherently time limited, and thus not typically tracked (For more info see www.storj.io/blog/how-developers-can-easily-connect-storj-to-compute-for-presigned-urls) [Prerequisites](https://storj.dev/dcs/code/presigned-urls-serverless-cloud#prerequisites) ------------------------------------------------------------------------------------------ * Basic knowledge of Go programming language * Storj account with [Getting started](https://storj.dev/dcs/getting-started) * A cloud platform account with access to serverless functions (e.g., AWS Lambda, Google Cloud Functions) [Setting Up the Go Environment](https://storj.dev/dcs/code/presigned-urls-serverless-cloud#setting-up-the-go-environment) -------------------------------------------------------------------------------------------------------------------------- 1. Install Go: Download and install the latest version of Go from the official website: [https://golang.org/dl/](https://golang.org/dl/) 2. Set up your Go workspace: Follow the official Go documentation to set up your Go workspace: [https://golang.org/doc/code.html](https://golang.org/doc/code.html) [Presigning URLs via Amazon Lambda](https://storj.dev/dcs/code/presigned-urls-serverless-cloud#presigning-urls-via-amazon-lambda) ---------------------------------------------------------------------------------------------------------------------------------- Please note that this pattern inherently transfers your encryption keys to the serverless provider. Create a new Go file `main.go` and import the necessary packages (e.g. run `go get -u`) package mainimport ( "context" "time" "github.com/aws/aws-lambda-go/events" "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")const ( storjS3Bucket = "" storjS3Id = "" storjS3Secret = "" storjS3URL = "https://gateway.storjshare.io/")func main() { lambda.Start(handleRequest)}// HandleRequest accepts an S3 key and presigned URL method type, and returns a presigned URL.// It is designed to be used directly as a Lambda function URL. (https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html)// Nil errors are always returned, so that the client gets more than an "Internal Server Error" message.func handleRequest(ctx context.Context, r events.LambdaFunctionURLRequest) (events.LambdaFunctionURLResponse, error) { key := r.QueryStringParameters["key"] method := r.QueryStringParameters["method"] if len(key) == 0 { return events.LambdaFunctionURLResponse{Body: "Request is missing 'key' query parameter", StatusCode: 400}, nil } if len(method) == 0 { return events.LambdaFunctionURLResponse{Body: "Request is missing 'method' query parameter", StatusCode: 400}, nil } sess, err := session.NewSession(&aws.Config{ Credentials: credentials.NewStaticCredentials(storjS3Id, storjS3Secret, ""), Endpoint: aws.String(storjS3URL), Region: aws.String("us-east-1"), }) if err != nil { return events.LambdaFunctionURLResponse{Body: "Failed to create AWS S3 session", StatusCode: 500}, nil } svc := s3.New(sess) var req *request.Request switch method { case "GET": req, _ = svc.GetObjectRequest(&s3.GetObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key}) case "POST": req, _ = svc.PutObjectRequest(&s3.PutObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key}) default: return events.LambdaFunctionURLResponse{Body: "The request 'method' query parameter is invalid", StatusCode: 400}, nil } urlStr, err := req.Presign(15 * time.Minute) if err != nil { return events.LambdaFunctionURLResponse{Body: "Failed to presign request", StatusCode: 500}, nil } return events.LambdaFunctionURLResponse{Body: urlStr, StatusCode: 200}, nil} package mainimport ( "context" "time" "github.com/aws/aws-lambda-go/events" "github.com/aws/aws-lambda-go/lambda" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")const ( storjS3Bucket = "" storjS3Id = "" storjS3Secret = "" storjS3URL = "https://gateway.storjshare.io/")func main() { lambda.Start(handleRequest)}// HandleRequest accepts an S3 key and presigned URL method type, and returns a presigned URL.// It is designed to be used directly as a Lambda function URL. (https://docs.aws.amazon.com/lambda/latest/dg/lambda-urls.html)// Nil errors are always returned, so that the client gets more than an "Internal Server Error" message.func handleRequest(ctx context.Context, r events.LambdaFunctionURLRequest) (events.LambdaFunctionURLResponse, error) { key := r.QueryStringParameters["key"] method := r.QueryStringParameters["method"] if len(key) == 0 { return events.LambdaFunctionURLResponse{Body: "Request is missing 'key' query parameter", StatusCode: 400}, nil } if len(method) == 0 { return events.LambdaFunctionURLResponse{Body: "Request is missing 'method' query parameter", StatusCode: 400}, nil } sess, err := session.NewSession(&aws.Config{ Credentials: credentials.NewStaticCredentials(storjS3Id, storjS3Secret, ""), Endpoint: aws.String(storjS3URL), Region: aws.String("us-east-1"), }) if err != nil { return events.LambdaFunctionURLResponse{Body: "Failed to create AWS S3 session", StatusCode: 500}, nil } svc := s3.New(sess) var req *request.Request switch method { case "GET": req, _ = svc.GetObjectRequest(&s3.GetObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key}) case "POST": req, _ = svc.PutObjectRequest(&s3.PutObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key}) default: return events.LambdaFunctionURLResponse{Body: "The request 'method' query parameter is invalid", StatusCode: 400}, nil } urlStr, err := req.Presign(15 * time.Minute) if err != nil { return events.LambdaFunctionURLResponse{Body: "Failed to presign request", StatusCode: 500}, nil } return events.LambdaFunctionURLResponse{Body: urlStr, StatusCode: 200}, nil} CopyCopied! While Amazon has quite the variety of methods to deploy code to Lambda, this example showcases the most primitive and explicit method, using the aws cli tool. `deploy.sh` GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main main.gozip lambda-handler.zip mainaws iam create-role --role-name lambda-ex --assume-role-policy-document file://trust-policy.jsonaws iam attach-role-policy --role-name lambda-ex --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRoleaws lambda create-function --function-name cloudsigning --runtime go1.x --role arn:aws:iam:::role/lambda-ex --handler main --zip-file fileb://lambda-handler.zipaws lambda add-permission --function-name cloudsigning --action lambda:InvokeFunctionUrl --principal "*" --function-url-auth-type "NONE" --statement-id urlaws lambda create-function-url-config --function-name cloudsigning --auth-type NONEcurl 'https://.lambda-url.us-east-1.on.aws/?key=test&method=POST' GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main main.gozip lambda-handler.zip mainaws iam create-role --role-name lambda-ex --assume-role-policy-document file://trust-policy.jsonaws iam attach-role-policy --role-name lambda-ex --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRoleaws lambda create-function --function-name cloudsigning --runtime go1.x --role arn:aws:iam:::role/lambda-ex --handler main --zip-file fileb://lambda-handler.zipaws lambda add-permission --function-name cloudsigning --action lambda:InvokeFunctionUrl --principal "*" --function-url-auth-type "NONE" --statement-id urlaws lambda create-function-url-config --function-name cloudsigning --auth-type NONEcurl 'https://.lambda-url.us-east-1.on.aws/?key=test&method=POST' CopyCopied! `trust-policy.json` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ]} { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ]} CopyCopied! [Presigning URLs via Google Cloud Functions](https://storj.dev/dcs/code/presigned-urls-serverless-cloud#presigning-urls-via-google-cloud-functions) ---------------------------------------------------------------------------------------------------------------------------------------------------- Please note that this pattern inherently transfers your encryption keys to the serverless provider. Create a new Go file `main.go` and import the necessary packages (e.g. run `go get -u`) package cloudsigningimport ( "fmt" "net/http" "time" "github.com/GoogleCloudPlatform/functions-framework-go/functions" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")const ( storjS3Bucket = "" storjS3Id = "" storjS3Secret = "" storjS3URL = "https://gateway.storjshare.io/")func init() { functions.HTTP("Presign", HandleRequest)}// HandleRequest accepts an S3 key and presigned URL method type, and returns a presigned URL.func HandleRequest(w http.ResponseWriter, r *http.Request) { key := r.URL.Query()["key"] method := r.URL.Query()["method"] if len(key) == 0 { w.WriteHeader(400) fmt.Fprint(w, "Request is missing 'key' query parameter") return } if len(method) == 0 { w.WriteHeader(400) fmt.Fprint(w, "Request is missing 'method' query parameter") return } sess, err := session.NewSession(&aws.Config{ Credentials: credentials.NewStaticCredentials(storjS3Id, storjS3Secret, ""), Endpoint: aws.String(storjS3URL), Region: aws.String("us-east-1"), }) if err != nil { w.WriteHeader(500) fmt.Fprint(w, "Failed to create AWS S3 session") return } svc := s3.New(sess) var req *request.Request switch method[0] { case "GET": req, _ = svc.GetObjectRequest(&s3.GetObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key[0]}) case "POST": req, _ = svc.PutObjectRequest(&s3.PutObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key[0]}) default: w.WriteHeader(400) fmt.Fprint(w, "The request 'method' query parameter is invalid") return } urlStr, err := req.Presign(15 * time.Minute) if err != nil { w.WriteHeader(500) fmt.Fprint(w, "Failed to presign request") return } fmt.Fprint(w, urlStr)} package cloudsigningimport ( "fmt" "net/http" "time" "github.com/GoogleCloudPlatform/functions-framework-go/functions" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3")const ( storjS3Bucket = "" storjS3Id = "" storjS3Secret = "" storjS3URL = "https://gateway.storjshare.io/")func init() { functions.HTTP("Presign", HandleRequest)}// HandleRequest accepts an S3 key and presigned URL method type, and returns a presigned URL.func HandleRequest(w http.ResponseWriter, r *http.Request) { key := r.URL.Query()["key"] method := r.URL.Query()["method"] if len(key) == 0 { w.WriteHeader(400) fmt.Fprint(w, "Request is missing 'key' query parameter") return } if len(method) == 0 { w.WriteHeader(400) fmt.Fprint(w, "Request is missing 'method' query parameter") return } sess, err := session.NewSession(&aws.Config{ Credentials: credentials.NewStaticCredentials(storjS3Id, storjS3Secret, ""), Endpoint: aws.String(storjS3URL), Region: aws.String("us-east-1"), }) if err != nil { w.WriteHeader(500) fmt.Fprint(w, "Failed to create AWS S3 session") return } svc := s3.New(sess) var req *request.Request switch method[0] { case "GET": req, _ = svc.GetObjectRequest(&s3.GetObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key[0]}) case "POST": req, _ = svc.PutObjectRequest(&s3.PutObjectInput{Bucket: aws.String(storjS3Bucket), Key: &key[0]}) default: w.WriteHeader(400) fmt.Fprint(w, "The request 'method' query parameter is invalid") return } urlStr, err := req.Presign(15 * time.Minute) if err != nil { w.WriteHeader(500) fmt.Fprint(w, "Failed to presign request") return } fmt.Fprint(w, urlStr)} CopyCopied! `deploy.sh` gcloud functions deploy Presign --runtime go119 --trigger-http --allow-unauthenticatedcurl "https://.cloudfunctions.net/Presign?key=test&method=POST" gcloud functions deploy Presign --runtime go119 --trigger-http --allow-unauthenticatedcurl "https://.cloudfunctions.net/Presign?key=test&method=POST" CopyCopied! \`\` Previous [Partner Program Tools](https://storj.dev/dcs/code/partner-program-tools) Next [Rails Active Storage](https://storj.dev/dcs/code/rails-activestorage) --- # Create Access Grant in CLI - Storj Docs [Introduction](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token#introduction) ---------------------------------------------------------------------------------------------------------------------------------------- Create an Access Grant in the Uplink CLI with Satellite and API Key info from the Satellite Admin Console 1. You need to have a satellite account and installed Uplink CLI. 2. To start, proceed through the initial steps of creating a new Access Grant. 3. Navigate to **Access** page and click the **Create Keys for CLI** link (rightmost option). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/A-FVBJUPSoGo5PefsWReo_access-grants01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/A-FVBJUPSoGo5PefsWReo_access-grants01.png) 4\. Provide name, permissions and optionally buckets, select **Create Keys**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MDufnxlBjkqF4aA2sox0j_access-grants02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MDufnxlBjkqF4aA2sox0j_access-grants02.png) 5\. Copy and save the **Satellite Address** and **API Key** in a safe place or download them as they will only appear once. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5nn_fN9lmg9VauZZ5S1ks_access-grants03.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5nn_fN9lmg9VauZZ5S1ks_access-grants03.png) 6\. Make sure you've already [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) and run `uplink setup`. windowsmacoslinux ./uplink.exe setup ./uplink.exe setup CopyCopied! For anyone who has previously configured an Uplink, please use a named access. If you want to replace the default access, you need to either specify the `--force` flag to the `uplink setup` command or [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) and use the `uplink access import` command with `--force` flag to import it, or use the `uplink access create --import-to ` command with `--force` flag to create an Access Grant in CLI and import it to the specified access in the local store of Uplink. 7\. Follow the prompts. When asked for your API Key, enter it (you should have saved it in step 4 above). 8\. Generate the Access Grant by running `uplink access restrict` with no restrictions. If you chose an access name, you'll need to specify it in the following command as `--access=name` windowsmacoslinux ./uplink.exe access restrict --readonly=false ./uplink.exe access restrict --readonly=false CopyCopied! Keep your full-rights Access Grant secret, it contains the encryption key and will enable uploading, downloading or deleting your data from the entire project! 9\. Your Access Grant should have been output. The alternative for using the `uplink setup` command and then `uplink access restrict` is to use the `uplink access create` command instead, it will print the Access Grant right away. Previous [Advanced Usage](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens) --- # access revoke - Storj Docs This command allows you to revoke the access. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#usage) --------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access [flags] ./uplink.exe access [flags] CopyCopied! [Arguments](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#arguments) ----------------------------------------------------------------------------------------- | Argument | Description | | --- | --- | | `` | Access name or value to revoke | [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#flags) --------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | Access name or value performing the revoke | ### [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#global-flags) | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--advanced` | when used with -h, prints advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#examples) --------------------------------------------------------------------------------------- ### [Revoke a stored access](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#revoke-a-stored-access) If you want to revoke the current access, you need to switch to a different access with the [access use](https://storj.dev/dcs/api/uplink-cli/access-command/access-use) command before proceeding. windowslinuxmacos ./uplink.exe access revoke us1-ro ./uplink.exe access revoke us1-ro CopyCopied! Revoked access "us1-ro" Revoked access "us1-ro" CopyCopied! ### [Revoke an access grant](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke#revoke-an-access-grant) windowslinuxmacos ./uplink.exe access revoke 19hFrjmsi... ./uplink.exe access revoke 19hFrjmsi... CopyCopied! Revoked access "19hFrjmsi..." Revoked access "19hFrjmsi..." CopyCopied! Previous [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) Next [access use](https://storj.dev/dcs/api/uplink-cli/access-command/access-use) --- # Storj Data Access Methods - Storj Docs Storj provides multiple data access methods: "Linksharing" for public links, "Presigned URLs" for time-limited access, "Customer-specific S3 Credentials" for personalized encryption, and "Rotating Credentials" for broader time-restricted access. You can use your own application server to have even finer control. Each offers distinct security levels and benefits. [Customer Application Server](https://storj.dev/learn/concepts/security-models#customer-application-server) ------------------------------------------------------------------------------------------------------------ By incorporating Storj within your application server, you can exercise more granular control over data access, security, and governance. You essentially act as an intermediary between the client application and the Storj storage service. This approach offers a centralized method for controlling and monitoring data access. Below are some strategies for using or proxying Storj in the customer application server tier: * Expose specific API endpoints that route to the various Storj services. * Dynamically issue temporary credentials based on the user's role or other contextual information * Caching Strategy to reduce the number of round trips to the Storj service or frequently accessed data * Access Monitoring for auditing of access patterns * Data Preprocessing for transformation or enrichment before storage or retrieval [Linksharing](https://storj.dev/learn/concepts/security-models#linksharing) ---------------------------------------------------------------------------- Making data publicly available via [Linksharing](https://storj.dev/learn/concepts/linksharing-service) is very simple. There is the one-time need to register an intended bucket or path with Storj, after which this data in that bucket or path becomes publicly accessible for anyone who has the link. Because this public file sharing need only occur once, it is simple to do via the Storj Console (see [Public Buckets](https://storj.dev/dcs/buckets/public-buckets) ), and need not be automated. Linksharing does not include the ability to upload files, but it may be used alongside other solutions. [Presigned URLs](https://storj.dev/learn/concepts/security-models#presigned-urls) ---------------------------------------------------------------------------------- [Presigned URLs](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html) are a feature of S3 compatible cloud storage solutions. You [can use presigned URLs](https://storj.dev/dcs/api/s3/presigned-urls) to grant time-limited access to either [upload](https://storj.dev/dcs/api/s3/presigned-urls#script) or [download](https://storj.dev/dcs/api/s3/presigned-urls#script-for-download) an object. A presigned URL can be entered in a browser or used by a program to download an object. A presigned URL would be generated in your web service, and used browsers or clients using simple HTTP GET and POST commands. No S3 compatible SDK is necessary to use presigned URLs via browsers or code. Instead, Amazon's SDKs would be used on the web service tier to generate the presigned URLs. Presigned URLs have the advantage of allowing you to fine-tune your security needs. Because all customer requests to storage must first be authorized, you can create whatever logic and security scheme fits you best. The downside is that each file request incurs two round trips to web service, once for authorization and to create the presigned URL, and once to either upload or download the object. This make presigned URLs most popular for sharing files between users, or for performing uploads in applications dominated by primarily public viewing. [Customer-specific S3 Credentials](https://storj.dev/learn/concepts/security-models#customer-specific-s3-credentials) ---------------------------------------------------------------------------------------------------------------------- An alternative to presigned URLs is to create unique [S3 credentials](https://storj.dev/dcs/access#create-s3-credentials) per-user. You can use Amazon's S3 SDKs. This SDK should handle all of the upload and download functionality. If you opt for this solution, you may have one security credential for your administrative needs, and credentials for each customer. Customer credentials could use its own encryption passphrase, it you need to keep their data truly private . Each credential would also restrict permissions to a single customer bucket. Each customer credential can be enabled for [S3 compatibility](https://storj.dev/dcs/api/s3/s3-compatibility) . A high level of our security / encryption implementation is located [here](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented) . It's also worth looking at our [multi-tenancy docs](https://pkg.go.dev/storj.io/uplink#hdr-Multitenancy_in_a_Single_Application_Bucket) . [Rotating Credentials](https://storj.dev/learn/concepts/security-models#rotating-credentials) ---------------------------------------------------------------------------------------------- Whether you're using Linksharing or a global S3 credential, you can add time limitations similar to the use of presigned-URLs. Using rotating Linksharing credentials has some benefits over presigned URLs in that they can be generated for an entire application and apply to large number of files, rather than being be generated per request for each file. Previous [Definitions](https://storj.dev/learn/concepts/definitions) Next [Edge Services](https://storj.dev/learn/concepts/edge-services) --- # Using End-to-End Encryption - Storj Docs When the privacy and security of your application data are mission critical, Storj provides options to ensure only you have access to your data. Strong encryption is critical to decentralized projects especially where a significant part of the infrastructure is run by independent third-party providers. Encryption is especially important with data storage to deliver security + privacy and ensure developers are in control of their data. End-to-end encryption means that only you have access to your data and the associated metadata. If end-to-end encryption is essential to your use case, Storj provides the Uplink CLI, libuplink library, a variety of developer tools including FileZilla and Rclone, and the self-hosted GatewayST that allow you to ensure data and metadata are encrypted before they ever reach any service operated by Storj or any other third party. Whether you create an Access Grant in the Satellite Admin Console, or you use one of the uplink clients, you, and only you have access to your encryption key. Within the Storj encryption ecosystem, all of the tools are interoperable and encryption is easily managed between tools. Previous [Encryption](https://storj.dev/learn/concepts/encryption-key) Next [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) --- # rm - Storj Docs Delete an object. [Usage](https://storj.dev/dcs/api/uplink-cli/rm-command#usage) --------------------------------------------------------------- windowslinuxmacos ./uplink.exe rm sj://BUCKET/KEY [flags] ./uplink.exe rm sj://BUCKET/KEY [flags] CopyCopied! Please note, the command `uplink rm --recursive` for the [versioned bucket](https://storj.dev/dcs/api/s3/object-versioning) will put a deletion marker instead of the object deletion. [Flags](https://storj.dev/dcs/api/uplink-cli/rm-command#flags) --------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--recursive`, `-r` | Remove recursively | | `--parallelism`, `-p` `int` | Controls how many removes to perform in parallel (default 1) | | `--encrypted` | if true, treat paths as base64-encoded encrypted paths | | `--pending` | Remove pending object uploads instead | | `--version-id` | Version ID to remove (if the location is an object path) | | `--bypass-governance-retention` | Bypass Object Lock governance mode restrictions | [Global flags](https://storj.dev/dcs/api/uplink-cli/rm-command#global-flags) ----------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--config-dir string` | main directory for uplink configuration | | `--help`, `-h` | help for the command | | `--summary` | prints a summary of what commands are available | | `--advanced` | if used in with `-h`, print advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/rm-command#examples) --------------------------------------------------------------------- [Delete an object](https://storj.dev/dcs/api/uplink-cli/rm-command#delete-an-object) ------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe rm sj://cakes/cheesecake.jpg ./uplink.exe rm sj://cakes/cheesecake.jpg CopyCopied! ### [Delete an encrypted object](https://storj.dev/dcs/api/uplink-cli/rm-command#delete-an-encrypted-object) If an object has been created with another encryption key, you won't be able to read it, but you can delete it. In order to delete an encrypted object, you have to know its encrypted path. To retrieve it, you can use the list command [ls](https://storj.dev/dcs/api/uplink-cli/ls-command) with the encrypted file. For instance, to list the encrypted path of the objects in a bucket `sj://cakes` you could use: windowslinuxmacos ./uplink.exe ls sj://cakes --encrypted ./uplink.exe ls sj://cakes --encrypted CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/H3aTNgsLuQGUyyzoHvuOF_rm-01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/H3aTNgsLuQGUyyzoHvuOF_rm-01.png) You can then use this path to delete the encrypted object: windowslinuxmacos ./uplink.exe rm --encrypted sj://cakes/Ao8rmi2hw5v8_SS2GRokJwqkzQ2j9wXRH2Ll-1owEGPwIWMyu8tj5YCCig== ./uplink.exe rm --encrypted sj://cakes/Ao8rmi2hw5v8_SS2GRokJwqkzQ2j9wXRH2Ll-1owEGPwIWMyu8tj5YCCig== CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/312jWiPeE9_7b2PweTHUZ_rm-02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/312jWiPeE9_7b2PweTHUZ_rm-02.png) [Delete a pending object](https://storj.dev/dcs/api/uplink-cli/rm-command#delete-a-pending-object) --------------------------------------------------------------------------------------------------- To see a pending objects: windowslinuxmacos ./uplink.exe ls --pending sj://cakes/ ./uplink.exe ls --pending sj://cakes/ CopyCopied! To delete a pending object: windowslinuxmacos ./uplink.exe rm --pending sj://cakes/cheesecake.jpg ./uplink.exe rm --pending sj://cakes/cheesecake.jpg CopyCopied! [Delete an object with a Governance object lock](https://storj.dev/dcs/api/uplink-cli/rm-command#delete-an-object-with-a-governance-object-lock) ------------------------------------------------------------------------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe rm --bypass-governance-retention sj://cakes/cheesecake.jpg ./uplink.exe rm --bypass-governance-retention sj://cakes/cheesecake.jpg CopyCopied! Previous [rb](https://storj.dev/dcs/api/uplink-cli/rb-command) Next [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) --- # mv - Storj Docs Moves a Storj object to another location in Storj [Usage](https://storj.dev/dcs/api/uplink-cli/mv#usage) ------------------------------------------------------- windowslinuxmacos ./uplink.exe mv SOURCE DESTINATION [flags] ./uplink.exe mv SOURCE DESTINATION [flags] CopyCopied! The `mv` command is used to move or rename objects within the same Storj project. The `mv` command uses a server-side move (rename) method, it does not incur a fee for downloading and will be performed with no delay. [Flags](https://storj.dev/dcs/api/uplink-cli/mv#flags) ------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `-r, --recursive` | Move all objects or files under the specified prefix or directory | | `-p, --parallelism int` | Controls how many objects will be moved in parallel (default 1) | | `--dryrun` | Print what operations would happen but don't execute them | | `--progress` | Show a progress bar when possible (default true) | | `--help`, `-h` | help for mv | [Global Flags](https://storj.dev/dcs/api/uplink-cli/mv#global-flags) --------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration (default "/home/user/.config/storj/uplink") | | `--summary` | prints a summary of what commands are available | | `--advanced` | when used with -h, prints advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/mv#examples) ------------------------------------------------------------- ### [Move an object within an existing bucket](https://storj.dev/dcs/api/uplink-cli/mv#move-an-object-within-an-existing-bucket) When the `mv` command is used to move a file within Storj, the CLI will move (rename) the object using the server-side method to rename the object. To move `cheesecake.jpg` within the existing bucket `cakes`, use the following command: windowslinuxmacos ./uplink.exe mv sj://cakes/cheesecake.jpg sj://cakes/New-York/cheesecake.jpg ./uplink.exe mv sj://cakes/cheesecake.jpg sj://cakes/New-York/cheesecake.jpg CopyCopied! You cannot use pattern expressions to specify which files to copy (e.g. `uplink mv sj://cakes/cheese* sj://cakes/New-York/` will not work). Also, you can only specify one source at a time. Sample Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fn1JZRT4fFBmNXrzIoBNU_output.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fn1JZRT4fFBmNXrzIoBNU_output.png) ### [Move an object from a one bucket to another](https://storj.dev/dcs/api/uplink-cli/mv#move-an-object-from-a-one-bucket-to-another) When the `mv` command is used to move an object from one Storj bucket to another Storj bucket, the CLI will use a server-side move method. To create a new bucket, we will use the `mb` command, as a move is possible only to an existing bucket. windowslinuxmacos ./uplink.exe mb sj://new-recipes ./uplink.exe mb sj://new-recipes CopyCopied! Bucket new-recipes created Bucket new-recipes created CopyCopied! Nested buckets are not supported, but you can use prefixes, as they would act almost like subfolders. To move an object from one bucket to another, use: windowslinuxmacos ./uplink.exe mv sj://cakes/New-York/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg ./uplink.exe mv sj://cakes/New-York/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg CopyCopied! Sample Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/20_CzBv8l7lU3s83u0GVS_output2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/20_CzBv8l7lU3s83u0GVS_output2.png) [Troubleshooting move errors](https://storj.dev/dcs/api/uplink-cli/mv#troubleshooting-move-errors) --------------------------------------------------------------------------------------------------- ### [ERROR: duplicate key value violates unique constraint "primary" (SQLSTATE 23505)](https://storj.dev/dcs/api/uplink-cli/mv#error-duplicate-key-value-violates-unique-constraint-primary-sqlstate-23505) uplink mv sj://cakes/New-York/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpgError: uplink: metaclient: metabase: unable to update object: ERROR: duplicate key value violates unique constraint "primary" (SQLSTATE 23505) uplink mv sj://cakes/New-York/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpgError: uplink: metaclient: metabase: unable to update object: ERROR: duplicate key value violates unique constraint "primary" (SQLSTATE 23505) CopyCopied! This error means that the destination object already exists. You should either use a different destination name/prefix or remove the existing object from the destination. To remove an object, use the [rm](https://storj.dev/dcs/api/uplink-cli/rm-command) command. Previous [meta get](https://storj.dev/dcs/api/uplink-cli/meta-command/meta-get-command) Next [rb](https://storj.dev/dcs/api/uplink-cli/rb-command) --- # Understanding Decentralized Cloud Storage - Storj Docs Decentralized data storage means more security and privacy. Decentralized cloud storage is more difficult to attack than traditional centralized data. On a decentralized network, files are broken apart and spread across multiple nodes. Storj uses Erasure Coding to distribute file pieces over many nodes located in different physical locations around the world.‌ There are more than a number of reasons why you may wish to utilize **decentralized storage** over legacy alternatives, namely:‌ * Privacy & Security * Simple and economical pricing * Ease of integration One of the main motivations for preferring decentralization is to drive down infrastructure costs for maintenance, utilities, and bandwidth. We believe that there are significant underutilized resources at the edge of the network for many smaller operators. In our experience building decentralized storage networks, we have found a long-tail of resources that are presently unused or underused that could provide an affordable and geographically distributed cloud storage.‌ Our decentralization goals for fundamental infrastructure, such as storage, are also driven by our desire to provide a viable alternative to the few major centralized storage entities who dominate the market at present. We believe that there exists inherent risk in trusting a single entity, company, or organization with a significant percentage of the world’s data. In fact, we believe that there is an implicit cost associated with the risk of trusting any third party with custodianship of personal data.‌ [Unique Advantages of Decentralized Storage](https://storj.dev/learn/concepts/decentralization#unique-advantages-of-decentralized-storage) ------------------------------------------------------------------------------------------------------------------------------------------- **​**[Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) **:** the [cryptographic](https://en.wikipedia.org/wiki/Cryptographic) technique of [encrypting](https://en.wikipedia.org/wiki/Encrypting) data on the sender's side, before it is transmitted to a [server](https://en.wikipedia.org/wiki/Server_(computing)) such as a cloud storage service. Client-side encryption features an encryption key that is not available to the service provider (in this case, Storj), making it difficult or impossible for service providers to decrypt hosted data. Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy. (Source: [https://en.wikipedia.org/wiki/Client-side\_encryption](https://en.wikipedia.org/wiki/Client-side_encryption) )‌ **​**[File Redundancy](https://storj.dev/learn/concepts/file-redundancy) : In [coding theory](https://en.wikipedia.org/wiki/Coding_theory) , an erasure code is a [forward error correction](https://en.wikipedia.org/wiki/Forward_error_correction) (FEC) code under the assumption of bit erasures (rather than bit errors), which transforms a message of k symbols into a longer message (code word) with n symbols such that the original message can be recovered from a subset of the n symbols. The fraction r = k/n is called the [code rate](https://en.wikipedia.org/wiki/Code_rate) . The fraction k’/k, where k’ denotes the number of symbols required for recovery, is called reception efficiency. (Source: [https://en.wikipedia.org/wiki/Erasure\_code](https://en.wikipedia.org/wiki/Erasure_code) ).​ [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bezZFK_OlDdAc1AcROTNv_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bezZFK_OlDdAc1AcROTNv_image.png) You can learn more about erasure codes in Storj under the [File Redundancy](https://storj.dev/learn/concepts/file-redundancy) section under Concepts.‌ **​Data Repair** is necessary when the number of available pieces of a file still held on the network approaches the minimum threshold below which it would become impossible to recover the file. When we reach this threshold, the network will proceed to repair the data in such a way that the number of available pieces is always big enough to prevent the file from becoming irretrievable.‌ You can learn more about data repair in Storj under the [File Repair](https://storj.dev/learn/concepts/file-repair) section under Concepts.‌ **​File Audit** is the action of testing if a random piece can successfully be retrieved from a node that is storing it. File Audits are continually applied to assure the durability of the files on Storj.‌ The audit service is a highly scalable and performant analog to the consensus mechanism, typically a distributed ledger, used in other decentralized storage services. **​** Previous [Data Structure](https://storj.dev/learn/concepts/data-structure) Next [Coordination Avoidance](https://storj.dev/learn/concepts/decentralization/coordination-avoidance) --- # Create an Access Grant - Storj Docs You need to have a satellite account and installed Uplink CLI as described in [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) Navigate to the **Access** page within your project and then click on **Create Access Grant**. A modal window will pop up where you should enter a name for this access grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tDPWIcmlm5DNtndvZZ-oi_create-access-1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tDPWIcmlm5DNtndvZZ-oi_create-access-1.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/empZoglAtQ5qKj1VJRPj1_create-access-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/empZoglAtQ5qKj1VJRPj1_create-access-2.png) If you click **Encrypt My Access**, our client-side javascript will finalize your access grant with your encryption passphrase. Your data will remain end-to-end encrypted until you explicitly register your access grant with [Getting started](https://storj.dev/dcs/getting-started) for S3 compatibility. Only then will your access grant be shared with our servers. Storj does not know or store your encryption passphrase. However, if you are still reluctant to enter your passphrase into our web application, that's completely understandable, and you should cancel creation of Access Grant in Web UI, select **Create Keys for CLI** and follow these [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) . **The instructions below assume you selected \_Encrypt My Access.**\_ **Assign the permissions** you want this access grant to have, then click on **Encrypt My Access**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/0uBSt2BPz_u4bP9mCtKyN_create-access-3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/0uBSt2BPz_u4bP9mCtKyN_create-access-3.png) Select a **Passphrase** type: Either **Enter** your own **_Encryption Passphrase_** or **Generate** a 12-Word **_Mnemonic Passphrase_**. Make sure you **save your encryption passphrase** as you'll not be able to reset this after it's created. **Enter the Encryption Passphrase** you used for your other access grants. If this is your first access grant, we strongly encourage you to use a mnemonic phrase as your encryption passphrase (The GUI automatically generates one on the client-side for you.) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yjlB4DU8MBNHzdSohxzUN_create-access-4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yjlB4DU8MBNHzdSohxzUN_create-access-4.png) **This passphrase is important!** Encryption keys derived from it are used to encrypt your data at rest, and your data will have to be re-uploaded if you want it to change! Importantly, if you want two access grants to have access to the same data, **they must use the same passphrase**. You won't be able to access your data if the passphrase in your access grant is different than the passphrase you uploaded the data with. Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. Click either on the **Copy to clipboard** link or **Download .txt** and then confirm that you copied your Encryption Phrase to a safe place. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/APMVw5JzZ74NLaYNPI7AS_create-access-5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/APMVw5JzZ74NLaYNPI7AS_create-access-5.png) Click the **Create my Access** link to finish generating of Access Grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hmCrRyczE1pi8g7jo2GN2_create-access-6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hmCrRyczE1pi8g7jo2GN2_create-access-6.png) Access Grant is generated. **The Access Grant will only display once.** Save this information in a password manager or wherever you prefer to store sensitive information. Previous [Uploading Your First Object CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object) Next [Set Up Uplink CLI with Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/set-up-uplink-cli) --- # Uploading Your First Object CLI - Storj Docs Install and configure the CLI and follow the steps below to upload your first object to Storj. Every time you upload a file, the Storj CLI will do all the heavy lifting - encrypt the data using [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) (including path and metadata), break large files into 64MB Segments (or for smaller files into a single segment), then erasure code the segments, breaking each segment into 80 pieces, then distributing those pieces over our network of thousands of independently operated storage nodes. All of that happens in the background with a simple `cp` command. * [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) * [Set Up Uplink CLI with Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/set-up-uplink-cli) * [Create a Bucket](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-a-bucket) * [Upload an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object) * [View Distribution of an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/view-distribution-of-an-object) Previous [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) Next [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) --- # Dashboard - Storj Docs [Introduction](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard#introduction) ------------------------------------------------------------------------------------------------------------ How to monitor the activity of your storage node. [Storage Node Operator Web Dashboard](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard#storage-node-operator-web-dashboard) ---------------------------------------------------------------------------------------------------------------------------------------------------------- When you finish the Windows installation for your Storage Node, a Windows shortcut will automatically be created that will open the [Storage Node Operator Dashboard](https://www.storj.io/blog/introducing-the-storage-node-operator-dashboard) in your web browser. [![Storage Node operator dashboard shortcut](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/it9buKyErECErUKJsgp0K_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/it9buKyErECErUKJsgp0K_pasted-image-0.png) You can also access the dashboard by opening the following URL in your web browser: [Directly on your node:](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard#directly-on-your-node) ------------------------------------------------------------------------------------------------------------------------------- http://127.0.0.1:14002/ http://127.0.0.1:14002/ CopyCopied! ### [Device on local network:](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard#device-on-local-network) http://:14002/ http://:14002/ CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bzDqQXIjDew3HgO7XD1ly_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/bzDqQXIjDew3HgO7XD1ly_image.png) Previous [Storage Node](https://storj.dev/node/get-started/install-node-software/gui-windows/storage-node) Next [QNAP Storage Node App](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app) --- # Setting Up Commercial Storage Nodes - Storj Docs This guide is tailored for Cloud Operations Engineers who manage multiple racked servers, data centers, and enterprise-grade facilities and wish to run [Commercial Storage Nodes](https://storj.dev/node/commercial-node) . Please note that joining the Commercial Storage Node Operator Program is a prerequisite for this setup. This guide is for Commerical Storage Nodes, if you're looking to join the public network follow [Quickstart Node Setup](https://storj.dev/node/get-started/setup) instead. [Prerequisites](https://storj.dev/node/commercial-node/setup#prerequisites) ---------------------------------------------------------------------------- * Admitted into the Commercial Storage Node Operator Program ([request to join the program](https://www.storj.io/partners/commercial-nodes) ) * Understand the [difference between Public and Commercial Storage Nodes](https://storj.dev/node/commercial-node#how-does-it-compare-to-the-public-network) [Setup](https://storj.dev/node/commercial-node/setup#setup) ------------------------------------------------------------ A commercial Storage Node runs the same software as a public Storage Node, but is not subject to the same restrictions. Run one Storage Node per hard drive. If you have a virtualized environment, try to target the nodes size to be similar to the average drive size underlying that virtualized environment. So if the infrastructure is mostly on 10 TB HDD then set the node size to be 10 TB. Follow Steps 1 through 5 in the [Storage Node setup guide](https://storj.dev/node/get-started/setup) for each Commercial Storage Node: [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) [Step 5. Install Node Software](https://storj.dev/node/get-started/install-node-software) For step 6, Commercial Storage Nodes require additional environment variables STORJ_STORAGE2_TRUST_SOURCES="https://www.storj.io/trusted-satellites-soc2"WALLET="0x0000000000000000000000000000000000000000" STORJ_STORAGE2_TRUST_SOURCES="https://www.storj.io/trusted-satellites-soc2"WALLET="0x0000000000000000000000000000000000000000" CopyCopied! [Multi Storage node per host](https://storj.dev/node/commercial-node/setup#multi-storage-node-per-host) -------------------------------------------------------------------------------------------------------- Since it's recommended to run one Storage Node per drive a [sample ansible configuration](https://storj.dev/node/commercial-node/setup/ansible) is provided for some ideas on how to manage the nodes. Metrics for the Storage nodes can also be setup by following [the node dashboard guide](https://storj.dev/node/commercial-node/dashboard) . [Auto updating](https://storj.dev/node/commercial-node/setup#auto-updating) ---------------------------------------------------------------------------- To ensure optimal functionality and security, it's mandatory to update your nodes to at least the minimum required version (usually updates every 2 to 3 weeks). We recommend utilizing the built-in auto-updater in the Storage Node docker image for hassle-free updates. [Node acceptance](https://storj.dev/node/commercial-node/setup#node-acceptance) -------------------------------------------------------------------------------- Once you have 1 or more Storage Nodes running, reply back to your contact with a csv file or document of all your Storage node IDs. The vetting process will begin and if the nodes are acceptable, they will be enabled to receive data. Previous [Commercial Node](https://storj.dev/node/commercial-node) Next [Sample Ansible Configuration](https://storj.dev/node/commercial-node/setup/ansible) --- # Understanding the Multi-region Availability - Storj Docs This section provides a high-level description of the default high availability, multi-region architecture. Breaking the Storj service into multiple peer classes on the network provides the maximum flexibility to network participants. While the majority of the network is operated by third parties, the components and architecture are all designed to be inherently multi-region to meet strict SLAs for availability and durability. [Storage Nodes](https://storj.dev/learn/concepts/multiregion-availability#storage-nodes) ----------------------------------------------------------------------------------------- One key to the durability of the network is the distribution of data over a heterogeneous network of statistically uncorrelated nodes. Since the storage nodes are operated by different people, in different regions, on different power supplies, with different internet connections, etc., the risk of failure is highly distributed. While the risk of failure for any individual node is very low, the risk of 51 out of 80 nodes failing simultaneously is astronomically low. [Satellites](https://storj.dev/learn/concepts/multiregion-availability#satellites) ----------------------------------------------------------------------------------- While the network of Storage Nodes is inherently multi-region, customers frequently ask whether the Satellites that host the metadata and are critical to the storage and retrieval of data are also multi-region. Storj Satellites operated by Storj are also inherently multi-region. A specific Satellite instance does not necessarily constitute one server. A Satellite may be run as a collection of servers and be backed by a horizontally scalable trusted database for higher uptime. Storj operates clusters of Satellites in regions, with all Satellites in a region sharing a multi-region, distributed back end. This configuration provides a highly resilient and available architecture in which the loss of any Satellite service, an entire Satellite or the unavailability of a facility hosting a Satellite has no impact on the availability of data stored on the network. [Gateways](https://storj.dev/learn/concepts/multiregion-availability#gateways) ------------------------------------------------------------------------------- Storj also operates a global network of highly available, distributed S3-compatible gateways. Each gateway is operated in a high availability environment, typically in Equinix data centers, with BGP-enabled global routing, where the loss of any one gateway has no impact of the availability of data. Applications are always routed to the closest available gateway to optimized for low latency and high performance. Previous [Key Management for Multi-tenant Data Partitioning and Isolation](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management) Next [S3 Compatibility](https://storj.dev/learn/concepts/s3-compatibility) --- # access create - Storj Docs This command allow you to create and print the Access Grant to `stdout`, export it to a file or import it as an access to Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#usage) --------------------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access create [flags] ./uplink.exe access create [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#flags) --------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--passphrase-stdin` | If set, the passphrase is read from `stdin`, and all other values must be provided | | `--satellite-address string` | Satellite address from satellite UI (prompted if unspecified) | | `--api-key string` | API key from satellite UI (prompted if unspecified) | | `--import-as string` | Import the access as this name | | `--export-to string` | Export the access to this file path | | `--unencrypted-object-keys` | If set, the created access grant won't encrypt object keys | | `-f, --force` | Force overwrite an existing saved access | | `--use` | Switch the default access to the newly created one | [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#global-flags) ----------------------------------------------------------------------------------------------- | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--summary` | prints a summary of what commands are available | | `--advanced` | when used with -h, prints advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#examples) --------------------------------------------------------------------------------------- ### [Create an Access Grant without prompts](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#create-an-access-grant-without-prompts) As result it will print the created access grant to `stdout`. windowsmacoslinux ./uplink.exe access create ./uplink.exe access create CopyCopied! 18yMsZpg6ZQdz........ 18yMsZpg6ZQdz........ CopyCopied! ### [Create an Access Grant with unencrypted keys](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#create-an-access-grant-with-unencrypted-keys) You will create an access grant without keys encryption (see [Storj Managed vs. Self-Managed Encryption S3 Compatibility Differences](https://storj.dev/dcs/api/s3/s3-compatibility/storj-vs-self-managed-encryption-s3-compatibility-differences) ). windowsmacoslinux ./uplink.exe access create --unencrypted-object-keys ./uplink.exe access create --unencrypted-object-keys CopyCopied! 17frjuufklfdl....... 17frjuufklfdl....... CopyCopied! ### [Create an Access Grant and export to the file](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#create-an-access-grant-and-export-to-the-file) You will export the created access grant to the file. windowsmacoslinux ./uplink.exe access create --export-to access.txt ./uplink.exe access create --export-to access.txt CopyCopied! Exported access to: /home/user/access.txt Exported access to: /home/user/access.txt CopyCopied! ### [Create an Access Grant and import it to Uplink](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#create-an-access-grant-and-import-it-to-uplink) You will import the created access grant to Uplink as a named access. windowsmacoslinux ./uplink.exe access create --import-as us2 ./uplink.exe access create --import-as us2 CopyCopied! Imported access "us2" to "/home/user/.config/storj/uplink/access.json" Imported access "us2" to "/home/user/.config/storj/uplink/access.json" CopyCopied! ### [Create an Access Grant and replace the existing access](https://storj.dev/dcs/api/uplink-cli/access-command/access-create#create-an-access-grant-and-replace-the-existing-access) You will import the created access grant to uplink as a named access and replace it if it exists. windowsmacoslinux ./uplink.exe access create --import-as us2 --force ./uplink.exe access create --import-as us2 --force CopyCopied! Imported access "us2" to "/home/user/.config/storj/uplink/access.json" Imported access "us2" to "/home/user/.config/storj/uplink/access.json" CopyCopied! Previous [access](https://storj.dev/dcs/api/uplink-cli/access-command) Next [access export](https://storj.dev/dcs/api/uplink-cli/access-command/access-export) --- # Exploring Encryption Mechanisms - Storj Docs This section describes the encryption mechanisms used on Storj and describes supported approaches to data and metadata encryption. Separate and distinct from the topic of access management, a number of different levels and applications of strong encryption are applied throughout the Storj service. Within the encryption paradigm, there are design choices that impact the level of privacy and security of an application. **Key Point:** Storj provides several approaches to developing more secure and private applications and your choice of integration pattern will allow you to make an informed decision on the right type of encryption to provide the commensurate level of privacy and security for your application data. Previous [Auth Service](https://storj.dev/learn/concepts/edge-services/auth-service) Next [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) --- # Glossary of Storj Network Terms - Storj Docs The Storj service uses an array of different technologies such as strong encryption and erasure codes to ensure a differentiated level of privacy and security across a network of peer classes. Some of the terms we use may be familiar and some may be new, but if you see a word you don't recognize or see a familiar word in a different context, you'll probably find a useful definition here: 1. **Peer Class** A cohesive collection of network services and responsibilities. There are three different peer classes that represent services in our network: storage nodes, Uplinks, and Satellites. 2. **Storage Node** This peer class stores data for others, and gets paid for storage and bandwidth. All data stored on storage nodes is client-side encrypted and erasure coded. 3. **Uplink** This peer class represents any application or service that implements libuplink and stores and/or retrieves data. This peer class is not necessarily expected to remain online like the other two classes and is relatively lightweight. This peer class performs encryption, erasure encoding, and coordinates with the other peer classes on behalf of the customer/client. Object data stored by the Uplink client is encrypted by the Uplink client, including metadata. 1. **Libuplink** A library which provides all necessary functions to interact with storage nodes and Satellites directly. This library will be available in a number of different programming languages. 2. **Gateway** A service which provides a compatibility layer between other object storage services such as Amazon S3 and libuplink exposing an Amazon S3-compatible API. 1. **Gateway ST -** a single-tenant, self-hosted S3-compatible gateway service provided as part of the Storj developer tools/SDK 2. **Gateway MT** **\-** a multi-tenant, multi-region, cloud-hosted S3-compatible gateway service provided as part of the Storj service. We consider this service server-side encrypted instead of end-to-end encrypted because this service temporarily manages encryption for you. While more complex, this can be run on your own infrastructure. 3. **Linksharing/webhosting -** a gateway for standard HTTP requests, so you can share objects with users via a web browser or even host full websites. This can also be run on your own infrastructure if preferred. 3. **Uplink** **CLI** A command line interface for uploading and downloading files from the network, managing permissions and sharing, and managing accounts. 4. **Satellite** - A peer class and one of the primary components of the Storj network. The satellite participates in the node discovery system, caches node address information, stores per-object metadata, maintains storage node reputation, aggregates billing data, pays storage nodes, performs audits and repair, and manages authorization and user accounts. Users have accounts on and trust specific Satellites. Any user can run their own Satellite, but we expect many users to elect to avoid the operational complexity and create an account on another Satellite hosted by a trusted third party such as Storj Labs, a friend, group, or workplace. Storj Labs satellites are operated under the Storj brand. This component has a couple of main responsibilities: 1. developer account registration & management, 2. API credential & access management, 3. billing & payment, 4. audit & repair, 5. garbage collection & other chores. 5. **Satellite Developer Account** - Basic information about users is stored and used to allow users to access Storj. User account data includes user name, email, password, and payment methods. User account data is not client-side encrypted so that it may be rendered in the satellite user interface. 6. **Strong Encryption** - a strong encryption algorithm is one that can guarantee the confidentiality of sensitive data. The time and cost of the compute resources required to decrypt data encrypted via a strong encryption method is either not possible, feasible, or economically justifiable, within the usable lifespan of the data. 7. **Weak Encryption** - a weak encryption algorithm is one that cannot guarantee the confidentiality of sensitive data. Antiquated encryption algorithms such as DES (or even 3DES) no longer provide sufficient protection for use with sensitive data. Encryption algorithms rely on key size as one of the primary mechanisms to ensure cryptographic strength. Cryptographic strength is often measured by the time and computational power needed to generate a valid key. Advances in computing power and cryptanalytic techniques have made it possible to obtain small encryption keys in a reasonable amount of time. For example, the 56-bit key used in DES posed a significant computational hurdle in the 1970s when the algorithm was first developed, but today DES can be cracked in less than a day using commonly available equipment. 8. **Backdoor** - A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network or software application. 9. **Open-source** - Open source software is software with source code that anyone can inspect, modify, and enhance. 10. **Privacy Policy** - A privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. It is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the user what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific. 11. **Data Element Definitions** - Object data stored on the network is structured in a way that maps to constructs consistent with traditional object storage generally, with aspects that also include attributes adapted to the distributed storage model. 1. **Project** - A project is the basic unit for aggregating usage, calculating billing, invoicing fees, and collecting payment. Currently, user accounts are limited to a handful of Projects by default, but users can request and pay for more. Multiple users may be added to a project team. Within a Project, usage is tracked at the bucket level and aggregated for invoicing to the project. Project names are not client-side encrypted so that they may be rendered in the satellite user interface. 2. **Bucket** - A bucket is an unbounded but named collection of files identified by paths. Every object has a unique object key (or path) within a bucket. Bucket names are not client-side encrypted so that they may be rendered in the satellite user interface. 3. **Object Key (or Path)** - An object key is a unique identifier for an object (or file) within a bucket. An object key is an arbitrary string of bytes. Object keys contain forward slashes at access control boundaries. Forward slashes (referred to as the path separator) separate path components. An example path might be videos/carlsagan/gloriousdawn.mp4, where the path components are videos, carlsagan, and gloriousdawn.mp4. Object keys are client-side encrypted. 4. **Object or file** - An object (or file) is the main data type in our system. An object is referred to by an object key, contains an arbitrary amount of bytes, and has no minimum or maximum size. An object is represented by an ordered collection of one or more segments. Segments have a fixed maximum size. An object also supports a limited amount of key/value user- defined fields in which to store user metadata. Like object keys, the object data is client-side encrypted. 5. **Segment** - A segment represents a single array of bytes, between 0 and a system-configurable maximum segment size. The max Segment size on Storj Satellites is 64MB. An object smaller than 64MB is stored as one segment. Objects larger than 64MB are stored in multiple 64MB Segments. Each Segment is stored as pieces on the network. Only a subset of pieces of the total are required to reconstitute a Segment. All Segments are required to reconstitute an Object. Segment data is client-side encrypted. 1. **Remote Segment** - A remote segment is a segment that will be erasure encoded and distributed across the network. A remote segment is larger than the metadata required to keep track of its bookkeeping, which includes information such as the IDs of the nodes that the data is stored on. Remote segment data is client-side encrypted. 2. **Inline Segment** - An inline segment is a segment that is small enough where the data it represents takes less space than the corresponding data a remote segment will need to keep track of which nodes had the data. In these cases, the data is stored “inline” instead of being stored on nodes. Inline segment data is client-side encrypted. 6. **Stripe** - A stripe is a further subdivision of a segment. A stripe is a fixed amount of bytes that is used as an encryption and erasure encoding boundary size. Erasure encoding happens on stripes individually, whereas encryption may happen on a small multiple of stripes at a time. All segments are encrypted, but only remote segments erasure encode stripes. A stripe is the unit on which audits are performed. See whitepaper section 4.8.3 for more details. Stripe data is client-side encrypted. 7. **Erasure Share** - When a stripe is erasure encoded, it generates multiple pieces called erasure shares. Only a subset of the erasure shares is needed to recover the original stripe. Each erasure share has an index identifying which erasure share it is (e.g., the first, the second, etc.). Data is client-side encrypted before it is erasure coded into erasure shares. 8. **Piece** - When a remote segment’s stripes are erasure encoded into erasure shares, the erasure shares for that remote segment with the same index are concatenated together, and that concatenated group of erasure shares is called a piece. If there are _n_ erasure shares after erasure encoding a stripe, then there are _n_ pieces after processing a remote segment. The \_i\_th piece is the concatenation of all of the \_i\_th erasure shares from that segment’s stripes. See whitepaper section 4.8.5 for more details. Pieces are client-side encrypted before they are erasure coded into erasure shares. 9. **Metadata** - Metadata is data that is stored about the objects stored on the service. Metadata includes object key data, pointer data, the encrypted per-object randomized salted encryption key-related data, and user-defined metadata. Metadata is client-side encrypted. 10. **Pointer** - A pointer is a subset of metadata that is data structure that either contains the inline segment data, or keeps track of which storage nodes the pieces of a remote segment were stored on, along with other per-file metadata. Pointer data is not client side encrypted, so that a Satellite can repair a segment and replace the location of pieces. 12. **Erasure Code Definitions** - Data redundancy on the network is achieved using erasure codes. Erasure coding is a means of data protection in which data is broken into pieces, where each piece is expanded and encoded with redundant data. The pieces are then stored across a set of different storage locations to reduce the risk of data loss due to the loss of any one data location. 1. **Erasure Code Ratio** - An erasure code is often described as a ratio of two numbers, _k_ and _n_. If a block of data is encoded with a _k_, _n_ erasure code, there are _n_ total generated erasure shares, where only any _k_ of them are required to recover the original block of data! It doesn’t matter if you recover all of the even numbered shares, all of the odd numbered shares, the first _k_ shares, the last _k_ shares, whatever. Any _k_ shares can recover the original block. 2. **Expansion Factor** - The amount of extra data stored to achieve redundancy based on achievement of a target durability. Expansion factor for a durability measurement achieved via erasure codes is calculated by dividing _n_ by _k_. Expansion factor for a durability measurement achieved via replication is calculated by multiplying the number of replicas by 100%. At any given expansion factor, erasure codes have a significantly higher durability than replication. 3. **Erasure Code Variables** 1. **_k_ = 29** – This is the number of pieces required to recreate a Segment. Any 29 of the pieces of a Segment can be used to reconstitute a Segment 2. **_m_ = 35** – This is the number of pieces an Uplink will attempt to download when downloading a Segment. The Uplink will cut off any piece downloads after 29 pieces have been downloaded. The Uplink attempts to download more pieces than needed to eliminate the long-tail effect of dependency on the slowest Storage Node. Note that m is also the repair threshold for a Segment. Satellites track when Storage Nodes fail or leave the network making pieces unavailable. If too many storage nodes become unavailable, putting the potential durability of a Segment at risk, the Satellite will recreate the missing pieces via file repair and store the repaired pieces on diverse, health storage nodes. The repair threshold may be overwritten and for Storj Satellites, and is set to 54. 3. **_o_ = 80** – The maximum number of pieces stored for a Segment 4. **_n_ = 130** – The number of pieces an Uplink attempts to upload to diverse Storage Nodes when uploading a Segment. 13. **Multipart Upload** Multipart Upload is a function that allows large files to be broken up into smaller pieces for more efficient uploads. When an object is uploaded using Multipart Upload, a file is first broken into parts, each part of a Multipart Upload is also stored as one or more Segments. With Multipart Upload, a single object is uploaded as a set of parts. Each part is an integral portion of the data comprising the object. The object parts may be uploaded independently, in parallel, and in any order. Uploads may be paused and resumed by uploading an initial set of parts, then resuming and uploading the remaining parts. If the upload of any part fails, that part may be re-uploaded without impacting the upload of other parts. All of these parts are broken into one or more Segments by the Storj Gateway based on whether the Part Size is smaller or larger than the default Segment size. While Multipart Upload is most appropriate for files larger than the 64MB default Segment size, the Part Size is configurable in applications that use Multipart Upload. 1. **Part** - a single piece of an object that has been separated into multiple piece during a MultiPart Upload. 14. **Graceful Exit** A function by which a storage node can transition the data it stores to other nodes on the network, without triggering the repair process for the purpose of exiting the network. 15. **Value Attribution** Through our partner program, we offer a variety of programs for partners who refer business to us. We track referrals using Value Attribution. 1. **Value Attribution Code** Partners have a code that is passed by and to a User Agent to track Storj usage associated with a partner's application. 16. **Encryption-related Terms** 1. **Segment**: The largest subdivision of an object or part. All the segments of an object or part are usually the same size. In most cases, the last segment will be smaller than the rest. 2. **Object key or path**: The representation for a object's "location." Paths are essentially an arbitrary number of strings delimited by slashes (e.g. this/is/an/object.txt). On the Storj network, the Satellite uses object keys to keep track of object metadata as well as pointers to storage nodes that possess encrypted object content. 3. **Root Secret**: The private client-side encryption key defined in the client configuration that used to derive keys for encrypting and decrypting data stored on the service. 4. **Object encryption key**: A key derived from the root secret and the object key. There is a different path key for every path component in a forward-slash separated object key, and each path component is used to derive new path keys for lower level path items. 5. **Random Key**: A randomly generated key used to encrypt segment content and metadata. 6. **Derived key**: A key derived from the path key for the lowest level path element. The derived key is used to encrypt the random key before it is stored in a segment’s metadata. 7. **HMAC**: Hash-based message authentication code. We generate HMACs using path elements and encryption keys in order to derive new keys for lower levels of the path. Using hashes makes it easy to generate lower level keys from higher levels without making it possible to generate higher level keys from lower level ones. 8. **AES-GCM**: An authenticated encryption algorithm that makes use of the Advanced Encryption Standard and uses the Galois/Counter mode for encrypting blocks. 9. **Secretbox**: An authenticated encryption algorithm from the NaCl library that combines the Salsa20 encryption cipher and Poly1305 message authentication code. 17. **Access Management-related Terms** 1. **Access Grant:** An encoded string that contains an API Key, an Encryption store, and the address of the Satellite storing the object metadata for the purpose of sharing access to objects stored on Storj. 2. **API Key**: A string generated for a project to authorize access management to data on the service. The API key is an authorization token based on an implementation called macaroons and is sent to the Satellite in order to authorize requests. 3. **Encryption store**: a collection of encryption key information used to allow a user to access one or more objects, object key prefixes, or buckets. 4. **Restricted Access Grant**: An access grant derived from another access grant with one or more restrictions applied to the internal API key, encryption store, or most commonly both. 5. **Caveat**: an access restriction that is encoded into an API key that is generated client side and is interpreted by a satellite. Current supported restrictions are: 1. **Specific Operations**​: Caveats can restrict whether an API Key can perform any of the following operations: Read, Write, Delete, List. 2. **Bucket**:​Caveats can restrict whether an API Key can perform operations on one or more Buckets. 3. **Path and Path Prefix**:​ Caveats can restrict whether an API Key can perform operations on objects within a specific path in the object hierarchy. These caveats are also applied to the encryption store, when added, thus removing unnecessary decryption information from restricted access grants. 4. **Time Window**​: Caveats can restrict when an API Key can perform operations on objects stored on the service, either before or after a specified date/time or between to dates/times. Previous [Coordination Avoidance](https://storj.dev/learn/concepts/decentralization/coordination-avoidance) Next [Edge Security Models](https://storj.dev/learn/concepts/security-models) --- # CLI Install - Storj Docs [Before starting](https://storj.dev/node/get-started/install-node-software/cli#before-starting) ------------------------------------------------------------------------------------------------ Failure to complete these steps will prevent your storage node from working. [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) Previous [Step 5. Install Node Software](https://storj.dev/node/get-started/install-node-software) Next [Docker](https://storj.dev/node/get-started/install-node-software/cli/docker) --- # GUI Install - Windows - Storj Docs [Before starting](https://storj.dev/node/get-started/install-node-software/gui-windows#before-starting) -------------------------------------------------------------------------------------------------------- Failure to complete these steps will prevent your storage node from working. [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) Previous [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) Next [Storage Node](https://storj.dev/node/get-started/install-node-software/gui-windows/storage-node) --- # Setting Up a Dashboard for Commercial Storage Nodes - Storj Docs This guide assists commercial Storage Node operators in setting up advanced monitoring using Prometheus and Grafana. There are alternative monitoring tools that also will work. Consider the following as guidelines rather than a strict requirement for how to do it. This guide is for Commerical Storage Nodes, if you're looking to join the public network follow [Quickstart Node Setup](https://storj.dev/node/get-started/setup) instead. [Prerequisites](https://storj.dev/node/commercial-node/dashboard#prerequisites) -------------------------------------------------------------------------------- * Familiarity with or installed [Prometheus](https://prometheus.io/docs/prometheus/latest/installation/) * Familiarity with or installed [Grafana](https://grafana.com/docs/grafana/latest/setup-grafana/installation/) [Metrics](https://storj.dev/node/commercial-node/dashboard#metrics) -------------------------------------------------------------------- Storage nodes have a Prometheus metrics endpoint that can be scraped periodically for better insight on the health of your network. To enable the endpoint set the `STORJ_DEBUG_ADDR` or `--debug.addr` flag for each Storage node (incrementing the port by 1 if multiple nodes are on the same machine). STORJ_DEBUG_ADDR=127.0.0.1:6000 STORJ_DEBUG_ADDR=127.0.0.1:6000 CopyCopied! Visit 127.0.0.1:6000 for an overview page of monitoring capabilities. More specifically, the `/metrics` endpoint can be viewed for a more specific overview of what is available ### [Prometheus configuration](https://storj.dev/node/commercial-node/dashboard#prometheus-configuration) Next, create a `prometheus.yaml` configured to scrape the Storage nodes in your network. List each Storage Node's debug address and port as targets. `/metrics` is added by prometheus targets by default prometheus.yaml global: scrape_interval: 15sscrape_configs: - job_name: 'local-metrics' static_configs: - targets: - host.docker.internal:6000 # if prometheus and node are on the same docker host - host.docker.internal:6001 - 192.168.1.5:6000 - 192.168.1.5:6001 - 192.168.1.6:6000 - 192.168.1.6:6001 global: scrape_interval: 15sscrape_configs: - job_name: 'local-metrics' static_configs: - targets: - host.docker.internal:6000 # if prometheus and node are on the same docker host - host.docker.internal:6001 - 192.168.1.5:6000 - 192.168.1.5:6001 - 192.168.1.6:6000 - 192.168.1.6:6001 CopyCopied! Run the [Prometheus](https://prometheus.io/docs/prometheus/latest/installation/) docker container or update your existing Prometheus server config docker run -p 9090:9090 -v ./prometheus.yaml:/etc/prometheus/prometheus.yml prom/prometheus docker run -p 9090:9090 -v ./prometheus.yaml:/etc/prometheus/prometheus.yml prom/prometheus CopyCopied! Visit the Prometheus targets ([http://localhost:9090/targets](http://localhost:9090/targets) ) to see if the Storage Nodes are being successfully scraped. [Grafana Dashboard](https://storj.dev/node/commercial-node/dashboard#grafana-dashboard) ---------------------------------------------------------------------------------------- Once metrics are being successfully gathered, they can be visualized and analyzed with Grafana. Run the [Grafana](https://grafana.com/docs/grafana/latest/setup-grafana/installation/) docker container or add the following to your existing one. docker run -d --name=grafana -p 3000:3000 grafana/grafana-enterprise docker run -d --name=grafana -p 3000:3000 grafana/grafana-enterprise CopyCopied! Login to Grafana by visiting [http://localhost:3000](http://localhost:3000/) (username and password is `admin` by default). ### [Connect Prometheus to your Grafana instance](https://storj.dev/node/commercial-node/dashboard#connect-prometheus-to-your-grafana-instance) To view the metrics data in Grafana, you'll need to create a new Prometheus data source. 1. Click **Add new connection** from the left sidebar under connections. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/grafana-add-new-data-source.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/grafana-add-new-data-source.png) 2. Select **Prometheus** as the data source 3. Enter your Prometheus server URL (e.g. http://localhost:9090) under connections 4. Click **Save & test** ### [Add Storage Node Dashboard](https://storj.dev/node/commercial-node/dashboard#add-storage-node-dashboard) 1. Navigate to the Dashboards [http://localhost:3000/dashboards](http://localhost:3000/dashboards) 2. Click **Create Dashboard** in the middle of the screen or the **New** if you already have an existing one 3. Select the **Import a dashboard** option 4. Paste the JSON from [storage-node-grafana.json](https://storj.dev/storage-node-grafana.json) into **Import via dashboard JSON model** text area. 5. Click **Load** and **Import** to create the Dashboard. You've successfully setup your Storage node dashboard. It may say "No data" for each graph until an upload or download to your Storage Nodes occurs. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/grafana-storage-node-dashboard.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/grafana-storage-node-dashboard.png) Previous [Sample Ansible Configuration](https://storj.dev/node/commercial-node/setup/ansible) Next [Concepts](https://storj.dev/node/concepts) --- # Step 4. Create an Identity - Storj Docs [Before starting](https://storj.dev/node/get-started/identity#before-starting) ------------------------------------------------------------------------------- **Failure to complete these steps will prevent your storage node from working.** [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) [Introduction](https://storj.dev/node/get-started/identity#introduction) ------------------------------------------------------------------------- Every node is required to have a unique identifier on the network. [1\. Download the Identity Binary](https://storj.dev/node/get-started/identity#1-download-the-identity-binary) --------------------------------------------------------------------------------------------------------------- Open a terminal window as a usual user (not administrator or root) and paste the command for your OS: LinuxWindowsmacOS curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_amd64.zip -o identity_linux_amd64.zipunzip -o identity_linux_amd64.zipchmod +x identitysudo mv identity /usr/local/bin/identity curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_amd64.zip -o identity_linux_amd64.zipunzip -o identity_linux_amd64.zipchmod +x identitysudo mv identity /usr/local/bin/identity CopyCopied! ARM-based OS Raspberry PI: curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm.zip -o identity_linux_arm.zipunzip -o identity_linux_arm.zipchmod +x identitysudo mv identity /usr/local/bin/identity curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm.zip -o identity_linux_arm.zipunzip -o identity_linux_arm.zipchmod +x identitysudo mv identity /usr/local/bin/identity CopyCopied! Devices Capable of the AARCH64 Instruction Set: curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm64.zip -o identity_linux_arm64.zipunzip -o identity_linux_arm64.zipchmod +x identitysudo mv identity /usr/local/bin/identity curl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm64.zip -o identity_linux_arm64.zipunzip -o identity_linux_arm64.zipchmod +x identitysudo mv identity /usr/local/bin/identity CopyCopied! [2\. Create an identity](https://storj.dev/node/get-started/identity#2-create-an-identity) ------------------------------------------------------------------------------------------- **This can take several hours or days, depending on your machines processing power and luck.** Plan to run your Node on a NAS, Raspberry Pi or similar? Create your identity on a more powerful machine and transfer it over. LinuxWindowsmacOS identity create storagenode identity create storagenode CopyCopied! If you are unable to execute the command, be sure that you set your file permission to executable: `chmod +x identity` This process will continue until it reaches a difficulty of at least 36. On completion, it will look something like this: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ziCJkaXYzJYBRuLl0vyA2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ziCJkaXYzJYBRuLl0vyA2_image.png) [3\. Backup the identity](https://storj.dev/node/get-started/identity#3-backup-the-identity) --------------------------------------------------------------------------------------------- **Backup before you continue, it should be quick! 🙏** This allows you to restore your Node in case of an unfortunate hardware or OS incident. Use an external device and backup your identity folder: LinuxWindowsmacOS Your identity folder is located in:`~/.local/share/storj/identity/storagenode` On Raspberry Pi, your identity folder is located in: `/home/pi/.local/share/storj/identity/storagenode` [Optional: Move the identity to the subfolder in the storage location](https://storj.dev/node/get-started/identity#optional-move-the-identity-to-the-subfolder-in-the-storage-location) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- It's not required, but could prevent the storagenode from start, if the mounted disk is inaccessible. Unfortunately this trick will not help, if the disk would disappear while the storagenode running. [](https://storj.dev/node/get-started/identity#) ------------------------------------------------- Previous [macOS/FreeBSD Configuration for UDP](https://storj.dev/node/get-started/quic-requirements/macosfreebsd-configuration-for-udp) Next [Step 5. Install Node Software](https://storj.dev/node/get-started/install-node-software) --- # Encryption passphrase management comparison - Storj Docs When creating a new Storj project, users can choose between **Storj Managed Encryption** and **Self-Managed Encryption**. Each option offers distinct benefits and tradeoffs. Once selected, the encryption method cannot be changed for that project. This page explains the differences between these options to help users determine which approach best suits their needs. [Overview](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#overview) ------------------------------------------------------------------------------------------------------ **Storj Managed Encryption** is ideal for: * Users who want a streamlined web-based experience similar to other cloud storage providers. * Users who need to collaborate with others on the same project without managing passphrases manually. **Self-Managed Encryption** is best suited to: * Users who require complete control over their encryption keys. * Users with advanced or specialized encryption requirements. [Storj Managed Encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#storj-managed-encryption) -------------------------------------------------------------------------------------------------------------------------------------- * Encrypts objects using a passphrase stored (encrypted) in the satellite's database. * Users are not prompted for passphrases in the browser. * Applies at the project level, ensuring seamless access for all project members. * No path encryption and objects are listed in lexicographical order. [Self-Managed Encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#self-managed-encryption) ------------------------------------------------------------------------------------------------------------------------------------ * Encrypts data using a user-provided passphrase that is **not stored in the satellite's database**. * Users must remember and share their passphrase as needed; prompts appear in the browser for certain actions that require the passphrase. * Path encryption is enabled by default, requiring extra steps for lexicographical object listing. * Supports multiple passphrases within a project or bucket, though this practice is not recommended for most use cases. [Choosing the Right Option](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#choosing-the-right-option) ---------------------------------------------------------------------------------------------------------------------------------------- Storj offers both passphrase management methods to balance security, usability, and flexibility. Users prioritizing convenience and collaboration may prefer Storj-Managed Encryption, while those needing full control over encryption should opt for Self-Managed Encryption. [How to Select an Encryption Method](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption#how-to-select-an-encryption-method) ---------------------------------------------------------------------------------------------------------------------------------------------------------- When creating a new project, you will be presented with two options for managing the encryption for your data: * Automatic (Storj-managed encryption): Storj securely manages the encryption and decryption of your project automatically. * Self-Managed: You are responsible for securely managing your own data encryption passphrase. This selection is **final** for the project and cannot be changed later. Previous [How Encryption is Implemented](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented) Next [File Redundancy](https://storj.dev/learn/concepts/file-redundancy) --- # Understanding Server-Side Encryption - Storj Docs When it's important that your data and metadata are encrypted, but you require a simple and more compatible development approach, Storj provides a best-in-class integration. Strong encryption is critical to decentralized projects especially where a significant part of the infrastructure is run by independent third-party providers. Encryption is especially important with data storage to deliver security + privacy and ensure developers are in control of their data. It's also important to enable the broadest range of use cases for object storage, and some of those use cases rely on server-side encryption for privacy and security. [Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption#server-side-encryption) ---------------------------------------------------------------------------------------------------------------------------------------- The Storj hosted S3-compatible gateway service uses server-side encryption, following the industry standard practices for managing access credentials. When you generate a set of S3-compatible Gateway credentials from an Access Grant, your Access Grant is encrypted using your Access Key. That means that you are passing your decryption information to the Storj-hosted authservice running within GatewayMT. All data and metadata are still encrypted, and that encryption is compatible with the rest of the Storj encryption ecosystem. That means even though your data is encrypted via the hosted gateway, client applications using Uplink CLI, libuplink library, a variety of developer tools including FileZilla and Rclone, and the self-hosted GatewayST can be used to interact with your data using an Access Grant with the same encryption passphrase. Whether you create an Access Grant in the Satellite Admin Console, or you use one of the uplink clients, you, and only you have access to your encryption key. Within the Storj encryption ecosystem, all of the tools are interoperable and encryption is easily managed between tools. In terms of interoperability, the Storj S3-compatible gateway is also compatible with Amazon's S3 encryption tools, and if you use the Amazon encryption tools, not only will your object data be encrypted, but also the path and metadata as well. One thing to remember is that if you use the Amazon encryption ecosystem, it will only be decryptable in the way you encrypted it, and the Uplink CLI and other tooling won't be able to do it for you. Of course, if end-to-end encryption is important to your use case and you also want the convenience of the hosted gateway service, you can encrypt the data client-side using the encryption mechanism of your choice. In the near future, we plan to release an SDK to extend the Storj encryption ecosystem to include end-to-end encryption with the hosted GatewayMT. Previous [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) Next [How Encryption is Implemented](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented) --- # Implementing Write Once, Read Many (WORM) System - Storj Docs WORM credentials allow uploading new objects, reading and listing those objects, but prevents those objects from ever being overwritten or deleted even if the credential is leaked or stolen. This provides protection against ransomware by making the bucket immutable when using the credentials. To implement a Write Once, Read Many (WORM) system, [create a credential](https://storj.dev/dcs/access) that includes the following permissions: * Read * Write * List Ensure the credential does **not** include: * Delete [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-worm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/storj-worm.png) Previous [Usage Limits](https://storj.dev/learn/concepts/limits) Next [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) --- # Overview of Common Integration Patterns for Storj Uplink - Storj Docs [Introduction](https://storj.dev/learn/concepts/solution-architectures/common-architectural-patterns#introduction) ------------------------------------------------------------------------------------------------------------------- There are a standard set of integration patterns in which the Storj Uplink is implemented. This section provides a solution architecture overview of the following integration patterns. [Common Architectural Pattern](https://storj.dev/learn/concepts/solution-architectures/common-architectural-patterns#common-architectural-pattern) =================================================================================================================================================== There are a standard set of integration patterns in which the Storj Uplink is implemented. This section provides a solution architecture overview of the following integration patterns. | Platform/Service | Description | **Decentralized Advantage** | | --- | --- | --- | | **Cloud-hosted Gateway** | S3-compatible cloud hosted gateway providing elastic object storage capacity | Easy implementation and broad compatibility. Note: uses server-side encryption | | **Hybrid Cloud On Premise Gateway** | On-premis to cloud elastic storage capacity | Enhanced privacy via end-to-end encryption | | **Cloud Native Applications** | Web-based applications interact with S3-compatible cloud hosted gateway | Server-side encryption and industry-leading access management controls with highly distributed network of storage nodes make it easy to build more secure and private applications | | **Mobile Apps** | Choose libuplink library for end-to-end encryption or S3-compatible cloud hosted gateway for ease of integration | Take advantage edge-based delegated authorization for secure and private file sharing | | **Command Line File Transfer** | Command line tool for end-to-end encrypted large file transfer between people or environments | Fast, easy, secure, private and economical way to move large files | | **Client App Integration** | Integrate libuplink into applications with native cloud storage use | Easily integrate secure, private and economical cloud object storage inn your app (Examples FileZilla, Rclone and Restic) | | **Dapp Integration** | Add decentralized object storage to your decentralized app | S3 compatibility, default multi-region high availability via a network of decentralized storage nodes, and enhanced security and privacy through delegated authorization. | | **Multi-cloud Storage** | Neutral, provider-agnostic cloud storage | Low egress costs and distributed storage provide consistent performance for inter-cloud transit | Previous [Satellite (Metadata Region)](https://storj.dev/learn/concepts/satellite) Next [Common Use Cases](https://storj.dev/learn/concepts/solution-architectures/common-use-cases) --- # Set Up Uplink CLI with Access Grant - Storj Docs 1\. You need to have a satellite account and installed Uplink CLI as described in [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) 2\. **[Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) ** and **save it to a file**. The Access Grant that you created in the web interface (or [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) ) needs to be saved to disk in a plain text file for simplicity (_for example - Mac terminal would not allow you to paste the whole access grant directly due terminal limitations_). Specify the path to the saved access grant in the following command (`~/Downloads/accessgrant.txt` _for example_). 3\. **Import** Access Grant. WindowsLinuxmacOS [PowerShell](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/set-up-uplink-cli#power-shell) -------------------------------------------------------------------------------------------------------------------------------- For security reasons it's better to use a casual user to work from the CLI, thus please run PowerShell as a casual user, not as an Administrator. Navigate to the directory your **uplink.exe** file is located (Check the [FAQ](https://storj.dev/support/faqs) for instructions): ./uplink.exe access import main accessgrant.txt ./uplink.exe access import main accessgrant.txt CopyCopied! Please note that **Storj Labs does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. Your Uplink is configured and ready to use! Previous [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) Next [Create a Bucket](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-a-bucket) --- # View Distribution of an Object - Storj Docs You need to have a satellite account and installed Uplink CLI as described in [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) You can view the geographic distribution of your object and generate a shareable URL via the Link Sharing Service. Run the `uplink share --url` command below. See [share](https://storj.dev/dcs/api/uplink-cli/share-command) for specifications on how to select an auth region and restrict the `uplink share --url` command. windowsmacoslinux ./uplink.exe share --url --not-after=+2h sj://cakes/cheesecake.jpg ./uplink.exe share --url --not-after=+2h sj://cakes/cheesecake.jpg CopyCopied! Copy the URL that is returned by the `uplink share --url` command and paste into your browser window. =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : 2022-03-01 09:56:13Paths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Dv4...========== CREDENTIALS ===================================================================Access Key ID: jvw3fmzqyg2cvxm27qishw6y4qkaSecret Key : ...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== BROWSER URL ==================================================================REMINDER : Object key must end in '/' when trying to share recursivelyURL : https://link.storjshare.io/s/juexo54k2db7lt5fawuqkupqkcfa/cakes/cheesecake.jpg =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : 2022-03-01 09:56:13Paths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Dv4...========== CREDENTIALS ===================================================================Access Key ID: jvw3fmzqyg2cvxm27qishw6y4qkaSecret Key : ...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== BROWSER URL ==================================================================REMINDER : Object key must end in '/' when trying to share recursivelyURL : https://link.storjshare.io/s/juexo54k2db7lt5fawuqkupqkcfa/cakes/cheesecake.jpg CopyCopied! This is a real distribution of your file's pieces that you uploaded to the network. You can share this file with anyone you'd like. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wx1Ujm2Y4Fnpn9vtROT0R_object-distribution.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wx1Ujm2Y4Fnpn9vtROT0R_object-distribution.png) Previous [Upload an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object) Next [Interacting With Your First Object CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/interacting-with-your-first-object) --- # Payout - Storj Docs [Introduction](https://storj.dev/node/payouts#introduction) ------------------------------------------------------------ Storage Node Operators are compensated for the resources that are used by Storj Satellites for their nodes every month. Our payout policy and details can be found on the [Storage Node Operator Terms and Conditions](https://storj.io/storj-operator-terms/) . In the event of a conflict between this documentation and Node Operator Terms & Conditions, the Node Operator Terms & Conditions shall govern. [Understanding How Storage Nodes are Paid on the Storj Network](https://storj.dev/node/payouts#understanding-how-storage-nodes-are-paid-on-the-storj-network) -------------------------------------------------------------------------------------------------------------------------------------------------------------- This document explains how storage node operators are paid for the data they store and the bandwidth that is utilized by Storj. Storage node operators are paid for the resources actually used on the service by Storj Labs-operated satellites. Any satellites operated by third parties not associated with Storj Labs may be subject to different terms, rates and payment methodologies. [Paid Resources](https://storj.dev/node/payouts#paid-resources) ---------------------------------------------------------------- Storj nodes share underutilized hard drive capacity and bandwidth with the Storj network and are paid when users store and retrieve data. Storj nodes are paid for the following items based on the calculations described below: **Storage of Storage Materials on Space** - use of storage space on storage node by the Storj satellites and users is calculated in GB hours per month and is paid monthly at the rates specified below; **Egress related to Uplink Clients** - egress bandwidth used when users retrieve data from the the network via applications is calculated in GB of bandwidth actually utilized and is paid monthly at the rates specified below; **Egress related to file repair** - egress bandwidth used when Storj satellites retrieve data from storage nodes for the purpose of file repair is calculated in GB of bandwidth actually utilized and is paid monthly at the rates specified below; and **Audit Bandwidth** - egress bandwidth used when Storj satellites retrieve data from storage nodes to perform an audit is calculated in GB is paid monthly at the rates specified below. [Exclusions](https://storj.dev/node/payouts#exclusions) -------------------------------------------------------- Storage Node Fees will not be paid for the following Storage Node usage: **Storage of Garbage Data** – storage of data on a Storage Node that was not removed by the Storage Node following deletion of such Storage Data by an Uplink Client (“**Garbage Data**”) where such data will otherwise be removed via the Storage Services garbage collector function; and **Other Resources** - Company will not pay for any other resources not specifically identified above. [Published Storj Satellite Payout Rates](https://storj.dev/node/payouts#published-storj-satellite-payout-rates) ---------------------------------------------------------------------------------------------------------------- The following table includes the current Storj Satellite payout rates. | **Payment Category** | **Rates as of Dec 1st, 2023** | | --- | --- | | Storage (per TB per Month) | $1.50 | | Egress (per TB) | $2.00 | | Audit/Repair (per TB) | $2.00 | All payments are made pursuant to the terms specified in the [Node Operator Terms & Conditions](https://www.storj.io/node-operator-terms-conditions) . For a detailed understanding of how TB is defined, please see [Pricing](https://storj.dev/dcs/pricing#object-storage) . [Related FAQ](https://storj.dev/node/payouts#related-faq) ---------------------------------------------------------- [How do I estimate my payouts per Satellite?](https://storj.dev/node/faq/estimate-payouts) [How do I estimate my potential earnings for a given amount of space and bandwidth?](https://storj.dev/node/faq/how-do-i-estimate-my-potential-earnings-for-given-amount-of-space-and-bandwidth) [How do I know the exchange rate for my payout?](https://storj.dev/node/faq/how-do-i-know-the-exchange-rate-for-my-payout) [Minimum payment thresholds](https://storj.dev/node/payouts#minimum-payment-thresholds) ---------------------------------------------------------------------------------------- All Storage Node payouts are subject to a per-wallet minimum threshold. We will not send a transaction where the fee for the transaction is more than 25% of the value of the transaction. The minimum threshold is calculated based on the average transaction fee value in USD from the previous 12 hours at the beginning of the payout process. For example, if the average transaction fee is the equivalent of $12.50, we’ll pay out all wallet addresses that have earned $50.00 and above. One of the reasons our terms and conditions require you to share the same wallet address across any storage nodes you operate is to avoid missing the minimum payout threshold and to help you avoid transaction costs. For wallet addresses that have earned less than the threshold, the earned payout will be included the following month, as long as the aggregate amount of payouts owed meets the minimum threshold at the time payouts are sent. In the example above, all Node Operators that earn less than $50.00 would have their payouts rolled into their payout the following month. In case of a final payout when you gracefuly exited or shutdown all nodes but the Undistributed amount is not enough to clear a [Minimum Payout Threshold](https://storj.dev/node/payouts#minimum-payment-thresholds) on Ethereum (L1), we recommend to [opt-in for zkSync (L2)](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) , where fees are usually lower and thus the probability to clear the Minimum Payout Threshold is significantly higher. The alternative is to wait until fees on L1 would become lower or run a new node using the same wallet address to allow to collect enough funds to clear the Minimum Payout Threshold. ### [Payment options](https://storj.dev/node/payouts#payment-options) Storage node operators have two options for payment, and these options impact what the transaction fee is. * Ethereum layer 1 - these are the default transactions, but have much higher fees, and therefore higher minimum payout thresholds ($50 wouldn't be surprising here, depending on current fees). * zkSync layer 2 - these are new. You can opt in to them, and the fees are much lower, therefore, there will be much lower minimum payout thresholds ($1 wouldn't be surprising here, depending on current fees). Both of these options will (for now) happen on a monthly schedule. We are committing to get the prior month's payments out before the 15th of the following month. If you are running multiple storage nodes, the payment method you select will apply to the individual storage nodes separately. For instance, if you have four nodes, two using default layer 1 transactions, and two using zkSync, then you will receive two payouts, one on layer 1 for those two nodes, and one through zkSync for the zkSync enabled ones. **IMPORTANT**: These will be considered two separate payouts for purposes of reaching the minimum threshold. [Ethereum layer 1 transactions](https://storj.dev/node/payouts#ethereum-layer-1-transactions) ---------------------------------------------------------------------------------------------- The default behavior is for us to transmit funds using Ethereum layer 1 (standard ERC20 transactions) for our STORJ token. This fee is calculated using the Ethereum gas costs of similar transactions, the gas to ETH conversion prices, and the price of ETH. These transaction fees are typically much higher than layer 2 transactions (see below), and thus incur a much higher minimum payout threshold. **Example calculation for layer 1 transaction:** At a gas price of 274 GWei, with a per-transaction Gas cost of 36508, a transaction costs .01 ETH, which at an ETH price of $1714 is $17.14 per transaction. We will not send a transaction where the fee is more than 25% of the overall transmitted value. That means the minimum payout threshold would be $68.56. [zkSync layer 2 transactions](https://storj.dev/node/payouts#zk-sync-layer-2-transactions) ------------------------------------------------------------------------------------------- Any node operator running [v1.22.2](https://github.com/storj/storj/releases/tag/v1.22.2) or later also can opt into zkSync Layer 2 transactions to receive payouts. zkSync is new technology and comes with some additional risk. You can read more about why we've chosen [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) here. We will use this type of transaction when possible, but we may revert to layer 1 transactions (and associated minimum payout thresholds) if circumstances require. The main benefit of zkSync is a much lower L2 transaction fee, and therefore a much lower minimum payout threshold. Low earning wallet addresses will get payouts at a more frequent schedule with zkSync. The main consideration with this method is that if the node operator wants to withdraw their funds from layer 2 back to layer 1 (for an exchange address of an exchange that does not yet support zkSync or similar), they will have to pay a transaction fee for that withdrawal. This withdrawal fee can be paid in STORJ, but may be more than a standard layer ERC20 transfer. Transaction fees can be paid using STORJ in zkSync, so no ETH will be needed for zkSync transactions. * Read about how to opt-in to [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) . * You can read more about zkSync in general [here](https://zksync.io/) . [General advice](https://storj.dev/node/payouts#general-advice) ---------------------------------------------------------------- Always control your private keys to your wallet. While it may be convenient to use an exchange address for your storage node payout, it's always safest to use an address for which you control the private keys. If you opt to use zkSync, you definitely want to use an address for which you control the private keys. Withdrawing your funds from zkSync is designed for use with wallets for which you control the private keys. If you use an address from an exchange or for which you otherwise don't have the private keys, you will be required to trigger an emergency withdrawal process, and this will be significantly more costly for you. Previous [Concepts](https://storj.dev/node/concepts) Next [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) --- # Creating Storage Nodes Using Ansible - Storj Docs This guide is for Commerical Storage Nodes, if you're looking to join the public network follow [Quickstart Node Setup](https://storj.dev/node/get-started/setup) instead. [Prerequisites](https://storj.dev/node/commercial-node/setup/ansible#prerequisites) ------------------------------------------------------------------------------------ * Completed setup of one [Storage Node](https://storj.dev/node/commercial-node/setup) * Installed [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/index.html) * Installed [Docker](https://storj.dev/node/get-started/install-node-software/cli/docker) [Ansible Configuration](https://storj.dev/node/commercial-node/setup/ansible#ansible-configuration) ---------------------------------------------------------------------------------------------------- There are a number of different tools to do cloud operations, this guide should be considered only an example and not a requirement for how to run [Commerical Storage nodes](https://storj.dev/node/commercial-node) . Any environment that can reliability run the [storage node image](https://hub.docker.com/r/storjlabs/storagenode) can be also be used. This Ansible playbook is showing how a single host machine with multiple hard drives can run multiple Storage nodes. Each container's environment variables, storage volumes, and network ports are set according to the individual dictionary elements in `storj_containers`. Each Storage node requires its own `external_port`, for communication with the Storj network. Similarly, each node ideally has a dedicated drive or mount point for its storage, identified by `volume_mount` like /mnt/sdb or /mnt/sdc. The Ansible `loop` iterates over the list of dictionaries stored in the `storj_containers` variable, executing the container deployment tasks for each dictionary item. This allows multiple Storage nodes with varying configurations to be deployed in a single playbook run. storagenode\_playbook.yml - name: Run Storj Storage Nodes hosts: storagenode become: yes vars: base_email: 'name+{{ item.name }}@example.com' public_ip: xxx.xx.xx.xx storj_containers: - name: storagenode1 external_port: 20001 internal_dashboard_port: 14001 volume_mount: '/mnt/sdb' storage: '10TB' - name: storagenode2 external_port: 20002 internal_dashboard_port: 14002 volume_mount: '/mnt/sdc' storage: '10TB' # Add more here tasks: - name: Pull Storj image community.docker.docker_image: name: storjlabs/storagenode:latest source: pull - name: Run Storj containers community.docker.docker_container: name: '{{ item.name }}' image: storjlabs/storagenode:latest env: WALLET: '0x0000000000000000000000000000000000000000' EMAIL: '{{ base_email }}' ADDRESS: '{{ public_ip }}:{{ item.external_port }}' STORAGE: '{{ item.storage }}' STORJ_CONSOLE_ADDRESS: '127.0.0.1:{{ item.internal_dashboard_port }}' volumes: - '{{ item.volume_mount }}/identity:/app/identity' - '{{ item.volume_mount }}/storage:/app/config' ports: - '{{ item.external_port }}:{{ item.external_port }}/tcp' - '{{ item.external_port }}:{{ item.external_port }}/udp' - '127.0.0.1:{{ item.internal_dashboard_port }}:{{ item.internal_dashboard_port }}' state: started restart_policy: unless-stopped loop: '{{ storj_containers }}' - name: Run Storj Storage Nodes hosts: storagenode become: yes vars: base_email: 'name+{{ item.name }}@example.com' public_ip: xxx.xx.xx.xx storj_containers: - name: storagenode1 external_port: 20001 internal_dashboard_port: 14001 volume_mount: '/mnt/sdb' storage: '10TB' - name: storagenode2 external_port: 20002 internal_dashboard_port: 14002 volume_mount: '/mnt/sdc' storage: '10TB' # Add more here tasks: - name: Pull Storj image community.docker.docker_image: name: storjlabs/storagenode:latest source: pull - name: Run Storj containers community.docker.docker_container: name: '{{ item.name }}' image: storjlabs/storagenode:latest env: WALLET: '0x0000000000000000000000000000000000000000' EMAIL: '{{ base_email }}' ADDRESS: '{{ public_ip }}:{{ item.external_port }}' STORAGE: '{{ item.storage }}' STORJ_CONSOLE_ADDRESS: '127.0.0.1:{{ item.internal_dashboard_port }}' volumes: - '{{ item.volume_mount }}/identity:/app/identity' - '{{ item.volume_mount }}/storage:/app/config' ports: - '{{ item.external_port }}:{{ item.external_port }}/tcp' - '{{ item.external_port }}:{{ item.external_port }}/udp' - '127.0.0.1:{{ item.internal_dashboard_port }}:{{ item.internal_dashboard_port }}' state: started restart_policy: unless-stopped loop: '{{ storj_containers }}' CopyCopied! Next define the hosts where Ansible tasks will be executed with an inventory file `hosts.ini`, where you list the IP addresses or hostnames of your target machines, optionally grouped under bracketed headers to organize them. Here's a basic example: hosts.ini [storagenode]192.168.1.5192.168.1.6 [storagenode]192.168.1.5192.168.1.6 CopyCopied! With this inventory, you can target specific groups (e.g., `[storagenode]`) or individual hosts in your Ansible playbooks. To execute the playbook, specify your inventory file using the `-i` option. This will run the playbook tasks on the hosts listed in your inventory. ansible-playbook -i hosts.ini storagenode_playbook.yml ansible-playbook -i hosts.ini storagenode_playbook.yml CopyCopied! On your host machine, you can view the status of your docker containers. Here are some useful commands The `docker ps` command lists all running Docker containers, it's useful for quickly checking which containers are active and their configurations. The `docker logs` command displays the standard output and standard error logs of a specified Docker container. To debug `storagenode1` container for example you could do docker logs --tail 20 storagenode1 docker logs --tail 20 storagenode1 CopyCopied! Previous [Setup](https://storj.dev/node/commercial-node/setup) Next [Node Dashboard](https://storj.dev/node/commercial-node/dashboard) --- # cp - Storj Docs Copies a local file or Storj object to another location locally or in Storj [Usage](https://storj.dev/dcs/api/uplink-cli/cp-command#usage) --------------------------------------------------------------- windowslinuxmacos ./uplink.exe cp [flags] SOURCE DESTINATION ./uplink.exe cp [flags] SOURCE DESTINATION CopyCopied! The `cp` command is used to upload and download objects. The `cp` command abstracts the complexity of encryption, erasure coding, and distributing pieces of a file to storage nodes. [Flags](https://storj.dev/dcs/api/uplink-cli/cp-command#flags) --------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `-r, --recursive` | Perform a recursive copy | | `-t, --transfers int` | Controls how many uploads/downloads to perform in parallel (default 1) | | `--dry-run` | Print what operations would happen but don't execute them | | `--progress` | Show a progress bar when possible (default true) | | `--range string` | Downloads the specified range bytes of an object. For more information about the HTTP Range header, see [https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35) | | `-p, --parallelism int` | Controls how many parallel chunks to upload/download from a file (default 1) | | `--parallelism-chunk-size Size` | Controls the size of the chunks for parallelism (default 64.0 MiB) | | `--expires relative_date` | Schedule removal after this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700') | | `--help`, `-h` | help for cp | [Examples](https://storj.dev/dcs/api/uplink-cli/cp-command#examples) --------------------------------------------------------------------- [Copy a local file into an existing bucket](https://storj.dev/dcs/api/uplink-cli/cp-command#copy-a-local-file-into-an-existing-bucket) --------------------------------------------------------------------------------------------------------------------------------------- When the `cp` command is used to copy a file to Storj (upload), the CLI first encrypts the file client-side, then splits it into a minimum of x erasure-coded pieces, and finally, the x pieces are uploaded in parallel to x different storage nodes. x currently equals 80 but is subject to change depending on continuous optimization. To copy `cheesecake.jpg` into the existing bucket `cakes`, use the following command: windowslinuxmacos ./uplink.exe cp cheesecake.jpg sj://cakes ./uplink.exe cp cheesecake.jpg sj://cakes CopyCopied! You cannot use regular expressions to specify which files to copy (e.g. `uplink cp cheese* sj://cakes` will not work). Also, you can only specify one source at a time (no ) Output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-hjCrs6csxIQRGlUsN-_h_cp01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-hjCrs6csxIQRGlUsN-_h_cp01.png) ### [Copy a file from a bucket to a local drive](https://storj.dev/dcs/api/uplink-cli/cp-command#copy-a-file-from-a-bucket-to-a-local-drive) When the `cp` command is used to copy a file from Storj (download), the CLI first downloads the minimum number of pieces to reconstitute a file (typically 29 pieces), then re-encodes the pieces into a single file, and finally decrypts the file client-side. To copy a file from a project to a local drive, use: windowslinuxmacos ./uplink.exe cp sj://cakes/cheesecake.jpg ~/Downloads/ ./uplink.exe cp sj://cakes/cheesecake.jpg ~/Downloads/ CopyCopied! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/L3WG_T6fFd44KDKM0ySZU_cp02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/L3WG_T6fFd44KDKM0ySZU_cp02.png) ### [Copy a local file into a bucket with an expiration date](https://storj.dev/dcs/api/uplink-cli/cp-command#copy-a-local-file-into-a-bucket-with-an-expiration-date) The uploaded object can be set to expire at a certain time. After the expiration date, the file is no longer available and no longer will generate usage charges. To set an expiration date for a file when uploading it, you should use the `cp` command with the `--expires` flag: windowslinuxmacos ./uplink.exe cp --expires 2021-12-31T13:00:00+02:00 cheesecake.jpg sj://cakes ./uplink.exe cp --expires 2021-12-31T13:00:00+02:00 cheesecake.jpg sj://cakes CopyCopied! The date is given in the `yyyy-mm-ddThh:mm:ssZhh:mm` format defined in ISO 8601. `2021-12-31T13:00:00+02:00` reads "December, 31st at 1pm UTC+2". A date ending with "Z", such as `2021-12-31T13:00:00Z`, is in UTC. The command above gives the following output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kaEp97IAbLH80jtAKZLuX_cp03.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kaEp97IAbLH80jtAKZLuX_cp03.png) ### [Copy an object with parallelism](https://storj.dev/dcs/api/uplink-cli/cp-command#copy-an-object-with-parallelism) If you have enough upstream bandwidth, you can use the multipart functionality to upload objects faster. To increase upload speed, you can use the `cp` command with the `--parallelism 10` flag (the number you can set according to your preferences and available upstream bandwidth): windowslinuxmacos ./uplink.exe cp --parallelism 10 cheesecake.jpg sj://cakes ./uplink.exe cp --parallelism 10 cheesecake.jpg sj://cakes CopyCopied! Since our sample object is small, you likely will not notice a difference. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YdggjS4upivbH0WFWfiLd_cp04.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YdggjS4upivbH0WFWfiLd_cp04.png) It would be significantly different with big objects like videos or OS images etc. and for upstream bandwidth much greater than 100Mbps. ### [Recursive copy of objects from local location to the bucket](https://storj.dev/dcs/api/uplink-cli/cp-command#recursive-copy-of-objects-from-local-location-to-the-bucket) You can recursively copy files: windowslinuxmacos ./uplink.exe cp --recursive ~/receipts sj://cakes/ ./uplink.exe cp --recursive ~/receipts sj://cakes/ CopyCopied! Sample output: upload /home/user/receipts/cheescake.jpg to sj://cakes/cheescake.jpgupload /home/user/receipts/pancake.jpg to sj://cakes/pancake.jpg upload /home/user/receipts/cheescake.jpg to sj://cakes/cheescake.jpgupload /home/user/receipts/pancake.jpg to sj://cakes/pancake.jpg CopyCopied! ### [Copy an object from one location to another within Storj](https://storj.dev/dcs/api/uplink-cli/cp-command#copy-an-object-from-one-location-to-another-within-storj) It is possible to copy a file from one Storj location to another Storj location within the same project. When the `cp` command is used to copy a file from one Storj location to another Storj location, the object will be copied entirely on the "server" side - **this will not count against your egress limits, as the object is not being downloaded**. You need to have at least version 1.54.1 of Uplink installed to support server-side copy First, to create a new bucket, we will use the `mb` command, as copying is possible only to an existing bucket. windowslinuxmacos ./uplink.exe mb sj://new-recipes ./uplink.exe mb sj://new-recipes CopyCopied! Bucket new-recipes created Bucket new-recipes created CopyCopied! Nested buckets are not supported, but you can use prefixes, as they would act almost like subfolders. Now, to copy a file from a bucket within a project to another bucket in the same project with prefix `cakes`, use: windowslinuxmacos ./uplink.exe cp sj://cakes/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg ./uplink.exe cp sj://cakes/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg CopyCopied! Sample Output: upload sj://cakes/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg upload sj://cakes/cheesecake.jpg sj://new-recipes/cakes/cheesecake.jpg CopyCopied! There is no progress bar shown since nothing was downloaded or uploaded, as the copying happens on the "server" side (within a Storj project.) Previous [access use](https://storj.dev/dcs/api/uplink-cli/access-command/access-use) Next [import](https://storj.dev/dcs/api/uplink-cli/import-command) --- # Understanding Satellites and Metadata Regions in the Network - Storj Docs The **Satellite** is a set of hosted services that is responsible for a range of functions on the network, including the node discovery system, node address information caching, per-object metadata storage, storage node reputation management, billing data aggregation, storage node payment, data audit and repair, as well as user account and authorization management. Users have accounts on and trust specific Satellites. Any user can run their own Satellite, but we expect many users will choose to avoid the operational complexity and create an account on another Satellite hosted by a trusted third party such as Storj, a friend, group, or workplace. Storj satellites are operated under the Storj brand. This component has a number of key responsibilities: 1. Developer account registration & management 2. API credential & access management 3. Object metadata storage 4. Billing & payment 5. Audit & repair Users of the network will have accounts on a specific Satellite instance, which will: store their file metadata, manage authorization to data, keep track of storage node reliability, repair and maintain data when redundancy is reduced, and issue payments to storage nodes on the user’s behalf. [Choosing a metadata region](https://storj.dev/learn/concepts/satellite#choosing-a-metadata-region) ---------------------------------------------------------------------------------------------------- While Storj doesn't have "regions" like other cloud storage providers who operate data centers in one or more geographic location, the closest thing to a "region" is a satellite. While your data is stored across a globally distributed network of storage nodes, the encrypted metadata is stored across multiple satellites in a region. When selecting the Satellite for your project, you'll want to choose the geographic region where the majority of the end users of your service who will be interacting with the objects on Storj will be located. Importantly, a specific Satellite instance does not necessarily constitute one server. A Satellite may be run as a collection of servers and be backed by a horizontally scalable trusted database for higher uptime. Storj operates clusters of Satellites in regions, with all Satellites in a region sharing a multi-region, distributed back end. This configuration provides a highly resilient and available architecture in which the loss of any Satellite service, an entire Satellite or the unavailability of a facility hosting a Satellite has no impact on the availability of data stored on the network. Storj implements a thin-client model that delegates trust around managing files’ location metadata to the Satellite service which manages data ownership. Uplinks are thus able to support the widest possible array of client applications, while Satellites require high uptime and potentially significant infrastructure, especially for an active set of files. Like storage nodes, the Satellite service is being developed and will be released as open source software. Any individual or organization can run their own Satellite to facilitate network access. With respect to customer data, the Satellite is never given data unencrypted and does not hold [Encryption Keys](https://storj.dev/learn/concepts/access/encryption-and-keys) The only knowledge of an object that the Satellite is able to share with third parties is its existence, rough size, and other metadata such as access patterns. This system protects the client’s privacy and gives the client complete control over access to the data, while delegating the responsibility of keeping files available on the network to the Satellite. Uplink Clients may use Satellites run by a third-party. Because Satellites store almost no data and have no access to keys, this is a large improvement over the traditional data-center model. Many of the features Satellites provide, like storage node selection and reputation, leverage considerable network effects. Reputation data sets grow more useful as they increase in size, indicating that there are strong economic incentives to share infrastructure and information in a Satellite. The Satellite instance is made up of these components: * A full node discovery cache * A per-object metadata database indexed by encrypted path * An account management and authorization system * A storage node reputation, statistics, and auditing system * A data repair service * A storage node payment service [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gLz7oZ6M4vakL8WRG8yyx_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gLz7oZ6M4vakL8WRG8yyx_image.png) Previous [S3 Compatibility](https://storj.dev/learn/concepts/s3-compatibility) Next [Common Architectural Pattern](https://storj.dev/learn/concepts/solution-architectures/common-architectural-patterns) --- # QNAP Storage Node App - Storj Docs [Introduction](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app#introduction) ------------------------------------------------------------------------------------------------------------ In this guide, we are going to walk through the installation process for the Storage Node QNAP application for your QNAP NAS Device – enabling you to: 1. Monetize your excess capacity on the Storj Network 2. [Back up your NAS Device](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3) using QNAP's HBS 3 using Storj's S3-compatible API For a video walkthrough of this process, please see below: [Prerequisites](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app#prerequisites) -------------------------------------------------------------------------------------------------------------- * [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) * Download the [QNAP Binary](https://github.com/storj-thirdparty/qnap-storagenode-app/releases/latest) - NOTE: This version(V1.1.4) is not compatible with any QTS version higher than 5.0 [Sharing Capacity Prerequisites](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app#sharing-capacity-prerequisites) ------------------------------------------------------------------------------------------------------------------------------------------------ 1. Navigate to QNAP App Center application, by double clicking on its icon on the QNAP Desktop Homepage. 2. Click "Install Manually" and click on the QNAP Package (downloaded above) to install the QNAP Storj application onto the device. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/2_N44-j5CDn6cZiLzoCVG_spaces.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/2_N44-j5CDn6cZiLzoCVG_spaces.png) 3. Hit **accept** when prompted to accept that the application has no official digital signature: Once the installation is completed, the Storj Storage Node app will be available through the App Center, as well as be visible on the desktop. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1uAYJpLKzzU09nFBE3owp_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1uAYJpLKzzU09nFBE3owp_image.png) Don't see the Storj app? Go to **Control Panel** -> **Privileges**, double click the storage node app and put a checkmark in the **Allow** box of the user you're logging in with. After that it should appear in the start menu. 1. Open the application, and click "Wizard" in the sidebar. You will be prompted with a walkthrough of the application, like so: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9mKBXGbXoQJ95ywE_mbBL_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9mKBXGbXoQJ95ywE_mbBL_image.png) 2. Enter your email address that you would like associated with notifications for your node: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kfnmhfsVG_k61weJPvi4a_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kfnmhfsVG_k61weJPvi4a_image.png) 3. Add your [ERC-20 Token Compatible Wallet Address](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) for payouts. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4nmAYwFJUzivgihR-NruY_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4nmAYwFJUzivgihR-NruY_image.png) 4. Configure Storage Allocation, and set the amount of excess storage capacity you would like to share with the network. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LWmWZBADgrai71-5EQDp9_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LWmWZBADgrai71-5EQDp9_image.png) 5. Input a selected Storage Directory (which specifies the path where the data will be stored). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DGiiifk0J5D7xotc04dp9_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DGiiifk0J5D7xotc04dp9_image.png) 6. Configure the external [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) This allows the connection for the Storj Network to come in, and communicate with the software running on the NAS. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jZ8twzcfbWd-AnTpKMprj_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jZ8twzcfbWd-AnTpKMprj_image.png) 7. Set the location for your node's identity certificate, like so: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hIJRyypNup8zNmjTzKq7F_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hIJRyypNup8zNmjTzKq7F_image.png) 8. Hit **finish**, and you have successfully completed that setup wizard for your QNAP device. [Run the Application](https://storj.dev/node/get-started/install-node-software/qnap-storage-node-app#run-the-application) -------------------------------------------------------------------------------------------------------------------------- After following the configuration steps above, 1. Click **Start My Storage Node** Look for the log output, which indicates that the image is running. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/AoZkAsmxNVvt8HkJX-h-K_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/AoZkAsmxNVvt8HkJX-h-K_image.png) 2. You have successfully shared your excess capacity on your QNAP Device with the Storj Network. 3. Click the Dashboard Option to view your current stats - and keep an eye on that payout address! Previous [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) Next [Commercial Node](https://storj.dev/node/commercial-node) --- # Docker - Storj Docs [Install Docker](https://storj.dev/node/get-started/install-node-software/cli/docker#install-docker) ----------------------------------------------------------------------------------------------------- What we use to package the Storage Node software and push new updates. To set up a Storage Node, you first must have Docker installed. Install Docker by following the appropriate installation guide for your OS. LinuxmacOSWindows [**Ubuntu Docker Installation**](https://docs.docker.com/install/linux/docker-ce/ubuntu/) [**CentOS Docker Installation**](https://docs.docker.com/install/linux/docker-ce/centos/) [**Debian Docker Installation**](https://docs.docker.com/install/linux/docker-ce/debian/) [**Fedora Docker Installation**](https://docs.docker.com/install/linux/docker-ce/fedora/) Previous [CLI Install](https://storj.dev/node/get-started/install-node-software/cli) Next [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) --- # Understanding API Keys and Access Management - Storj Docs API Keys are based on Macaroons and include the capability to encode programmatic access restrictions into the API Key. The API Key encoded into an Access Grants is based on a type of token called a Macaroon. A Macaroon is essentially a cookie with an internal structure for encoding logic, in this case, access restrictions. A Macaroon embeds the logic for the access it allows and can be restricted, simply by embedding the path restrictions and any additional restrictions within the string that represents the Macaroon. Unlike a typical cookie, a Macaroon is not a random string of bytes, but rather is an envelope with access logic encoded in it. Storj make it easy to share access to objects securely and privately. You don't need to know how to construct an API Key, but understanding how they work and what the capabilities are provide you with a better understanding of the tools Storj provides you to build more private and secure applications. [About API Keys](https://storj.dev/learn/concepts/access/access-grants/api-key#about-api-keys) ----------------------------------------------------------------------------------------------- For a more complete review of Macaroons, please check out [the Google paper](https://research.google/pubs/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/) . This documentation will provide enough information to effectively use the access management and object sharing functionality of Storj, but is not intended to be an exhaustive explanation on the full functionality of Macaroons. Although this documentation uses the terms “API Key” and “Macaroon” interchangeably, only the term “Access Grant” is referenced on the service, through the libraries, and in the documentation. The API Key is embedded inside of an Access Grant, and is not something you need to manage separately. [Access Management Starts at the Project Level](https://storj.dev/learn/concepts/access/access-grants/api-key#access-management-starts-at-the-project-level) ------------------------------------------------------------------------------------------------------------------------------------------------------------- Each Project has a Root API Key Secret that is issued by the Satellite. This Root API Key Secret is used to create other API Keys. Since all Access Grants are derived from the same Root API Key Secret, they all have the same level of access. By default, all API Keys have complete, unrestricted access to perform all functions against all objects within a project. [Access Encoding by Uplink Client](https://storj.dev/learn/concepts/access/access-grants/api-key#access-encoding-by-uplink-client) ----------------------------------------------------------------------------------------------------------------------------------- When an Uplink Client (LibUplink, Uplink CLI, or Uplink S3 Gateway) is configured to use an Access Grant, the Uplink Client automatically creates an HMAC signature that is encoded in the metadata of the object stored. As objects and their path metadata are created, the hierarchy is encoded in the object metadata. Based on where an object falls in the hierarchy, If the parent Access Grant is known, a restricted Access Grant can be derived for any level of the hierarchy that is valid from that point in the hierarchy and below to any child objects below it in the hierarchy. [Sharing Access to Objects](https://storj.dev/learn/concepts/access/access-grants/api-key#sharing-access-to-objects) --------------------------------------------------------------------------------------------------------------------- [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MwdavJ1Uhw29KTR0n6XhZ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MwdavJ1Uhw29KTR0n6XhZ_image.png) When the Access Grant is created by the Uplink Client, that Access Grant can be passed to a peer (another Uplink Client). When that peer Uplink Client uses that Access Grant to access an object, it passes only the API Key to the appropriate Satellite to request access to the object (never the encryption key). The Satellite can determine the validity of the API Key passed to it (along with any Caveats as described below) without needing access to the actual metadata. Since the metadata is also encrypted client-side, this is extremely important. Effectively, the Satellite does not need to know which user or application is attempting an object or what the object is; The Uplink Client provides only the minimum information that allows the Satellite to determine the validity of the request without knowing anything about the requestor or the object being requested. [Encoding Restrictions in an Access Grant](https://storj.dev/learn/concepts/access/access-grants/api-key#encoding-restrictions-in-an-access-grant) --------------------------------------------------------------------------------------------------------------------------------------------------- It is also possible to restrict an Access Grant to provide a limited level of access to an object. Access restrictions are accomplished through the use of Caveats. Caveats are conditional access restrictions that are encoded into the body of an API Key. An API Key has three parts, a head, a list of caveats, and a tail. These are concatenated and serialized together. An unrestricted API Key has no caveats, so it’s just a head and a tail. The head is a random nonce, and the tail of the unrestricted API Key is the HMAC of the root secret and the head. The next section will detail the specific restrictions on the bucket and object constructs. Previous [Access Grants](https://storj.dev/learn/concepts/access/access-grants) Next [Access Restrictions](https://storj.dev/learn/concepts/access/access-grants/api-key/restriction) --- # Understanding S3 Compatibility with Storj - Storj Docs The Storj S3-compatible Gateway supports a RESTful API that is compatible with the basic data access model of the [Amazon S3 API](http://docs.aws.amazon.com/AmazonS3/latest/API/APIRest.html) . The Storj S3 Gateway is well-suited for many application architectures, but the S3 standard was designed for centralized storage and there are a few areas where a decentralized architecture requires a different approach. Storj offers two options for S3 compatibility: 1. [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) : Storj hosted S3 Compatible Service 2. [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) : Self-hosted S3 Compatible Binary (run your own S3 endpoint) The latest compatibility can be found in [the S3 compatibility table](https://storj.dev/dcs/api/s3/s3-compatibility) . [When to use GatewayMT](https://storj.dev/learn/concepts/s3-compatibility#when-to-use-gateway-mt) -------------------------------------------------------------------------------------------------- If you have an existing application that is using an S3-compatible object storage service and you want to switch to Storj, the easiest way to switch is to use the hosted S3-compatible service. The main design decision you need to be aware of is that Gateway-MT uses [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) . You can learn about the supported commands and endpoints for S3 compatibility under the SDK & Reference section for the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . [When to use GatewayST](https://storj.dev/learn/concepts/s3-compatibility#when-to-use-gateway-st) -------------------------------------------------------------------------------------------------- If you have an hybrid cloud architecture, are working with on-premise data, or have other needs to host your own S3-compatible object storage service you may want to use the self-hosted GatewayST. The two main design decisions you need to be aware of are that: 1. GatewayST uses [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) . 2. When you host your own Gateway, that gateway is handling the erasure coding and direct peer-to-peer transfer of data to storage nodes. You will need to account for the upstream bandwidth associated with the [File Redundancy](https://storj.dev/learn/concepts/file-redundancy) the data and any associated overhead related to concurrent connections with storage nodes related to parallel transfers. You can learn about the supported commands and endpoints for S3 compatibility under the SDK & Reference section for the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . Previous [Multiregion Availability](https://storj.dev/learn/concepts/multiregion-availability) Next [Satellite (Metadata Region)](https://storj.dev/learn/concepts/satellite) --- # Best Use Cases for Distributed Storage Solutions - Storj Docs [Introduction](https://storj.dev/learn/concepts/solution-architectures/common-use-cases#introduction) ------------------------------------------------------------------------------------------------------ Object storage is ideal for files that are written once and read many times (WORM - Write Once, Read Many data). Object storage has formed the backbone of many different applications and use cases. Distributed and decentralized object storage is optimized for larger files, especially where those files are accessed regularly from geographically diverse locations. Object storage, in general, has a wide range of use cases. The use cases that are the best fit for Storj are outlined below. If you don't see your use case listed, don't worry - this will just give you a sense of how Storj is meant to be used. [Common Use Cases](https://storj.dev/learn/concepts/solution-architectures/common-use-cases#common-use-cases) -------------------------------------------------------------------------------------------------------------- | Platform/Service | Description | **Decentralized Advantage** | | --- | --- | --- | | **General Backup** | Long term storage of large files required for business continuity or disaster recovery needs | Low cost and always available high-throughput bandwidth means storage is economical and recovery is rapid | | **Database Backup** | Regular snapshot backups of databases for backup or testing are an entrenched part of infrastructure management | Streaming backup eliminates the need to write large database snapshots to local disk before backup or for recovery | | **Private Data** | Data that is highly sensitive and an attractive target for ransomware attacks or other attempts to compromise or censor the data | Client side encryption and industry-leading access management controls and highly distributed network of storage nodes reduce attack surface and risk | | **Multimedia Storage** | Storage of large numbers of large multimedia files, especially data produced at the edge from sources like security cameras that must be stored for long periods of time with low access | Rapid transit leveraging parallelism makes distributed storage effective for integrating with video compression systems to reduce volume of data stored | | **Multimedia Streaming** | Fluid delivery of multimedia files with the ability to seek to specific file ranges and support for large number of concurrent downloads | Native file streaming support and distributed bandwidth load across highly distributed nodes reduce bottlenecks | | **Large File Transfer** | Transiting large amounts of data point to point over the internet | High-throughput bandwidth takes advantage of parallelism for rapid transit; Client-side encryption ensures privacy during transit | | **Hybrid Cloud** | Flexible ability to provide elastic capacity to on-premise data storage | Enables enterprises to monetize excess storage capacity when not needed and provides secure, private cloud storage on demand | | **Machine Learning** | Storage transit for processing of large data sets from disparate data sources and types | Decentralized architecture provides better response times for data processing, which can translate into the ability to process more data within time limits, as well as efficiency in transport and peering costs | | **VR/AR** | Virtual reality and augmented reality are both latency sensitive and bandwidth demanding with large file sets. | Distributed storage provides better response times toward end users, as well as efficiency in transport and decreased peering costs | | **IoT Data** | Connected devices generate massive amounts of data | Small IoT files can be packed into large blocks for efficient storage while individual message files can be accessed via streaming to specific data ranges | | **NFT Related Digital Assets** | Storage digital assets associated with non-fungible tokens (NFTs) | Provide cost-effective storage with edge-based delegated authorization for managing access to digital content | Previous [Common Architectural Pattern](https://storj.dev/learn/concepts/solution-architectures/common-architectural-patterns) Next [Usage Limits](https://storj.dev/learn/concepts/limits) --- # Managing Encryption Keys - Storj Docs End-to-end encryption means that you are responsible for creating and maintaining the encryption keys to your data. Lose your encryption keys and you've effectively lost access to your data. [A Word of Caution on encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management#a-word-of-caution-on-encryption-keys) -------------------------------------------------------------------------------------------------------------------------------------------------------- At several points in the Documentation it’s important to point out three important things about your encryption keys. Please make sure you clearly understand how encryption keys are used on Storj. You, your application and/or your users are responsible for managing your encryption keys. If you lose your encryption keys, you have lost the ability to decrypt your data rendering it useless. [Thing 1: Your encryption keys are your data](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management#thing-1-your-encryption-keys-are-your-data) --------------------------------------------------------------------------------------------------------------------------------------------------------------------- Storj does not have access to your encryption keys. If you lose your encryption keys, they are gone. If you can’t decrypt your data, you’ve effectively lost it. All of it. ### [Thing 2: Make sure you backup your encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management#thing-2-make-sure-you-backup-your-encryption-keys) It is very important you make sure to backup your encryption keys in a safe place. Storj does not have any features or functions to back up encryption keys. We have a reference implementation of a user interface to ensure a user has backed up their encryption keys, but all of that happens client-side. ### [Thing 3: Secure your encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management#thing-3-secure-your-encryption-keys) This probably goes without saying, but be careful with how your app stores and transmits encryption keys. By keeping encryption and access management separate, and by implementing client-side encryption, Storj ensures that your data can’t be processed, mined, scanned by Storj or any unauthorized 3rd parties. If you don’t, it will end badly and Storj won’t be able to help. ### [Thing 4: Choose complex encryption passphrases.](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management#thing-4-choose-complex-encryption-passphrases) If your encryption key is easily guessable, or is leaked via some means, you will have to re-encrypt and re-upload all of your data to change your keys. This is a consequence of the encryption passphrase being controlled by you and being deterministic. To try and help encourage users to have the right behavior, the access grant creation wizard on the Satellite dashboard will prompt first time users to create a 12 word passphrase.\\ Previous [Encryption Keys](https://storj.dev/learn/concepts/access/encryption-and-keys) Next [When to use different encryption keys](https://storj.dev/learn/concepts/access/encryption-and-keys/when-to-use-different-encryption-keys) --- # Implementing Data Encryption in a Decentralized Network - Storj Docs Strong encryption is essential when data is stored on a network of storage nodes operated by 3rd parties [Ensuring the Privacy and Security of Data on Storj](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented#ensuring-the-privacy-and-security-of-data-on-storj) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- All data stored on the distributed and decentralized network of storage nodes and all metadata stored on Satellites is encrypted. By encrypting file-paths, content, and metadata client-side, we avoid the danger of making this data available to attackers, and anyone else who is unable to derive the necessary encryption keys. The network's encryption method is purposely designed to avoid using the same keys for content encryption of different files and different segments of the same file. This is advantageous not only because it makes file sharing of encrypted files more secure, but because it does not put other segments or files at risk if one of them is compromised. The encryption algorithm we used for content and metadata is easily configurable between AES-GCM and “[Secretbox](https://nacl.cr.yp.to/secretbox.html) ,” which are both authenticated encryption algorithms. This means that if any encrypted data is tampered with, the client downloading the data will know about it once the data is decrypted. First, it’s critical to understand the definitions of a few key concepts used on the network for encryption. * **Segment**: The largest subdivision of a file. All the segments of a file are usually the same size. In most cases, the last segment will be smaller than the rest. * **Path**: The representation for a file’s “location.” Paths are essentially an arbitrary number of strings delimited by slashes (e.g. _this/is/a/file.txt_). On the Storj network, the Satellite uses paths to keep track of file metadata as well as pointers to storage nodes that possess encrypted file content. * **Root secret**: A private string defined by the client that is used to derive keys for encrypting and decrypting data stored on the network. * **Object key**: A key derived from the root secret and the file path. There is a different path key for every element in the path, and a path key is used to derive new path keys for lower level path items. * **Random key**: A randomly generated key used to encrypt segment content and metadata. * **Derived key**: A key derived from the path key for the lowest level path element. The derived key is used to encrypt the random key before it is stored in a segment’s metadata. * **HMAC**: Hash-based message authentication code. We generate HMACs using path elements and encryption keys in order to derive new keys for lower levels of the path. Using hashes makes it easy to generate keys from higher levels without making it possible to generate higher level keys from lower level ones. * **AES-GCM**: An authenticated encryption algorithm that makes use of the Advanced Encryption Standard and uses the Galois/Counter mode for encrypting blocks. * **Secretbox**: An authenticated encryption algorithm from the NaCl library that combines the Salsa20 encryption cipher and Poly1305 message authentication code. [Path Encryption](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented#path-encryption) ----------------------------------------------------------------------------------------------------------------- Paths are encrypted in a hierarchical and deterministic way using the root encryption key. Each path component is encrypted separately based on information derived from previous path components. Consider an unencrypted path _p_ that is made up of path elements _p1/p2/…/pn_. The end goal is to generate an encrypted path _e_, which is made up of elements _e1/e2/…/en_. We have a root secret, s0, and can derive a path key using this secret, _k0_ = _K(s0)_. We then define the next secret as _s1 = HMAC(s0, p1)_ and encrypt the first path element as _e1 = encrypt(k0, p1)_. In more general terms, each derived secret _si_ = _HMAC(si-1, pi)_, and each encrypted path element _ei = encrypt(ki-1, pi)_ where the path key _ki-1 = K(si-1)._ This method of path encryption allows us to do some interesting things. Consider a user, Brandon, with several files and subdirectories under the path _p1/p2/p3/_. Brandon wants to share everything under this path with Nat, another user, without revealing anything at a higher level _(p1/…, p1/p2/…)_. Brandon can provide Nat with the encrypted path _e1/e2/e3/_ and the secret _s3_. Nat is now able to derive the encryption keys for any of Brandon’s files prefixed with the path _e1/e2/e3/_. However, she will be unable to decrypt any of the first three path elements or files that do not have the required prefix. While there are many benefits to path encryption, one challenge exists around efficiently listing unencrypted file names. Since the order of listed items is determined by the paths stored on the Satellite, listed items will always be returned in order based on their encrypted path names, but will not be alphabetical when the paths are decrypted. Users of the network are able to opt out of path encryption on a per-bucket basis because of this limitation. If a user opts out of encrypted paths, the paths will still only be visible to the Satellite. Storage nodes do not have information about paths or metadata associated with pieces they are storing. ### [Content and Metadata Encryption](https://storj.dev/learn/concepts/encryption-key/how-encryption-is-implemented#content-and-metadata-encryption) When a user uploads a file, we read it one segment at a time on the client-side. Before each segment is split up, erasure encoded, and stored on remote storage nodes, we generate a random content encryption key. We also create a starting nonce equal to the segment number and use it along with the random key to encrypt the segment data. Next, we generate the derived key, dk, which we define with _sn+1_ = _HMAC(sn, “content”)_, where _dk_ _\=_ _K(sn+1)_ and _sn_ is the last secret generated from the file path using the technique detailed above. The reason we add one more derivation step instead of setting _dk = K(sn)_ is because a file path can also be a prefix for other file paths. For instance, _a/b/c_ is a valid file path, but so is _a/b/c/d_. If Brandon wants to share _a/b/c_ with Nat, he should be able to provide Nat with a derived key to decrypt the file _c_, but it shouldn’t be possible for Nat to derive the key to access the file _d_ even though it has the same prefix. By adding one more dimension of key derivation for content encryption, we avoid this issue. Each segment has metadata associated with it on the Satellite. Segment metadata includes the random key used to encrypt that segment’s content. We encrypt the random key with the derived key (dk) and a randomly generated nonce. The nonce is stored along with the encrypted content key in the segment metadata. This way, we use a different random encryption key for each segment, but anyone with the derived key can decrypt those keys. The last segment’s metadata contains information in addition to the encrypted key and key nonce. The additional information is the metadata for the entire file. Some of this metadata is unencrypted, such as encryption type (AES-GCM or Secretbox) and encryption block size, since they are necessary to properly decrypt the file and metadata. The remainder of the metadata, which includes the number of segments, segment size, last segment size, and additional arbitrary metadata is encrypted with the last segment’s random content encryption key. In summary, encryption and security on decentralized cloud storage networks has been carefully thought out to enable the sharing of files without compromising entire buckets of data. Cloud storage platforms must have the ability to easily share data for deployments like CDNs, websites and other use-cases. By deriving keys hierarchically from file paths, and encrypting data with different keys, Storj maintains data privacy without removing important features. This description pulls heavily from Moby von Briesen's blog post, located here: [https://storj.io/blog/2018/11/security-and-encryption-on-the-v3-network/](https://storj.io/blog/2018/11/security-and-encryption-on-the-v3-network/) You can read more about encryption on the V3 Storj network in sections 3.6 and 4.1 of [our whitepaper](https://www.storj.io/whitepaper) . Previous [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) Next [Storj Managed vs. Self-Managed Encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) --- # Import an Access to an Object - Storj Docs Importing an access is done using the `import` command. [Import from the file](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access#import-from-the-file) --------------------------------------------------------------------------------------------------------------------------------------------- windowsmacoslinux ./uplink.exe access import cheesecake cheesecake.access ./uplink.exe access import cheesecake cheesecake.access CopyCopied! This should give you the following output: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LnvFyNM5SGNgYhluYziqI_access-import.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LnvFyNM5SGNgYhluYziqI_access-import.png) ### [Import from the input](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access#import-from-the-input) windowsmacoslinux ./uplink.exe access import cheesecake 14dfgh....qr ./uplink.exe access import cheesecake 14dfgh....qr CopyCopied! ### [Check list of Access grants](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access#check-list-of-access-grants) You can list your available accesses using: windowsmacoslinux ./uplink.exe access list ./uplink.exe access list CopyCopied! CURRENT NAME SATELLITE* cheesecake us1.storj.io:7777 pumpkin-pie us1.storj.io:7777 tarte us1.storj.io:7777 CURRENT NAME SATELLITE* cheesecake us1.storj.io:7777 pumpkin-pie us1.storj.io:7777 tarte us1.storj.io:7777 CopyCopied! To get more information on an access use the `inspect` command: windowsmacoslinux ./uplink.exe access inspect cheesecake ./uplink.exe access inspect cheesecake CopyCopied! { "satellite_addr": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777", "encryption_access": { "default_path_cipher": "ENC_AESGCM" }, "api_key": "...", "macaroon": { "head": "...", "caveats": [ { "not_after": "2021-04-17T00:00:00Z", "not_before": "2021-04-18T00:00:00Z", "nonce": "..." } ], "tail": "..." }} { "satellite_addr": "12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777", "encryption_access": { "default_path_cipher": "ENC_AESGCM" }, "api_key": "...", "macaroon": { "head": "...", "caveats": [ { "not_after": "2021-04-17T00:00:00Z", "not_before": "2021-04-18T00:00:00Z", "nonce": "..." } ], "tail": "..." }} CopyCopied! There is no command to delete an access. You can delete an access directly in your configuration file. ### [How to use an Access grant with commands](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access#how-to-use-an-access-grant-with-commands) You can now use this access setting the `--access` flag. For example, to copy the shared object to your current directory you would use: windowsmacoslinux ./uplink.exe cp --access cheesecake sj://cakes/cheesecake.jpg . ./uplink.exe cp --access cheesecake sj://cakes/cheesecake.jpg . CopyCopied! Previous [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) Next [Revoke an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/revoke-an-access-to-an-object) --- # Step 2. Setup Port Forwarding - Storj Docs [Before starting](https://storj.dev/node/get-started/port-forwarding#before-starting) -------------------------------------------------------------------------------------- **Failure to complete these steps will prevent your storage node from working.** [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [Introduction](https://storj.dev/node/get-started/port-forwarding#introduction) -------------------------------------------------------------------------------- How a Storage Node communicates with others on the Storj network, even though it is behind a router. Most, if not all ISPs give a dynamic IP address, which means your IP can change at any time. As a work around, you need a dynamic DNS service to ensure your storage node is connected. **Advanced: Already have a Static IP?** [Setup port forwarding](https://storj.dev/node/get-started/port-forwarding#setup-port-forwarding-router-port-forwarding-configuration) [Setup Dynamic DNS Service: Hostname Configuration](https://storj.dev/node/get-started/port-forwarding#setup-dynamic-dns-service-hostname-configuration) --------------------------------------------------------------------------------------------------------------------------------------------------------- If you don't have a static IP, the first step is setting up a hostname. There are various services available that allow you to set up a DDNS hostname. The following steps will guide you through doing this with one of the services, [NoIP](https://www.noip.com/) . [Create a Free Hostname using NoIP](https://storj.dev/node/get-started/port-forwarding#create-a-free-hostname-using-no-ip) --------------------------------------------------------------------------------------------------------------------------- Add a free hostname using [NoIP](http://noip.com/) which needs to be renewed every 30 days when using a free account. On the NoIP website, scroll down to _“Create Your Free Hostname now”_, then do the following: * In the hostname input field, select a hostname of your liking (e.g. _mystoragenode_), it can contain letters and numbers. * Next, select a hostname provider of your liking (e.g. _“._[_ddns_._net_](http://ddns.net/) _”)_ in the box to the right. * Click “_Sign Up"._ [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dbmW2zZComZnvZfiTlmTZ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dbmW2zZComZnvZfiTlmTZ_image.png) On the sign-up page, enter your email, username, and password. Make sure to write these details down, as you will need them later. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Xzp-7nDgdp0H2r60KmFvq_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Xzp-7nDgdp0H2r60KmFvq_image.png) Once you have created an account and clicked the confirmation link in the e-mail, scroll down to where it says _“How to remote access your device”_ and click _“Get started with Dynamic DNS.”_ This will take you to the NoIP dashboard. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Od2QBn9eLu5_O8RpNC1GR_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Od2QBn9eLu5_O8RpNC1GR_image.png) [Setup Dynamic DNS Service: Dynamic Update Client Tool](https://storj.dev/node/get-started/port-forwarding#setup-dynamic-dns-service-dynamic-update-client-tool) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- You'll need to setup a dynamic update tool, which automatically tracks and assigns the IP address to your hostname. So, if your public IP changes, your node won’t get disconnected from the network. Please keep your hostname at hand as we will need it later. If your router supports NoIP's Dynamic DNS, we highly recommend configuring your router. [Here's how to do that](https://www.noip.com/support/knowledgebase/how-to-configure-ddns-in-router/) . LinuxMacOSWindows [Dynamic Update Client for Linux](https://storj.dev/node/get-started/port-forwarding#dynamic-update-client-for-linux) ---------------------------------------------------------------------------------------------------------------------- First, open a new terminal window so you can type commands into Linux. Once you’ve opened your terminal window, log in as “root” user. You can become the root user from the command line by entering `sudo -s` followed by the root password on your machine. Navigate to src folder: cd /usr/local/src/ cd /usr/local/src/ CopyCopied! Download the necessary files: wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz CopyCopied! Extract the files using the following command: tar xf noip-duc-linux.tar.gz tar xf noip-duc-linux.tar.gz CopyCopied! Navigate to the folder: cd noip-2.1.9-1/ cd noip-2.1.9-1/ CopyCopied! Once in the directory, type: make install make install CopyCopied! You’ll then be prompted to log in with your NoIP account username and password. If you get “make not found” or “missing gcc” then you don’t have the gcc compiler tools installed. Install the gcc compiler tools to proceed. As root again (or with sudo) issue this command: /usr/local/bin/noip2 -C /usr/local/bin/noip2 -C CopyCopied! You’ll then be prompted for your NoIP username and password, as well as the hostnames you wish to update. **One of the questions is, “Do you wish to update ALL hosts?”** If answered incorrectly, this could affect hostnames in your account that are pointing at other locations. Now that the client is installed and configured, you just need to launch it. Simply issue this final command to launch the client in the background: /usr/local/bin/noip2 /usr/local/bin/noip2 CopyCopied! By default, the DUC software will not start when you reboot your system. Check the README file in the `no-ip-2.1.9` folder for instructions on how to make the client run at startup. This varies depending on what Linux distribution you are running. [Setup Port Forwarding: Router Port Forwarding Configuration](https://storj.dev/node/get-started/port-forwarding#setup-port-forwarding-router-port-forwarding-configuration) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- To set up port forwarding (TCP/UDP) on a router, we must first get the gateway IP address so we can access the router: LinuxMacOSWindows Open the terminal app and run the following command ip route | grep default ip route | grep default CopyCopied! Once you have your gateway IP, open a browser and type it in. You'll be forwarded to a login page of your router. If you don't know the login, try googling the default username and password for your router's make and model. Once you are logged in to your router, find the port forwarding tab _(for some routers it's in "advanced settings")._ Now, you will need to get the local IP of your machine the node is running on: LinuxMacOSWindows Open the terminal app and run the following command: hostname -I hostname -I CopyCopied! The local IP will be the first set of numbers. Next, go back to your router's port forward page and **add a new rule for port 28967** with the IPv4 address you just retrieved. [Make Sure to Add a Firewall Rule](https://storj.dev/node/get-started/port-forwarding#make-sure-to-add-a-firewall-rule) ------------------------------------------------------------------------------------------------------------------------ LinuxMacOSWindows Congratulations, you've setup port forwarding! ### [Have any difficulties?](https://storj.dev/node/get-started/port-forwarding#have-any-difficulties) Search for port forwarding instructions for your exact router model. Previous [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) Next [Step 3. Configure QUIC](https://storj.dev/node/get-started/quic-requirements) --- # access restrict - Storj Docs This command allows you to create a restricted Access Grant and print it to `stdout`, export it to a file or import it as an access to the local store of Uplink. [Usage](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#usage) ----------------------------------------------------------------------------------- windowslinuxmacos ./uplink.exe access restrict [flags] ./uplink.exe access restrict [flags] CopyCopied! [Flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#flags) ----------------------------------------------------------------------------------- | Flag | Description | | --- | --- | | `--access string` | Access name or value to restrict | | `--import-as string` | Import the access as this name | | `--export-to string` | Export the access to this file path | | `-f, --force` | Force overwrite an existing saved access | | `--use` | Switch the default access to the newly created one | | `--prefix SharePrefix` | Key prefix access will be restricted to this prefix.You can optionally specify this flag several times to add several different prefixes to the access grant. | | `--readonly` | Implies `--disallow-writes` and `--disallow-deletes` (default true) | | `--writeonly` | Implies `--disallow-reads` and `--disallow-lists` | | `--disallow-deletes` | Disallow deletes with the access | | `--disallow-lists` | Disallow lists with the access | | `--disallow-reads` | Disallow reads with the access | | `--disallow-writes` | Disallow writes with the access | | `--not-before relative_date` | Disallow access before this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700') | | `--not-after relative_date` | Disallow access after this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700') | | `--max-object-ttl period` | The object is automatically deleted after this period. (e.g. '1h30m', '24h', '720h') | [Global flags](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#global-flags) ------------------------------------------------------------------------------------------------- | Global flags | Description | | --- | --- | | `--config-dir string` | Directory that stores the configuration | | `--help`, `-h` | prints help for the command | | `--advanced` | when used with -h, prints advanced flags help | [Examples](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#examples) ----------------------------------------------------------------------------------------- ### [Create a restricted Access Grant](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#create-a-restricted-access-grant) As result, it will print the created access grant to `stdout`. Since we did not specify any restrictions, only the defaults will be applied. This command will print an Access Grant with read only access: windowslinuxmacos ./uplink.exe access restrict ./uplink.exe access restrict CopyCopied! 18yMsZpg6ZQdz........ 18yMsZpg6ZQdz........ CopyCopied! ### [Create a restricted Access Grant and export it to the file](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#create-a-restricted-access-grant-and-export-it-to-the-file) This will export the restricted access grant to a file named "access.txt": windowslinuxmacos ./uplink.exe access restrict --not-after +1h --export-to access.txt ./uplink.exe access restrict --not-after +1h --export-to access.txt CopyCopied! Exported access to: /home/user/access.txt Exported access to: /home/user/access.txt CopyCopied! ### [Create a restricted Access Grant and import it to Uplink](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#create-a-restricted-access-grant-and-import-it-to-uplink) This will import the write only restricted access grant to Uplink as a named access: windowslinuxmacos ./uplink.exe access restrict --access us1 --writeonly --import-as us1-wo ./uplink.exe access restrict --access us1 --writeonly --import-as us1-wo CopyCopied! Imported access "us1-wo" to "/home/user/.config/storj/uplink/access.json"17UjiCX..... Imported access "us1-wo" to "/home/user/.config/storj/uplink/access.json"17UjiCX..... CopyCopied! ### [Create a restricted Access Grant and replace the existing access](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#create-a-restricted-access-grant-and-replace-the-existing-access) This will import the restricted access grant to Uplink as a named access and replace it if one existed already: windowslinuxmacos ./uplink.exe access restrict --import-as us1-ro --force ./uplink.exe access restrict --import-as us1-ro --force CopyCopied! Imported access "us1-ro" to "/home/user/.config/storj/uplink/access.json"19jihX... Imported access "us1-ro" to "/home/user/.config/storj/uplink/access.json"19jihX... CopyCopied! ### [Create a restricted Access Grant for several prefixes](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict#create-a-restricted-access-grant-for-several-prefixes) This will create the restricted access grant for several prefixes: windowslinuxmacos ./uplink.exe access restrict --prefix sj://cakes/New-York --prefix sj://pies ./uplink.exe access restrict --prefix sj://cakes/New-York --prefix sj://pies CopyCopied! 16Xng... 16Xng... CopyCopied! Previous [access remove](https://storj.dev/dcs/api/uplink-cli/access-command/access-remove) Next [access revoke](https://storj.dev/dcs/api/uplink-cli/access-command/access-revoke) --- # Understand and Manage Access Grants - Storj Docs An [Access Grant](https://storj.dev/learn/concepts/key-architecture-constructs#access-grant) is a bearer token that enables applications to interact with Storj to access objects stored on the service and decrypt them client-side. An Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a set of one or more restricted prefix-based encryption keys—everything an application needs to locate an object on the network, access that object, and decrypt it. [Simple Developer Tool for Access Management](https://storj.dev/learn/concepts/access/access-grants#simple-developer-tool-for-access-management) ------------------------------------------------------------------------------------------------------------------------------------------------- Access Grants coordinate two parallel constructs—encryption and authorization in a way that makes it easy to share data without having to manage access control lists or use complex encryption tools. Both of these constructs work together to provide a client-side access management framework that’s secure and private, as well as extremely flexible for application developers. Access Grants are used for access management for client applications using the libuplink library, the CLI, as well as for generating credentials for the S3 compatible gateway (both the hosted GatewayMT and the self-hosted GatewayST). To make the implementation of these constructs as easy as possible for developers, the Storj developer tools abstract the complexity of encoding objects for access management and encryption/decryption. A simple share command encapsulates an [encryption key](https://storj.dev/learn/concepts/access/encryption-and-keys) , an [API Key](https://storj.dev/learn/concepts/access/access-grants/api-key) (a bearer token), and the appropriate Satellite address into an encoded string called an Access Grant. Access Grants can be imported easily into an Uplink client, whether it's the CLI, developer library, or a client application. Imported Access Grants are managed client-side and may be leveraged in applications via the uplink client library. Access Grants can be restricted both from the server side (at the Satellite) and from the client side using the CLI or libuplink library, a serialized, hierarchically derived structure. When creating restricted access grants, both the API Key and the encryption key are hierarchically derived automatically from the parent Access Grant. Learn how to create an Access Grant using the Satellite Admin Console in the [Storj Console](https://storj.dev/support/storj-console) . Learn how to [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) in the [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) . Storj satellites never come in contact with encryption keys. When you use an access grant with the CLI, libuplink library, or the self-hosted Gateway, encryption keys are managed client-side using a serialized, hierarchically derived structure for end-to-end encryption. With the cloud-hosted Gateway-MT, your data is server-side encrypted, since Storj is hosting the gateway. Previous [Access Management](https://storj.dev/learn/concepts/access) Next [API Key](https://storj.dev/learn/concepts/access/access-grants/api-key) --- # Understanding Storj's Auth Service and its Security Layers - Storj Docs The Auth Service is one of the Edge Services that enables the Storj S3-compatible gateway and Linkshare service to interact with browser-based or other cloud-native applications. [Overview](https://storj.dev/learn/concepts/edge-services/auth-service#overview) --------------------------------------------------------------------------------- When objects are shared via [Linksharing Service](https://storj.dev/learn/concepts/linksharing-service) or via the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) , an [Access Grants](https://storj.dev/learn/concepts/access/access-grants) is automatically registered with the Auth Service. The Access Grant used in conjunction with the edge services does contain encryption information for the objects that are within the scope of the Access Grant. Access Grants registered with the Auth Service are encrypted with an encryption key that is not stored or persisted by any Storj Service. The encryption key used to encrypt the Access Grants are held by the user or the user's application. In all cases, the encryption key used to encrypt the Access Grants registered with the Auth Service is managed in the same way and treated the same way by the code. There are three different ways the users and applications interact with the Auth Service: * **Object Browser** - users must enter their encryption passphrase that derives the appropriate encryption keys each time they access the Object Browser in the Satellite Admin Console. * **Hosted S3 Gateway** - the encryption key used to encrypt the Access Grant is the Access Key in the S3 credentials generated from registering the Access Grant. * **Linkshare Service** - the encryption key used to encrypt the Access Grant is embedded in the URL. Note that in the case of Access Keys specifically registered for the linksharing service, the Access Key does not require a Secret Key for authorization and use. **Note:** The encryption information generated for use in conjunction with the Linksharing Service or S3-compatible gateway credentials follows the same hierarchically deterministic derived method as all [Access Grants](https://storj.dev/learn/concepts/access/access-grants) and the [Encryption Keys](https://storj.dev/learn/concepts/access/encryption-and-keys) is limited in scope to the level of access provided at the path-key or object-key as defined in the access Grant.All of the Edge Services use [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) . ### [Secure Handling of Encryption Information](https://storj.dev/learn/concepts/edge-services/auth-service#secure-handling-of-encryption-information) Where customers elect to utilize [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) in conjunction with Storj Edge Services, Storj Edge Services only hold customer encryption information during the duration of an operation but not longer. Such customer encryption information is stored encrypted at rest. This data is encrypted with a key given to the user that Storj does not keep. Without an encryption key, no one, including Storj, can access customer encrypted information. The user must provide this key as part of their operation authentication. ### [Registering an Access Grant](https://storj.dev/learn/concepts/edge-services/auth-service#registering-an-access-grant) Access Grants are registered with the Auth Service either via [Object Browser](https://storj.dev/support/object-browser) in the Satellite Admin Console or via the CLI. The CLI may be used to [share](https://storj.dev/dcs/api/uplink-cli/share-command) or [access register](https://storj.dev/dcs/api/uplink-cli/access-command/access-register) . Previous [Edge Services](https://storj.dev/learn/concepts/edge-services) Next [Encryption](https://storj.dev/learn/concepts/encryption-key) --- # Benefits of Edge-Based Authorization Model in Access Management - Storj Docs A discussion of the implementation approach and benefits of an edge-based delegated authorization model. One of the areas where we’re seeing the strongest interest from developers, customers and partners building apps is our [security model and access control](https://www.storj.io/blog/2019/12/secure-access-control-in-the-decentralized-cloud/) layer. The security and privacy capabilities of the platform are some of the most differentiating features and they give our partners and customers some exciting new tools. Distributed and decentralized cloud storage is a fantastic way to take advantage of underutilized storage and bandwidth, but in order to provide highly available and durable cloud storage, we needed to build in some fairly sophisticated security and privacy controls. Because we had to build with the assumption that any Node could be run by an untrusted person, we had to implement a zero-knowledge security architecture. This turns out to not only make our system far more resistant to attacks than traditional architectures, but also brings significant benefits to developers building apps on the platform. [Decentralized Architecture Requires Strong Privacy and Security](https://storj.dev/learn/concepts/access/access-management-at-the-edge#decentralized-architecture-requires-strong-privacy-and-security) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- From the network perspective, we need to make sure the data stored on our platform remains private and secure. At the most basic level, we need to ensure that pieces of files stored on untrusted Nodes can’t be compromised, either by accessing that data or preventing access to that data. We combine several different technologies to achieve data privacy, security and availability. From the client side, we use a combination of end-to-end encryption, erasure coding, and API Keys. Erasure coding is primarily used to ensure data availability, although storing data across thousands of diverse Storage Nodes does add a layer of security by eliminating any centralized honeypot of data. By way of example, when a file or segment is erasure coded, it is divided into 80 pieces, of which any 29 can be used to reconstitute the (encrypted) file. With our zero-knowledge architecture, any Node Operator only gets one of the 80 pieces. There is nothing in the anonymized metadata to indicate what segment that piece belongs to, or where the other 80 pieces are etc. It’s worth noting that 80 pieces is the minimum number of pieces for a single object. Files larger than 64MB are broken up into 64 MB segments, each of which is further divided up into 80 pieces. A 1GB file for example is broken up into 16 segments, each with a different randomized encryption key, and each broken up into 80 pieces, for a total of 1,280 pieces. If a hacker wants to obtain a complete object, they need to find at least 29 Nodes that hold a piece of each segment, compromise the security of each one (with each Node being run by different people, on different Nodes, using different firewalls, etc.). Even then, they would only have enough to reconstitute a file that is still encrypted. And, they’ll have to repeat that process for the next segment. Compare that to a situation (e.g. what was seen at Equifax a few years ago), where a simple misconfiguration gave access to hundreds of millions of individuals’ data, and you’ll see the power of this new model. Just storing data on Storj provides significant improvements over centralized data storage in terms of reducing threat surfaces and exposure to a variety of common attack vectors. But when it comes to sharing access to data—especially highly sensitive data—developers really experience the advantages of our platform. Where we’re already seeing the most interest from partners on the combination of end-to-end encryption and the access management capabilities of our API Keys. ### [Separating Access and Encryption](https://storj.dev/learn/concepts/access/access-management-at-the-edge#separating-access-and-encryption) One of the great things about Storj is that it separates the encryption function from the access management capabilities of the API Keys, allowing both to be managed 100% client-side. From a developer perspective, managing those two constructs is easy because all of the complexity is abstracted down to a few simple commands. What this enables developers to do is move access management from a centralized server to the edge. ### [Hierarchically Deterministic End-to-End Encryption](https://storj.dev/learn/concepts/access/access-management-at-the-edge#hierarchically-deterministic-end-to-end-encryption) All data stored on Storj is encrypted from the client side. What that means is users control the encryption keys and the result is an extremely private and secure data store. Both the objects and the associated metadata are encrypted using randomized, salted, path-based encryption keys. The randomized keys are then encrypted with keys derived from the user’s encryption passphrase. Neither Storj nor any Storage Nodes have access to those keys, the data, or the metadata. By using hierarchically derived encryption keys, it becomes easy to share the ability to decrypt a single object or set of objects without sharing the private encryption passphrase or having to re-encrypt objects. Unlike the HD API Keys, where the hierarchy is derived from further restrictions of access, the path prefix structure of the object storage hierarchy is the foundation of the encryption structure. A unique encryption key can be derived client-side for each object whether it’s a path or file. That unique key is generated automatically when sharing objects, allowing users to share single objects or paths, with the ability to encrypt just the objects that are shared, without having to worry about separately managing encryption access to objects that aren’t being shared. ### [Access Management with API Keys](https://storj.dev/learn/concepts/access/access-management-at-the-edge#access-management-with-api-keys) In addition to providing the tools to share the ability to decrypt objects, Storj also provides sophisticated tools for managing access to objects. Storj uses hierarchically deterministic API Keys as an access management layer for objects. Similar to HD encryption keys, HD API Keys are derived from a parent API Key. Unlike the HD encryption keys where the hierarchy is derived from the path prefix structure of the object storage hierarchy, the hierarchy of API Keys is derived from the structure and relationship of access restrictions. HD API Keys embed the logic for the access it allows and can be restricted, simply by embedding the path restrictions and any additional restrictions within the string that represents the API Key. Unlike a typical API key, the Storj API Key is not a random string of bytes, but rather an envelope with access logic encoded in it. ### [Bringing it Together with the Access](https://storj.dev/learn/concepts/access/access-management-at-the-edge#bringing-it-together-with-the-access) Access management on Storj requires coordination of the two parallel constructs described above—encryption and authorization. Both of these constructs work together to provide an access management framework that is secure and private, as well as extremely flexible for application developers. Both encryption and delegation of authorization are managed client-side. While both of these constructs are managed client-side, it’s important to point out that only the API Keys are sent to the Satellite. The Satellite interprets the restrictions set by the client in the form of caveats, then controls what operations are allowed based on those restrictions. Encryption keys are never sent to the Satellite. Sharing access to objects stored on Storj requires sending encryption and authorization information about that object from one client to another. The information is sent in a construct called an Access. An Access is a security envelope that contains a restricted HD API Key and an HD encryption key—everything an application needs to locate an object on the network, access that object, and decrypt it. To make the implementation of these constructs as easy as possible for developers, the Storj developer tools abstract the complexity of encoding objects for access management and encryption/decryption. A simple share command encapsulates both an encryption key and an API Key into an Access in the format of an encoded string that can be easily imported into an Uplink client. Imported Accesses are managed client-side and may be leveraged in applications via the Uplink client library. ### [Why Security at the Edge Matters](https://storj.dev/learn/concepts/access/access-management-at-the-edge#why-security-at-the-edge-matters) The evolution of cloud services and the transition of many services from on-premise to centralized cloud has massive increases in efficiency and economies of scale. That efficiency in many ways is driven by a concentration not only of technology, but expertise, and especially security expertise. That efficiency has also come at the cost of tradeoffs between security and privacy. Moreover, many new business models have emerged based almost entirely on the exchange of convenience for giving up the privacy of user data. In the cloud economy, user’s most private data is now more at risk than ever, and for the companies that store that data, new regulatory regimes have emerged, increasing the impact on those businesses if that data is compromised. ### [The Intersection of Cybersecurity Skill and Decentralized Data](https://storj.dev/learn/concepts/access/access-management-at-the-edge#the-intersection-of-cybersecurity-skill-and-decentralized-data) While the transition of on-premise to cloud has brought a reduction in the number and types of hacks, much of the vulnerability of on-premise technology was due in part to a lack of cybersecurity experience and expertise. A big part of the push to Gmail is the fact that it’s much less likely to get hacked than a privately operated mail server. The transition to the cloud has resulted in a much greater separation of security expertise and technology use. The cost of best-in-class security expertise of cloud providers is, like the cost of infrastructure, spread across all customers. One additional consequence of that separation—the loss of cybersecurity expertise—is the lack of appreciation of the resulting tradeoff. That security does not come with transparency, and in fact, many times that security comes in exchange for a loss of privacy. This is where a decentralized edge-based security model provides a similar security advantage but without the tradeoffs against transparency or privacy. With Storj, you get the benefit of the team’s distributed storage, encryption, security, and privacy expertise but you also get the full transparency of the open-source software. This ultimately enables the ability not only to trust but to verify the security of the platform, but that’s not where the difference ends. Storj provides all the security benefits of a cloud storage service, but provides the tools to take back control over your privacy. ### [Edge-based Security + Decentralized Architecture = Privacy by Default](https://storj.dev/learn/concepts/access/access-management-at-the-edge#edge-based-security-decentralized-architecture-privacy-by-default) Classic authorization technologies are built for client-server architectures. Web-centric authorization schemes such as OAuth and JWT are built for largely synchronous transactions that involve separating the resource owner and the authorization service. Each of these approaches depends on its success on a central authority. To truly maximize privacy and security at a massive scale, there is a need to efficiently delegate resource authorization away from centralized parties. Moving token generation and delegation closer to the edge of the architecture represents a fundamental shift in the way technologists can create verified trust systems. Having the ability in a distributed system to centrally initiate trust (via [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) ) and extrapolate specifically scoped keys from that trust allows systems to generate their own trust chains that can be easily managed for specific roles and responsibilities. Authorization delegation is managed at the edge but derived based on a common, transparent trust framework. This means that [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) (access tokens) generated at the edge can be efficiently interpreted centrally, but without access to the underlying encrypted data. Distributed and decentralized environments are designed to eliminate trust by definition. By moving security, privacy, and access management to the edge, users regain control over their data. With tools such as client-side encryption, cryptographic audits and completely open-source architecture, trust boundaries and risk are mitigated not by the service provider, but by the tools in the hands of the user. ### [A Different Approach Delivers Differentiated Value Out-of-the-box](https://storj.dev/learn/concepts/access/access-management-at-the-edge#a-different-approach-delivers-differentiated-value-out-of-the-box) Storj’s distributed cloud storage and edge-based security model provide easy tools for building applications that are more private, more secure, and less susceptible to the range of common attacks. With this approach, no incompetent or malicious operator can undermine security. By embracing decentralization and security at the edge, the system is architected to be resilient. Unlike other cloud storage providers, like the AWS Detective solution, Storj integrates security features which are enabled by default. With Storj, you don’t pay extra for security and privacy. **Reduced Risk** - Common attacks (misconfigured access control lists, leaky buckets, insider threats, honeypots, man-in-the-middle attacks, etc.) depend for their success on breaching a central repository of access controls or gaining access to a treasure trove of data. The Storj security model provides a way to architect out whole categories of typical application attack vectors. **Reduced Threat Surface** - By separating trust boundaries and distributing access management and storage functions, a significant percentage of the typical application threat surfaces is either eliminated or made orders of magnitude more complex to attack. **Enhanced Privacy** - With access managed peer-to-peer, the platform provides the tools to separate responsibilities for creating bearer tokens for access management from encryption for use of the data. Separation of these concerns enables decoupling storage, access management and use of data, ensuring greater privacy with greater transparency. ### [Purpose-Built for Distributed Data](https://storj.dev/learn/concepts/access/access-management-at-the-edge#purpose-built-for-distributed-data) Distributed data storage architecture combined with edge-based encryption and access management stores your data as if it were encrypted sand stored on an encrypted beach. The combination of client-side HD Encryption keys and HD API Keys in an easy-to-use platform enables application developers to leverage the capability-based security model to build applications that provide superior privacy and security. Previous [When to use the Storj Console and When to use the CLI](https://storj.dev/learn/concepts/access/access-grants/when-to-use-the-satellite-web-interface-and-when-to-use-the-cli) Next [Access Revocation](https://storj.dev/learn/concepts/access/access-revocation) --- # share - Storj Docs Shares restricted access to objects [Usage](https://storj.dev/dcs/api/uplink-cli/share-command#usage) ------------------------------------------------------------------ windowslinuxmacos ./uplink.exe share [ALLOWED_PATH_PREFIX]... [flags] ./uplink.exe share [ALLOWED_PATH_PREFIX]... [flags] CopyCopied! An access generated using `uplink share` with no arguments creates an access to your **entire project** with read permissions. [Flags](https://storj.dev/dcs/api/uplink-cli/share-command#flags) ------------------------------------------------------------------ | Flag | Description | | --- | --- | | `--access string` | the serialized access, or name of the access to use | | `--auth-service string` | url for shared auth service (default "https://auth.storjshare.io") | | `--base-url string` | the base URL for link sharing (default "https://link.storjshare.io") | | `--disallow-deletes` | if true, disallow deletes | | `--disallow-lists` | if true, disallow lists | | `--disallow-reads` | if true, disallow reads | | `--disallow-writes` | if true, disallow writes | | `--dns string` | specify your custom hostname. if set, returns dns settings for web hosting. implies `--register` and `--public` | | `--export-to string` | path to export the shared access to | | `--help`, `-h` | help for share | | `--not-after` | disallow access after this time (e.g. '+2h', '2020-01-02T15:01:01-01:00') | | `--not-before` | disallow access before this time (e.g. '+2h', '2020-01-02T15:01:01-01:00') | | `--max-object-ttl` | The object is automatically deleted after this period. (e.g. '1h30m', '24h', '720h') | | `--public` | if true, the access will be public. `--dns`and `--url`override this | | `--readonly` | implies `--disallow-writes` and `--disallow-deletes` | | `--register` | if true, creates and registers access grant | | `--url` | if true, returns a url for the shared path. implies `--register` and `--public` | | `--writeonly` | implies `--disallow-reads` and `--disallow-lists` | [Examples](https://storj.dev/dcs/api/uplink-cli/share-command#examples) ------------------------------------------------------------------------ ### [Share a single object](https://storj.dev/dcs/api/uplink-cli/share-command#share-a-single-object) windowslinuxmacos ./uplink.exe share sj://cakes/cheesecake.jpg ./uplink.exe share sj://cakes/cheesecake.jpg CopyCopied! Notice that by default, only download (read) and list operations are allowed. =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12yUGNqdsKX1Xky2qVoGwdpL... =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12yUGNqdsKX1Xky2qVoGwdpL... CopyCopied! ### [Share a bucket with all permissions](https://storj.dev/dcs/api/uplink-cli/share-command#share-a-bucket-with-all-permissions) windowslinuxmacos ./uplink.exe share sj://cakes/ --readonly=false ./uplink.exe share sj://cakes/ --readonly=false CopyCopied! As the `--readonly` flag is set to false, _uploads_ and _deletes_ are allowed. =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : AllowedLists : AllowedDeletes : AllowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12BncZWg9xc4GyXCgCi3YvBg... =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : AllowedLists : AllowedDeletes : AllowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12BncZWg9xc4GyXCgCi3YvBg... CopyCopied! ### [Register with Gateway MT](https://storj.dev/dcs/api/uplink-cli/share-command#register-with-gateway-mt) Generate credentials to use with our S3 multitenant gateway: [Getting started](https://storj.dev/dcs/getting-started) windowslinuxmacos ./uplink.exe share sj://cakes/ --register ./uplink.exe share sj://cakes/ --register CopyCopied! Notice the endpoint generated for Gateway MT: `https://gateway.storjshare.io`. =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Q74vfxunqiAQ15WPxPqreya...========== CREDENTIALS ===================================================================Access Key ID: jvguri...Secret Key : j3nj4x...Endpoint : https://gateway.storjshare.io =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Q74vfxunqiAQ15WPxPqreya...========== CREDENTIALS ===================================================================Access Key ID: jvguri...Secret Key : j3nj4x...Endpoint : https://gateway.storjshare.io CopyCopied! ### [Link Sharing](https://storj.dev/dcs/api/uplink-cli/share-command#link-sharing) You can also generate a URL to share your projects/buckets/objects windowslinuxmacos ./uplink.exe share sj://cakes/ --url --not-after=none ./uplink.exe share sj://cakes/ --url --not-after=none CopyCopied! Note that specifying `--base-url` is optional, but the `--not-after` is mandatory. If you do not want to specify date or offset - you can specify `--not-after=none`. See [share](https://storj.dev/dcs/api/uplink-cli/share-command) for details. =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Q74vfxunqiAQ15WPxPqreya...========== CREDENTIALS ===================================================================Access Key ID: jvguri...Secret Key : j3nj4x...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== BROWSER URL ==================================================================REMINDER : Object key must end in '/' when trying to share recursivelyURL : https://link.storjshare.io/s/jvguri.../cakes =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 1Q74vfxunqiAQ15WPxPqreya...========== CREDENTIALS ===================================================================Access Key ID: jvguri...Secret Key : j3nj4x...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== BROWSER URL ==================================================================REMINDER : Object key must end in '/' when trying to share recursivelyURL : https://link.storjshare.io/s/jvguri.../cakes CopyCopied! Also note that the URL uses the same Gateway MT access key, so if you have that already, you don't necessarily need to run this command to generate a shareable link. `https://link.storjshare.io/s//` To download content directly, use `/raw/` in Linkshare URL ex: `https://link.storjshare.io/raw/jxkfryh6anmtrcfhtio4q5lszuza/media%2FBig%20Buck%20Bunny%20Demo.mp4` To view the object location map, use `/s/` in Linkshare URL ex: `https://link.storjshare.io/s/jxkfryh6anmtrcfhtio4q5lszuza/media%2FBig%20Buck%20Bunny%20Demo.mp4` ### [Webhosting](https://storj.dev/dcs/api/uplink-cli/share-command#webhosting) For more detail, visit the documentation on [Static site hosting](https://storj.dev/dcs/code/static-site-hosting) . While you may share individual objects with the above linksharing instructions, you must share a bucket or object prefix for webhosting. Your web address will render the index.html file. windowslinuxmacos ./uplink.exe share --dns www.mysite.com sj://cakes/ ./uplink.exe share --dns www.mysite.com sj://cakes/ CopyCopied! =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12BncZWg9xc4GyXCDX73...========== CREDENTIALS ===================================================================Access Key ID: ju3ga56lfk7x...Secret Key : j2psszecoqtc...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== DNS INFO =====================================================================Remember to update the $ORIGIN with your domain name. You may also change the $TTL.$ORIGIN example.com.$TTL 3600www.mysite.com IN CNAME link.storjshare.io.txt-www.mysite.com IN TXT storj-root:cakestxt-www.mysite.com IN TXT storj-access:ju3ga56lfk7x... =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionMaxObjectTTL : Not setPaths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12BncZWg9xc4GyXCDX73...========== CREDENTIALS ===================================================================Access Key ID: ju3ga56lfk7x...Secret Key : j2psszecoqtc...Endpoint : https://gateway.storjshare.ioPublic Access: true=========== DNS INFO =====================================================================Remember to update the $ORIGIN with your domain name. You may also change the $TTL.$ORIGIN example.com.$TTL 3600www.mysite.com IN CNAME link.storjshare.io.txt-www.mysite.com IN TXT storj-root:cakestxt-www.mysite.com IN TXT storj-access:ju3ga56lfk7x... CopyCopied! Use the generated DNS info to connect your domain name to your shared objects. Note you can use any hostname in place of `www.mysite.com` in the example. The base-url is also optional. Previous [setup](https://storj.dev/dcs/api/uplink-cli/setup-command) Next [Access](https://storj.dev/dcs/access) --- # Understanding Data Immutability in Object Storage - Storj Docs [Immutability](https://storj.dev/learn/concepts/immutability#immutability) =========================================================================== A number of object storage use cases require storage of data in a manner that the data is verifiably unalterable and incapable of being deleted. Use cases under this category include providing ransomware-resistant storage/backups or storage of data that is covered by regulatory frameworks such as HIPAA. Storj provides a unique combination of technologies that enable customers and partners to store data in a secure manner that achieves the goal of indeterminate preservation with immutability. This documentation covers the foundational technologies and their usage in the following other sections: * [Foundational Information Architecture](https://storj.dev/learn/concepts/key-architecture-constructs) * [Access and Authorization Management](https://storj.dev/learn/concepts/access) * [API Key Access Restrictions](https://storj.dev/learn/concepts/access/access-grants/api-key/restriction) This section will describe how those foundational technologies and the associated features are implemented to achieve data immutability. For more information on implementing Write Once, Read Many (WORM) storage see [here](https://storj.dev/learn/concepts/worm) [Defining Immutability](https://storj.dev/learn/concepts/immutability#defining-immutability) --------------------------------------------------------------------------------------------- Immutability in data storage may be broadly defined as providing a set of controls that ensure data may not be altered or deleted except under a specific set of circumstances and via credentials created by specific, authorized users. Data that has been configured for immutable storage is by definition read-only, meaning that it cannot be lost, accidentally deleted, corrupted, subjected to cyberattacks or ransomware, deliberately or inadvertently altered or otherwise left vulnerable to issues that can compromise the data. Immutable storage ensures the provenance and authenticity of data and provides reliable and dispositive data recovery for essential data. [Background](https://storj.dev/learn/concepts/immutability#background) ----------------------------------------------------------------------- All cloud object services achieve data immutability by managing a combination of three basic security constructs: * Privileged Identity Management / Privileged Access Management (PIM/PAM) * Credential Authorization Management * Data Storage Infrastructure Security These factors provide layers of security for data storage. Achieving data immutability starts with restricting who has the access to create credentials, security policies and configurations that determine the conditions under which data may be modified or deleted. The next layer is to establish the technical enforcement points to ensure that specifically limit application interactions with immutable data such that data cannot be altered or deleted. Finally, the underlying storage infrastructure must be secured in such a manner as to prevent the inadvertent or deliberate circumvention of access management controls or technical enforcement points via a brute-force attack on physical infrastructure. [Storj Security Constructs](https://storj.dev/learn/concepts/immutability#storj-security-constructs) ----------------------------------------------------------------------------------------------------- Storj has implemented a range of security constructs to ensure that immutable data storage may be achieved on the storage service. Where appropriate, Storj has implemented industry best practices and provided a compatibility layer with existing technical approaches to immutability. Storj has also introduced several unique capabilities that reduce the complexity required to secure data while reducing the risk and impact associated with the most common attack vectors to immutable data. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sVh154FoZgMFDeTqDOjyY_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sVh154FoZgMFDeTqDOjyY_image.png) [Privileged Account Management](https://storj.dev/learn/concepts/immutability#privileged-account-management) ------------------------------------------------------------------------------------------------------------- Storj follows industry best practices to secure user accounts that have privileged levels of access to interact with immutable data. Storj offers multi factor authentication (MFA) that enables users to address the risks associated with unauthorized access to user accounts. While enabling MFA on privileged accounts is the industry norm and best practice for restricting access management for authorized users, Storj adds an additional layer of protection for immutable data. Since all data and metadata is encrypted with encryption keys that are managed by the user and that are not stored on the Storj service, even if a privileged user account is compromised, unless the encryption passphrase associated with the data is also compromised, access to the actual data is not possible. ### [Credential Authorization Management](https://storj.dev/learn/concepts/immutability#credential-authorization-management) While it is important to secure privileged user accounts, by far the most common attack vector on cloud storage repositories are credential-based attacks. Credentials created for applications to interact with cloud storage are frequently embedded in application configurations in SaaS applications or installed applications on servers. If those Saas applications or hardware devices are compromised and a bad actor is able to access a credential, that bad actor may do whatever the credential is authorized to do. In all cases, the bad actor will attempt to escalate the privileges associated with the credential, either by bypassing additional environmental restrictions such as security policies on a specific environment or using the credential in a different application, environment or security context. Moreover, where the implementation of security controls requires a high level of complexity, users frequently choose not to implement the full spectrum of security options due to the high level of friction introduced into development lifecycles. Storj significantly simplifies the process of securing credentials and restricting the attack surface through the use of API Keys based on Macaroons. Access restrictions are encoded into API Keys within and Access Grant automatically upon creation via the Satellite Admin Console, via the CLI, or libuplink library, when using the Share command. While the possibilities for access controls that can be encoded in a Caveat are virtually unlimited, the specific Caveats supported on Storj today are as follows: **Specific Operations:** Caveats can restrict whether an Access Grant can permit any of the following operations: * Read * Write * Delete * List **Bucket:** Caveats can restrict whether an Access Grant can permit operations on one or more Buckets. **Path and path prefix:** Caveats can restrict whether an Access Grant can permit operations on Objects within a specific path in the object hierarchy. **Time Window:** Caveats can restrict when an Access Grant can permit operations on objects stored on the platform (before or after a date and time or a range of time between two dates/times Once these restrictions are encoded into an API Key, they cannot be increased in scope.  Restrictions are encoded and signed with an HMAC signature. Additional keys may be created from an API Key, but API Key creation follows a hierarchically deterministic key derivation scheme which means that the capabilities of a new API Key derived from a parent API Key may only have the same level of privilege or lower. Any privilege escalation attack that attempts to increase the capability associated with an API Key will fail as the validity of any API Key is cryptographically verifiable, and the HMAC signature of a modified API Key will not match and the Key will be rendered invalid. ### [Data Storage Infrastructure Security](https://storj.dev/learn/concepts/immutability#data-storage-infrastructure-security) While attacks on storage infrastructure are the least common, failure of storage hardware remains a real concern when it comes to the viability of immutable data. Storj take a unique approach to storing data with default encryption, erasure coded redundancy, and highly distributed storage.  The result is that all data is highly available and resistant a wide range of infrastructure failures while retaining a high level of durability that is both cryptographically verifiable, subject to automated integrity checks via cryptographic audits and able to be repaired in the event that some portion of the infrastructure fails or is otherwise compromised. There are 6 key components and processes that provide for data integrity despite any failure of underlying hardware infrastructure. **Encryption** All object data and metadata are encrypted by default on the Storj service. Objects are broken into segments and segments are encrypted using a randomized salted encryption passphrase, and the randomization ensures that if data was extracted from the underlying storage hardware, a bad actor would only be able to acquire encrypted data with no access to encryption information. Larger objects broken into multiple segments would require breaking multiple individual encryption keys even for a single object. Any attempted modification of a segment would be impossible due to the storage of data in an encrypted state. **Erasure Coding** Encrypted object data is broken into 64MB segments and then erasure coded using a 29/110 Reed-Solomon erasure coding scheme. Erasure coding ensures the integrity of data in several ways. The unit of storage of data on Storj is an erasure-coded piece of an encrypted object segment. Any attempt to modify a piece of data stored on Storj would invalidate the cryptographic signature of the piece effectively rendering it unreadable and unavailable. Erasure coding also introduces a high amount of redundancy into the storage layer such that 51 pieces of any segment could be lost simultaneously without impacting the durability of that segment. **Data Distribution** The Reed-Solomon erasure coded pieces of data are distributed over a network of tens of thousands of storage nodes in a manner that ensures that no two pieces of an object segment are stored on the same node. If any piece of hardware or infrastructure on the service fails or becomes unavailable, including hard drives, servers, equipment racks, whole data centers, or even whole regions, the integrity of data storage is not impacted. Loss or corruption of immutable data would require that huge numbers of independently operated equipment owned by different operators, on different networks, with different power supplies and in different geographical locations fail simultaneously. **Data Verifiability** Since data is stored on the distributed network of hardware in an encrypted and erasure coded state, it is impossible to modify data while stored at rest on the network. Data must be retrieved, re-encoded, decrypted, modified, re-encrypted, encoded, and distributed. Due to the encryption methodology, metadata for the modified data cannot be independently edited to allow immutable data to be modified. Any piece or segment of data may be cryptographically verified to determine its authenticity. **Audit** All data is subject to constant statistical audits that test small byte ranges of objects to ensure that storage hardware is successfully storing pieces of data. The audit process ensures that the service is able to verify the availability and durability of data at all times. As hardware fails or nodes are rendered offline, the system keeps track of the number of pieces of segments on the system to ensure the minimum number stays above a predetermined threshold for viability, known as the repair threshold. **Repair** If the number of pieces of any segment reaches the repair threshold, the system determines that the durability of that piece is approaching the minimum level of eleven nines of durability. The service then repairs the missing pieces and redistributes them to healthy storage nodes to ensure long term viability of immutable data. [Practical Implementation Pattern](https://storj.dev/learn/concepts/immutability#practical-implementation-pattern) ------------------------------------------------------------------------------------------------------------------- Using cloud object storage for an uncorrelated backup is one of the most common ways of avoiding the risk of data loss through hardware failure or exposure to threats associated with ransomware or malware. Many approaches use features like S3 Object Lock or overlaying security policies on servers, but Storj offers an effective alternative that is complex to implement, but provides an equivalent or greater level of protection. ### [Immutability Via Operation Restriction Encoded in Credential](https://storj.dev/learn/concepts/immutability#immutability-via-operation-restriction-encoded-in-credential) Storj access credentials include an API Key that can include caveats (conditional access restrictions that are encoded into the body of an API Key) which limit the operations that the API Key can allow an application to execute. An API Key has three parts, a head, a list of caveats, and a tail. These are concatenated and serialized together. An unrestricted API Key has no caveats, so it’s just a head and a tail. The head is a random nonce, and the tail of the unrestricted API Key is the HMAC of the root secret and the head. Creating a credential to achieve immutability is simply a matter of limiting the credential so that it can accomplish only the job it is intended to do with the least privilege, in this case back up application data. The credential should not have the capability to view data, update data, or delete data. The credential should be write-only. In this case, the credential should be created to allow writes, but disallow reads, lists, reads and deletes. Restricted credentials can be either created as an Access Grant for native integrations or as S3 compatible gateway credentials. Credentials can be created from the Satellite Admin console or via the Storj CLI. A write-only credential may also be limited based on the timeframe for which it is valid and may also be restricted to a specific bucket, path key or object key. The documentation for creating a restricted access credential may be found: * [List of Flags for Access Restrictions](https://storj.dev/dcs/api/uplink-cli/share-command) * [Using the Satellite Web Console for Access Restrictions](https://storj.dev/dcs/api/s3/s3-compatible-gateway) * [Using the CLI for Access Restrictions](https://storj.dev/dcs/access#create-access-grant) Once the write-only credential has been created, it is not possible to modify the credential to add additional operations, paths or objects to which the credential has access, or otherwise increase the scope of privilege. While a credential may be used to create a child credential with the same or less scope of privileges, the scope can never be increased. Properly created restricted credentials are fixed as of the int in time of creation and may not be altered to escalate privilege. When an application is configured with the write-only operation, any application configured with that credential can only write new data. Pre-existing data may not be overwritten, viewed, listed or deleted. The data is effectively immutable. If the application configured with the credential or the actual credential is compromised, it may only be used to impact future data writes (i.e. backups created after the date that the application/credential was compromised) ensuring that any data written prior to that time is not impacted. ### [Ransomware Recovery](https://storj.dev/learn/concepts/immutability#ransomware-recovery) When networks or systems are compromised and a bad actor seeks to extract payment in exchange for the return of that data or control of systems, typically, the fastest path to recovery is an immutable, uncorrelated cloud backup. A user with privileged access may create a new credential with the capability of reading the backup. Typically this recovery credential is created as read-only restricted to list and read operations so that the backup can be recovered and systems restored, but in the event recovery steps are taken from a machine that is unknowingly or subsequently compromised, the recovery credential may not be used in a separate attack. If the recovery environment is suspected to be compromised or there is a risk that the data could be exposed, data may be recovered in its encrypted state and subsequently decrypted in an air-gapped or otherwise secured environment. ### [Applicability to AI Training Sets](https://storj.dev/learn/concepts/immutability#applicability-to-ai-training-sets) Another emerging use case for immutable data is for training sets or fine tuning data sets for artificial intelligence (AI) or machine learning (ML) models. Models are resource-intensive to train and immensely valuable, but the provenance of the underlying training datasets are key to protecting the value of those models. Using Storj as the storage service for AI and ML datasets ensures the underlying data remains immutable so that future analysis of the source for any model remains fully traceable and auditable. Moreover, data sets can be moved at high speed to any point on the globe regardless of where the compute resources are located. The combination of immutable storage and the distributed architecture ensure that enterprises are able to leverage the most cost-effective compute resources in conjunction with secure, performant object storage. Previous [File Repair](https://storj.dev/learn/concepts/file-repair) Next [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) --- # Storage Node - Storj Docs [Installing a Storage Node with the Windows Installer](https://storj.dev/node/get-started/install-node-software/gui-windows/storage-node#installing-a-storage-node-with-the-windows-installer) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1. [Download the Windows MSI installer](https://github.com/storj/storj/releases/latest/download/storagenode_msi_windows_amd64.zip) 2. Extract the MSI from the zip and double click it. The installation window will open. [![Initial Storage Node Windows Installer](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4NFWY9VWzCdRltHBoU8px_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4NFWY9VWzCdRltHBoU8px_pasted-image-0.png) 3. Accept the terms of our end-user license agreement. [![EULA agreement screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6VUhKAYMC7D58hliKFMEA_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6VUhKAYMC7D58hliKFMEA_pasted-image-0.png) 4. Select the folder you would like the Storage Node software to be installed in. [![Installation folder screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JHl6cIzjMQRn8-hISrONa_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JHl6cIzjMQRn8-hISrONa_pasted-image-0.png) 5. Select the folder your Identity is stored in. When you generate your Storage Node Identity, the identity tool will show you what folder it was saved in. Please see the [Step 4. Create an Identity](https://storj.dev/node/get-started/identity) section if you have not created one yet. [![Identity folder selection screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LL0TW17fdolT5vFvZa0OX_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LL0TW17fdolT5vFvZa0OX_pasted-image-0.png) 6. Enter your [ERC-20 compatible wallet address](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) where you want to receive your STORJ token payouts. [![Operator information - Ethereum wallet](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/85j1PrZepUeQGCYMGFKJw_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/85j1PrZepUeQGCYMGFKJw_pasted-image-0.png) 7. Enter your email address to receive alerts about software updates and new features. [![Operator information - email address screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/0rIVxCc7BpUKcgcHjjtcc_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/0rIVxCc7BpUKcgcHjjtcc_pasted-image-0.png) 8. Enter your external IP address and port (:). You can find more information about how to configure this in the [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) section. [![Connection information external address screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/y3A1AmFxJJqUpZOzSdm1J_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/y3A1AmFxJJqUpZOzSdm1J_pasted-image-0.png) 9. Select where you would like the network data to be stored on your machine. The network-attached storage location could work, but it is neither supported nor recommended! Splitting subfolders from the storage location (junctions, symlinks, hardlinks, etc.) will lead to a quick disqualification if they become unavailable! The writeability and readability checks are performed on the storage location, not on subfolders. **Moving an existing node on a CLI Setup to a Windows GUI Setup?** See [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows) [![Storage folder selection screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/i8pjCLqJCL9JuQnPFALsH_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/i8pjCLqJCL9JuQnPFALsH_pasted-image-0.png) 10. Select how much storage space you would allocate to the network. Required minimum of 500 GB plus 10% overhead to be allocated [![Storage allocation selection screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VjaAz47vLIdzwwIN_dTS3_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VjaAz47vLIdzwwIN_dTS3_pasted-image-0.png) 11. Click the install button to install your Storage Node with what you configured in the previous steps. [![Start Install screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9wV8dvx17NjtWyp4sVOwg_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9wV8dvx17NjtWyp4sVOwg_pasted-image-0.png) 12. Wait for a few moments while the Storage Node is being installed on your machine. [![Installing screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LcQyXb63xCsrB_DZrIHaX_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LcQyXb63xCsrB_DZrIHaX_pasted-image-0.png) 13. Click the Finish button to exit the installer. Congrats, your Storage Node is now live! [![Install finish screen](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gLOwNZjPUw8q4ZecabrXQ_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gLOwNZjPUw8q4ZecabrXQ_pasted-image-0.png) Note: The Storage node and auto updater are installed as a Windows service. If you want to stop or restart the storage node you have to open the windows service page to do so. Previous [GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) Next [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) --- # Understanding Use Cases for Multiple Encryption Keys - Storj Docs Each Access Grant includes only one encryption key, but there are use cases where multiple keys are relevant and useful. With encryption embedded into Access Grants, it is possible to create multiple Access Grants with the same access authorization but different encryption keys. The default behavior of the Uplink Client is not to display data that the Uplink Client cannot decrypt. It is possible to view the data in it's encrypted state, but it is not possible to derive an encryption key or otherwise reverse engineer an encryption key from an Access Grant with authorization to read data, if that Access Grant does not have an encryption key scoped to the data in question. In general, the best practice is to use one encryption passphrase per bucket. If an object with the same path and object name uploaded by two uplinks with encryption keys derived from the same encryption passphrase, the most recent upload will over-write the older object. If an object with the same path and object name uploaded by two uplinks with encryption keys derived from different encryption passphrases, the objects will be uploaded as two separate objects. Because encryption keys are hierarchically deterministic, when an Access Grant is used to create a restricted Access Grant that is restricted to a particular path prefix, the encryption key of the child Restricted Access Grant is derived from the parent Access Grant. In this case, the Parent Access Grant could decrypt the data within the path restriction associated with the parent Access Grant and the child Restricted Access Grant, but the encryption key in the child Restricted Access Grant could not be used to decrypt data to which the parent Access Grant might have access but which is outside the scope of the path restriction of the the child Restricted Access Grant. The only use case for which using different encryption passphrases is common is in the case of a multiuser or multi-tenant application, storing data on behalf of different users or entities. In this case, the default behavior could be used in which is user or tenant within the application would be logically represented as a top-level path within the bucket that corresponds to the application. Each user or tenant within the application would be issued a child Restricted Access Grant scoped to the top level path associated to that user or tenant. The child Restricted Access Grant would allow a user or tenant to interact with object data restricted to their top level path, but not allow access outside of that path. Users or tenants would be unable to view or interact with data associated with peer tenants or users. It is also possible to overwrite the encryption key within a child Restricted Access Grant, allowing users to "choose" their own encryption passphrase. If those users lost access to that passphrase and the associated Access Grant, the data would be unrecoverable. Previous [Key Management](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management) Next [Connectors](https://storj.dev/learn/concepts/connectors) --- # Explaining the Linksharing Service - Storj Docs [Overview](https://storj.dev/learn/concepts/linksharing-service#overview) -------------------------------------------------------------------------- The Linksharing service provides an easy way to share an object via a web browser. Linkshare links may be shared with the following features: * **Storj Linkshare web page** - displays a preview of the shared object, including a streaming player for multimedia files along with a map displaying the geolocation of the storage nodes storing the encrypted and erasure coded pieces of the object * **Custom Domains** - Instead of using the default URL provided by linksharing, users can access their content using a custom domain: [Custom Domains](https://storj.dev/dcs/code/static-site-hosting/custom-domains) * **Path-based linkshare** - displays a list of objects with a shared path in a browser. This feature allows sharing a folder of objects. When clicked in a browser, any of the objects will be displayed individually on a Linkshare web page * **Direct download Linkshare** - a URL to directly access and download an object via the internet without loading a web page * **Restricted Access** - Linkshare links are read-only by default, but may be further restricted with any supported [Access Restrictions](https://storj.dev/learn/concepts/access/access-grants/api-key/restriction) (bucket, path and prefix, time window) * **Revokable Access** - Link share links may be revoked by deleting the associated Access Grant from the Auth Service or by revoking the Access Grant via the revocation service. The Linkshare service is part of the Storj [Edge Services](https://storj.dev/learn/concepts/edge-services) and provides an additional way to access objects over the internet via a browser in addition to the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . Note: All of the Edge Services, including the Linksharing service use [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) . [Linkshare Examples](https://storj.dev/learn/concepts/linksharing-service#linkshare-examples) ---------------------------------------------------------------------------------------------- The Storj Linkshare web page and Path-based Linkshare web page are shown below: [![Storj Linkshare web page example](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/95gBoFCZFkLVk-pvoxNAA_screen-shot-2021-09-03-at-92832-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/95gBoFCZFkLVk-pvoxNAA_screen-shot-2021-09-03-at-92832-am.png) [![Storj Path-based Linkshare web page example](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/_imI9aKD9jERtnE3ffL5Q_screen-shot-2021-09-03-at-92131-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/_imI9aKD9jERtnE3ffL5Q_screen-shot-2021-09-03-at-92131-am.png) [Linkshare QuickStart](https://storj.dev/learn/concepts/linksharing-service#linkshare-quick-start) --------------------------------------------------------------------------------------------------- To accelerate your time to success we offer an Object Browser GUI that allows you to upload and share with no command line interface required. Check out [Object Browser](https://storj.dev/support/object-browser) . The [Object Browser](https://storj.dev/support/object-browser) are included in that tutorial. [Linkshare via CLI (Advanced)](https://storj.dev/learn/concepts/linksharing-service#linkshare-via-cli-advanced) ---------------------------------------------------------------------------------------------------------------- If you prefer a command line interface (CLI) or wish to programmatically integrate to Storj we have our [uplink CLI](https://storj.dev/dcs/api/uplink-cli/share-command) in addition to our [SDKs](https://storj.dev/dcs/api/sdk) . You can also use a [Static site hosting](https://storj.dev/dcs/code/static-site-hosting) . [Regions of availability](https://storj.dev/learn/concepts/linksharing-service#regions-of-availability) -------------------------------------------------------------------------------------------------------- Linksharing Service is available in several geographical regions. When you use the endpoint [https://link.storjshare.io](https://link.storjshare.io/) , it automatically routes traffic from the closest region to your location. Previous [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) Next [Multi-tenant Data Partitioning and Isolation](https://storj.dev/learn/concepts/multi-tenant-data) --- # Storage Node Dashboard CLI - Storj Docs [Introduction](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli#introduction) -------------------------------------------------------------------------------------------------------- How to monitor the activity of your storage node. [Storage Node Operator Web Dashboard](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli#storage-node-operator-web-dashboard) ------------------------------------------------------------------------------------------------------------------------------------------------------ If you want to access this dashboard from a device on your **local network**, in your [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) command, use `-p 14002:14002` instead of `-p 127.0.0.1:14002:14002` If you want to access this dashboard remotely, use this guide: [How to remote access the web dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard) Open the following URL in your web browser: [Directly on your node:](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli#directly-on-your-node) --------------------------------------------------------------------------------------------------------------------------- http://127.0.0.1:14002/ http://127.0.0.1:14002/ CopyCopied! ### [Device on local network:](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli#device-on-local-network) http://:14002/ http://:14002/ CopyCopied! [CLI Storage Node Dashboard](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli#cli-storage-node-dashboard) ------------------------------------------------------------------------------------------------------------------------------------ Run the following command to monitor the activity of your node with the CLI dashboard: docker exec -it storagenode /app/dashboard.sh docker exec -it storagenode /app/dashboard.sh CopyCopied! **The dashboard may not load instantly.** Give it some time to fully load. Also, it is not necessary to keep the dashboard constantly running. You can exit the dashboard with `Ctrl-C` and the Storage Node will continue running in the background. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/llc8cUNZ5Butv9vRMa9iw_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/llc8cUNZ5Butv9vRMa9iw_image.png) Previous [Software Updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates) Next [GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) --- # Create an Access to an Object - Storj Docs There are several ways to share access to an object: * by [share](https://storj.dev/dcs/api/uplink-cli/share-command) * by [Import an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access) * by [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) using Uplink CLI [Share an object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access#share-an-object) ------------------------------------------------------------------------------------------------------------------------------------- You can create an access using the `uplink share` command using [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) . For example: windowsmacoslinux ./uplink.exe share sj://cakes/cheesecake.jpg --export-to cheesecake.access ./uplink.exe share sj://cakes/cheesecake.jpg --export-to cheesecake.access CopyCopied! The `--export-to` flag is used to export the access to a file. This gives the following output: =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionPaths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12yUGNqdsKX1Xky2qVoGwdpL...Exported to: cheesecake.access =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : DisallowedLists : AllowedDeletes : DisallowedNotBefore : No restrictionNotAfter : No restrictionPaths : sj://cakes/cheesecake.jpg=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 12yUGNqdsKX1Xky2qVoGwdpL...Exported to: cheesecake.access CopyCopied! [Restrict an access](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access#restrict-an-access) ------------------------------------------------------------------------------------------------------------------------------------------- The command `uplink access restrict` allows you to create a restricted access grant using [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) . An access generated using `uplink access restrict` with no arguments creates an access to your **entire project** with read permissions! Example: windowsmacoslinux ./uplink.exe access restrict --not-after=+10h --prefix sj://cakes/NewYork ./uplink.exe access restrict --not-after=+10h --prefix sj://cakes/NewYork CopyCopied! 17UjiCXa... 17UjiCXa... CopyCopied! See the [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) command reference for more actions. [Restrictions](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access#restrictions) ------------------------------------------------------------------------------------------------------------------------------- The `--readonly` flag prevents all write operations (delete and write). Similarly, the `--writeonly` flag prevents all read operations (read and list). By default, the access is read-only. To give full permissions, use `--readonly=false` You may also indicate the duration of access by specifying a start and end time. The list of all restrictions can be found [share](https://storj.dev/dcs/api/uplink-cli/share-command) . Example: windowsmacoslinux ./uplink.exe share --readonly=false --not-before=+2h --not-after=+10h sj://cakes/ ./uplink.exe share --readonly=false --not-before=+2h --not-after=+10h sj://cakes/ CopyCopied! =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : AllowedLists : AllowedDeletes : AllowedNotBefore : 2021-04-17 17:22:39NotAfter : 2021-04-18 01:22:39Paths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 123qSBBgSUSqwUdbJ6n4bxLM... =========== ACCESS RESTRICTIONS ==========================================================Download : AllowedUpload : AllowedLists : AllowedDeletes : AllowedNotBefore : 2021-04-17 17:22:39NotAfter : 2021-04-18 01:22:39Paths : sj://cakes/ (entire bucket)=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========Access : 123qSBBgSUSqwUdbJ6n4bxLM... CopyCopied! See the [access restrict](https://storj.dev/dcs/api/uplink-cli/access-command/access-restrict) and [share](https://storj.dev/dcs/api/uplink-cli/share-command) commands reference for more actions. Previous [Sharing Your First Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object) Next [Import an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/import-access) --- # Deciding Between Storj Console and CLI - Storj Docs Determining when to use the different tools for generating Access Grants is driven by the use of the underlying tool. You can generate an Access Grant in the [Storj Console](https://storj.dev/support/storj-console) , or you can use either our Go Library or [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) . [When to use the Storj Console](https://storj.dev/learn/concepts/access/access-grants/when-to-use-the-satellite-web-interface-and-when-to-use-the-cli#when-to-use-the-storj-console) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- In general, you use the Storj Console to create an Access Grant that is then used to set up whatever client tool you are using. In order to configure and use the CLI or an application like [FileZilla Native Integration](https://storj.dev/dcs/third-party-tools/filezilla/filezilla-native) or [Rclone](https://storj.dev/dcs/third-party-tools/rclone) you must first [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) to configure the client. You may create an unrestricted Access Grant or Restricted Access Grant with limited access. The Storj Console is also used to generate credentials if you want to use an application with the Storj hosted S3-compatible gateway. **Remember:** When you use an Access Grant to generate credentials for the Storj hosted S3-compatible gateway, the hosted gateway uses server-side encryption. If end-to-end encryption is essential for your use case, you should encrypt your data before sending it to the hosted gateway, or use a self-hosted S3-compatible Gateway. [When to use an Uplink client](https://storj.dev/learn/concepts/access/access-grants/when-to-use-the-satellite-web-interface-and-when-to-use-the-cli#when-to-use-an-uplink-client) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Once you have created an Access Grant from the Storj Console, the CLI, client library or other client tool can then use that Access Grant to interact with the Storj service, or create additional restricted Access Grants - child Access Grants of the parent created in the Storj Console. The Uplink Client can be used to create additional child Restricted Access Grants. **Remember:** When you create child Restricted Access Grants from a parent Restricted Access Grant, the child Restricted Access Grants can have the same level of access as the parent or less access, but never more. **For example:** A parent Restricted Access Grant that only has Read and Write access to a particular may be used to create child Restricted Access Grants that have Read-only access to the bucket or just one path within that bucket. But, a parent Restricted Access Grant that only has Read and Write access to a particular may NOT be used to create child Restricted Access Grants that have Read-write-delete access to the bucket or another path within another bucket to which the parent Restricted Access Grant does not have any access. If you want to learn more, check out the [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) section or read all about [Access Management](https://storj.dev/learn/concepts/access) . Learn how to [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) in the [Storj Console](https://storj.dev/support/storj-console) . Learn how to [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) in the [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) . Previous [Access Restrictions](https://storj.dev/learn/concepts/access/access-grants/api-key/restriction) Next [Access Management at the Edge](https://storj.dev/learn/concepts/access/access-management-at-the-edge) --- # Understanding Storj Usage Limits - Storj Docs Usage Limits allow us to ensure a consistent level of service for all customers. We have established limits for usage per Project on all Storj Satellites. All limits are set to default values as follows: [PRO Account (Paid Tier)](https://storj.dev/learn/concepts/limits#pro-account-paid-tier) ----------------------------------------------------------------------------------------- Adding a valid Payment method will result in your per-project limits being automatically raised to Pro Account limits: * 3 projects * 100 buckets per project * 25 TB storage per project * 100 TB egress bandwidth per project * 100,000,000 segments * 100 request per second rate limit * 1 write per second to the same object name * Secure Custom Domains (HTTPS) for Linksharing ### [Credit Card Payment method](https://storj.dev/learn/concepts/limits#credit-card-payment-method) Please note: some Debit cards maybe accepted too, but prepaid cards are not supported. ### [STORJ token Payment method](https://storj.dev/learn/concepts/limits#storj-token-payment-method) Adding $10 or more worth of STORJ tokens to your account deposit address will automatically upgrade your account to PRO and you will also receive a bonus of 10% of the deposit amount on your balance. Please note: The deposit address currently only accepts transactions with ERC20 STORJ tokens on Ethereum mainnet or zkSync Era (note that **zkSync Lite is not supported**). ### [Google Pay Payment method](https://storj.dev/learn/concepts/limits#google-pay-payment-method) You can also add Google Pay as a payment method, it's available when you select **Add Card** on the _**Payment Methods**_ tab of the [**Billing**](https://storj.dev/support/account-management-billing/billing) page in the desktop or mobile Chrome browsers logged in to the Google Account with enabled Google Pay. ### [Apple Pay Payment method](https://storj.dev/learn/concepts/limits#apple-pay-payment-method) You can aslo add Apple Pay as a payment method, it's available when you select **Add Card** on the _**Payment Methods**_ tab of the [**Billing**](https://storj.dev/support/account-management-billing/billing) page in the desktop or mobile Safari browsers. ### [Bank account Payment method](https://storj.dev/learn/concepts/limits#bank-account-payment-method) Available banks depending on the used region. Use the **Add Card** button on the _**Payment Methods**_ tab of the [**Billing**](https://storj.dev/support/account-management-billing/billing) page. ### [Online Payment Link in the invoice](https://storj.dev/learn/concepts/limits#online-payment-link-in-the-invoice) You can also use a payment link in the Open invoices (invoices are available on [_**Billiing History**_](https://storj.dev/support/account-management-billing/billing) tab) [Rationales behind limits](https://storj.dev/learn/concepts/limits#rationales-behind-limits) --------------------------------------------------------------------------------------------- Most cloud infrastructure providers impose storage and bandwidth limits as a normal part of capacity planning and to ensure achievement of SLAs. In distributed and decentralized storage systems they are equally important, if not more so. Like any provider, the aggregate amount of available storage and bandwidth must be shared across all users. With a distributed and decentralized storage system like Storj, the storage and bandwidth are provided by a network of third parties running storage node software. One of the key aspects to success is the balance of supply and demand. If too many users over-utilize available resources, the user experience will be poor. If there are too many storage nodes, there won’t be enough use to provide a meaningful ROI for Storage Node Operators. This can lead to storage node churn, increasing load on the network, and potentially impacting durability. Usage limits are one of the tools that maintain the balance. We set rate limits between the uplink and the satellite to ensure good service for all uplink users. Without the rate limit, users could inadvertently consume most of the database resources available on the satellite and cause issues for other users. We selected a limit that would be mostly unnoticed by end users (as the typical use case shouldn’t hit the limit). The current default limits are based on requests per second for all meta info calls: list, get, delete, put. We set the default limits for the number of buckets per project to ensure performance. In addition, we limit the number of Projects per Developer Account to minimize complexity. We have also set the default limit for the number of segments to a healthy level for the network. Note that increasing the Segment Project Limit may incur additional fees. Read more about [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) . Customers can request a limit increase when needed by filling out the [limit increase request form](https://supportdcs.storj.io/hc/en-us/requests/new?ticket_form_id=360000683212) on our Storj support portal. An automatic limit increase to Pro Account can be accomplished by adding a credit card or STORJ tokens (more or equal to $10) as a payment method. Please only make such requests if your use case requires more than the current default limits. Previous [Common Use Cases](https://storj.dev/learn/concepts/solution-architectures/common-use-cases) Next [Write Once, Read Many (WORM)](https://storj.dev/learn/concepts/worm) --- # Understanding Key Constructs in Storj Architecture - Storj Docs Developing applications on Storj require a basic familiarity with the basic constructs of the service. At a high level, object storage is a well-understood technology with established vendors and standards for integration. Storj brings a number of new capabilities to make it easy for developers to build more secure and private applications and, as with any new and disruptive technology, the key to maximizing the potential value of that technology is understanding how that technology can be practically applied to solve real-world problems. This section will orient you to some of the main constructs within the service and describes how to use Storj in your application. [But first, a word on information architecture...](https://storj.dev/learn/concepts/key-architecture-constructs#but-first-a-word-on-information-architecture) -------------------------------------------------------------------------------------------------------------------------------------------------------------- It's important to understand the constructs of Storj so that an application storing data is optimized depending on the requirements for privacy, access control, sharing, etc. The main constructs to understand are shown in the figure below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9b421M_VoF9n0TBr2Enoh_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9b421M_VoF9n0TBr2Enoh_image.png) [Satellite](https://storj.dev/learn/concepts/key-architecture-constructs#satellite) ------------------------------------------------------------------------------------ The Satellite is a set of hosted services that is responsible for a range of functions on the network, including the node discovery system, node address information caching, per-object metadata storage, storage node reputation management, billing data aggregation, storage node payment, data audit, and repair, as well as user account and authorization management. **Key Point:** You'll create an account on a Satellite. We have them all over the world. You choose a Satellite based on where your data will be most frequently accessed, as Satellites are where metadata is stored and node selection takes place. Read more about [Satellite (Metadata Region)](https://storj.dev/learn/concepts/satellite) [Developer Account](https://storj.dev/learn/concepts/key-architecture-constructs#developer-account) ---------------------------------------------------------------------------------------------------- When you create an account on a Satellite, you add some basic contact information, including a payment method if you want to use the Paid Tier Service. You can create Projects and Access Grants/Gateway Credentials, view invoices, and track usage. **Key Point:** You can invite other developers with accounts on your Satellite to join one or more of your Projects, or be added to other Developers' Projects. Read more about the [Storj Console](https://storj.dev/support/storj-console) [Project](https://storj.dev/learn/concepts/key-architecture-constructs#project) -------------------------------------------------------------------------------- A project is a basic unit for aggregating usage, calculating billing, invoicing fees, collecting payment, and handling access management. Users can create multiple projects and projects are invoiced separately. Within a project, usage is tracked at the Bucket level and aggregated for invoicing to the Project. Project names are not client-side encrypted, so they may be rendered in the Satellite user interface. There are two main drivers for creating multiple Projects: access management and billing. [Access Management](https://storj.dev/learn/concepts/key-architecture-constructs#access-management) ---------------------------------------------------------------------------------------------------- For access management, Access Grants are instantiated at the project level. A primary Access Grant created in the Satellite admin console can perform any action on any bucket in a project, but Access Grants do not work across projects. If you are a managed service provider or have multiple applications where there must be no commonality between applications for access management (no single Access Grant can be used to manage data across applications) then you should create a separate project per application or customer. Projects are also useful for managing phases of software development across environments. You may want to use a separate project for development, staging, and production environments. **Key Point:** The key distinction is that you can create granular Access Grants within a Project with restricted access to only a single object or path, it's also possible to create an Access Grant with all access to all buckets, paths, and objects within a Project. It is not possible to create an Access Grant with access to buckets, paths, and objects within more than one Project. ### [Billing](https://storj.dev/learn/concepts/key-architecture-constructs#billing) From a billing perspective, if you only have one application, or you’re an individual using an app like [FileZilla](https://www.storj.io/integrations/filezilla) or [Duplicati](https://www.storj.io/integrations/backup-with-duplicati) , you probably only need one project. If you are a managed service provider or systems integrator, and you have multiple applications or want separate invoices for each of the applications, customers, or environments you have, depending on what is relevant to your business, you’ll want to create multiple projects. Usage is itemized within projects at the bucket level, but projects have separate invoices. [Bucket](https://storj.dev/learn/concepts/key-architecture-constructs#bucket) ------------------------------------------------------------------------------ A bucket is an unbounded but named collection of objects identified by paths. Every object has a unique path within a bucket. **Key Point:** Bucket names are not client-side encrypted so that they may be rendered in the Satellite user interface. Bucket names are not client-side encrypted so that they may be rendered in the Satellite user interface. Usage is tracked and itemized on invoices at the Bucket level. One practical consideration when choosing how to map constructs in your application to constructs on Storj is that large numbers of buckets will increase the size and complexity of your invoices. From an access management perspective, there’s really no difference between using a bucket and using a top-level path within a bucket. The only differences are that bucket names are unencrypted and appear on invoices while top-level path names are encrypted and billing is aggregated at the bucket level. If you are an individual user with a single application, you may only need one Bucket. If you are building a multi-tenant or multi-user application, the best practice is to use a single bucket for the application, then create a separate top-level path to store object data associated with each tenant or user within the application. Each top-level path can be secured with a separate Restricted Access Grant. With this structure, your application can manage the data for all of the tenants or users of your application, but 100% of the objects and object metadata will be encrypted, and the tenants or users of your application will not have any access to the data of their peers unless they specifically authorize that access. [Object Key or Path (encrypted metadata)](https://storj.dev/learn/concepts/key-architecture-constructs#object-key-or-path-encrypted-metadata) ---------------------------------------------------------------------------------------------------------------------------------------------- An object key (or path) is a unique identifier for an object within a bucket. An object key is an arbitrary string of bytes. Object keys resemble file system paths by containing forward slashes at access control boundaries. Forward slashes (referred to as the path separator) separate path components. An example path might be `videos/carlsagan/gloriousdawn.mp4`, where the path components are `videos`, `carlsagan`, and `gloriousdawn.mp4`. It is possible to share just the encryption keys for objects that have a common object key path component prefix. While many object storage platforms provide access management restrictions only at the bucket level, Storj provides the tools to manage granular access at the path level. [Object (encrypted metadata)](https://storj.dev/learn/concepts/key-architecture-constructs#object-encrypted-metadata) ---------------------------------------------------------------------------------------------------------------------- An object is the main data type in our system. An object is referred to by an object key, contains an arbitrary amount of bytes, and has no minimum or maximum size. An object is represented by an ordered collection of one or more segments. Segments have a fixed maximum size. An object also supports a limited amount of key/value user-defined fields called user-defined metadata. [Access Grant](https://storj.dev/learn/concepts/key-architecture-constructs#access-grant) ------------------------------------------------------------------------------------------ Storj uses hierarchically deterministic Access Grants as an access management layer for objects. An Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a restricted path component prefix-based encryption key—everything an application needs to locate an object on the network, access that object, and decrypt it. The key benefit of this approach is that these Access Grants and any associated restrictions can be entirely managed client-side, without a central Access Control List or other server-side mechanism involved in the access management process. We call this delegated authorization. The most important thing to understand about Access Grants is, even though an Access Grant contains a serialized encryption key encapsulated in the Access Grant, that encryption key is NEVER passed to a Satellite. Storj Uplink clients separate the API Key from the Access Grant and only pass the API Key to Satellites. That way, a Satellite can receive an access request, evaluate the validity of the API Key associated with that request, and respond with the metadata needed to retrieve the pieces of the object associated with that request without having any ability to decrypt the underlying data or metadata or have any information about the context of the user or application making the request. The result is that the Storj service allows you to create more private and secure applications. Below is a brief description of the three components within an Access Grant: ### [Satellite Address](https://storj.dev/learn/concepts/key-architecture-constructs#satellite-address) The Satellite Address is contained within the Access Grant so that an Uplink client knows which Satellite to contact to retrieve the metadata associated with an object to be retrieved. ### [API Key](https://storj.dev/learn/concepts/key-architecture-constructs#api-key) An Access Grant contains an API Key that is based on a type of bearer token called a Macaroon. API Keys are both hierarchically derived from a parent and may also contain programmatic restrictions based on: 1. **Specific Operations**: Caveats can restrict whether an Access Grant can permit any of the following operations: Read, Write, Delete, List 2. **Bucket:** Caveats can restrict whether an Access Grant can permit operations on one or more Buckets. 3. **Object key and path prefix:** Caveats can restrict whether an Access Grant can permit operations on Objects that share a common path component prefix. 4. **Time Window:** Caveats can restrict when an Access Grant can permit operations on objects stored on the platform. Restrictions applied to an API Key within an Access Grant are hierarchically derived from the access restrictions contained in the API Key within the Parent Access Grant from which the Restricted Access Grant was created. That means a Restricted Access Grant can have the same level of access or less access than its Parent Access Grant, but never more access. ### [Encryption Key](https://storj.dev/learn/concepts/key-architecture-constructs#encryption-key) All data stored on Storj is encrypted. By using hierarchically-derived encryption keys, it becomes easy to share the ability to decrypt a single object or set of objects without sharing the private encryption passphrase or having to re-encrypt objects. When you create a Primary Access Grant, you provide an encryption passphrase. All Restricted Access Grants derived from that Primary Access Grant contain a path-based hierarchically derived serialized encryption key (or set of encryption keys, based on what has been shared). If you're interested in more details, please read more about [Encryption](https://storj.dev/learn/concepts/encryption-key) at your leisure. A unique encryption key can be derived client-side for each object. That unique key is generated automatically when sharing objects, allowing users to share single objects or object key prefixes, with the ability to decrypt just the objects that are shared without having to worry about separately managing encryption access to objects that aren’t being shared. But, your keys are your data. If you lose the encryption passphrase, you effectively lose the ability to recover your data. Satellites never have access to your encryption keys. Satellites can’t access your data so your privacy is ensured, but if you lose the key, that means we also can’t help you recover it. **The point:** don’t lose your encryption key. [Primary Access Grants](https://storj.dev/learn/concepts/key-architecture-constructs#primary-access-grants) ------------------------------------------------------------------------------------------------------------ Primary Access Grants are generated via the Satellite Admin Console. Note that only the API Key and Satellite address are generated by the Satellite. The actual Access Grant is created in the browser with the Encryption Passphrase provided by you. The Satellite does not store or retain the encryption passphrase or serialized encryption key encapsulated in the Access Grant. That is entirely handled in client-side Javascript in the browser. A Primary Access Grant can be created with no restrictions or can be created with one or more caveats. A Primary Access Grant can then be imported into an Uplink Client for use. The Uplink Client can then be used to create Restricted Access Grants derived from the Primary Access Key. [Restricted Access Grants](https://storj.dev/learn/concepts/key-architecture-constructs#restricted-access-grants) ------------------------------------------------------------------------------------------------------------------ The Storj service generates primary Access Grants, and restricted Access Grants are derived from a primary Access Grant or any other Access Grant via the Uplink Client. Parent-to-child, access may be further restricted, but not expanded. A restricted Access Grant can never have more access than its parent. A primary Access Grant is created in the admin console of the Satellite. A primary Access Grant has all permissions to all buckets within a project and can be used to create a child Access Grant. A restricted Access Grant may be created using the Satellite console or Uplink client. Restricted Access Grants are created in the context of creating access. Essentially, you don’t explicitly create a Restricted Access Grant, the Uplink client creates one when you generate an access, which handles both access management and encryption, both restricted to the scope of access being shared. The Storj service also supports the revocation of Access Grants. Note that revoking an Access Grant adds that Access Grant to a revocation list and invalidates the Access Grant and any child Access Grant derived from the Access Grant that has been revoked. Revoking a primary access grant can be done in the UI, but currently revoking a restricted access grant can only happen via the Uplink CLI. [Sharing Access with Restricted Access Grants](https://storj.dev/learn/concepts/key-architecture-constructs#sharing-access-with-restricted-access-grants) ---------------------------------------------------------------------------------------------------------------------------------------------------------- Sharing access to objects stored on Storj requires sending encryption and authorization information about that object from one client to another. The information is sent in a construct called a Restricted Access Grant. As noted above, an Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a restricted path-based encryption key—everything an application needs to locate an object on the network, access that object, and decrypt it. An Access contains a bearer token that is generated client-side and transmitted client-to-client. When the Uplink client generates or uses an Access, only the API Key (the bearer token) from the Access is sent to a Satellite to retrieve an object. The encryption key is retained by the Client and used to decrypt objects, metadata, and paths client-side. To implement these constructs as easily as possible for developers, the Storj developer tools abstract the complexity of encoding objects for access management and encryption/decryption. A simple share command encapsulates the satellite address for an object’s metadata, an encryption key, and an API Key into an Access in the format of an encoded string that can be easily imported into an Uplink client. Imported Accesses are managed client-side and may be leveraged in applications via the Uplink client library. [Applying the Storj Information Architecture](https://storj.dev/learn/concepts/key-architecture-constructs#applying-the-storj-information-architecture) -------------------------------------------------------------------------------------------------------------------------------------------------------- Once you understand the basic building blocks of Storj, it’s pretty easy to build some fairly sophisticated privacy and security controls into your application. Previous [Immutability](https://storj.dev/learn/concepts/immutability) Next [Linksharing Service](https://storj.dev/learn/concepts/linksharing-service) --- # Understanding Encryption Keys and Security - Storj Docs How encryption and encryption keys work on Storj. [Managing Encryption Keys](https://storj.dev/learn/concepts/access/encryption-and-keys#managing-encryption-keys) ----------------------------------------------------------------------------------------------------------------- One very important design consideration is that data stored on Storj is encrypted. That means only you have the encryption keys for your data. The service doesn't ever have access to or store your encryption keys. If you lose your keys (and lose the Access Grant containing your encryption passphrase), you will be unable to recover your data. [Encryption & Access Grants](https://storj.dev/learn/concepts/access/encryption-and-keys#encryption-and-access-grants) ----------------------------------------------------------------------------------------------------------------------- Where an API Key within an Access Grant controls what resources and operations a Satellite will allow a user to access and perform, an HD Encryption Key controls what buckets, path prefixes, and objects a user has the ability to decrypt or encrypt. At each level of the hierarchy of buckets, path prefixes, and objects, a child HD Encryption Key is derived in essentially the same manner as the serialized API Key. Both are hierarchically deterministic, but where the hierarchy of an API Key is based on the hierarchy of access restrictions, the hierarchy of encryption keys is based on the hierarchy of paths and objects. The primary difference is that while a Satellite could generate restricted Access Grants that would be essentially the same artifact as a restricted Access Grant generated by an Uplink Client, a Satellite never has access to Encryption Keys. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eXpi7oY6H_4SzeyEgMx3T_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/eXpi7oY6H_4SzeyEgMx3T_image.png) [Supported Protocols](https://storj.dev/learn/concepts/access/encryption-and-keys#supported-protocols) ------------------------------------------------------------------------------------------------------- Out-of-the-box, the Uplink Client supports the AES-256-GCM encryption standard. Being open source, developers can remove the default encryption standards and replace them with a custom or preferred encryption scheme. It doesn’t matter what encryption solution you use with your application, but it does matter that you encrypt your data. Remember that your data is erasure-coded and distributed across diverse storage nodes that are assumed to be untrusted as they are operated by complete strangers distributed all over the globe. In addition to not wanting to expose your data to the risk of compromise by byzantine storage nodes, unencrypted data creates a potential insider threat from rogue satellite operators. During ordinary Satellite file repair operation, file segments are downloaded by Satellites, re-encoded, and redistributed across storage nodes. As long as all data is encrypted client-side, the repair function does not expose the privacy or security of the data. ### [Allowing Decryption for Shared Access to Objects](https://storj.dev/learn/concepts/access/encryption-and-keys#allowing-decryption-for-shared-access-to-objects) The first part of this documentation explains how Access Grants work when access to objects stored on the Storj Platform is to be shared between applications. Encryption keys work in a very similar way. ### [Encryption Management Encoded into the Access Grant](https://storj.dev/learn/concepts/access/encryption-and-keys#encryption-management-encoded-into-the-access-grant) Each Access Grant has an Encryption Passphrase that is configured when the Access Grant is initially created. This Encryption Passphrase is used to encrypt all objects and metadata stored on Storj. When a child Restricted Access Grant is created, two things happen: 1. A restricted API Key is created inside of the new child Restricted Access Grant with a caveat that includes the restrictions in the API Key 2. A child encryption key (or set of appropriate descendant encryption keys) is derived from the appropriate encryption keys in the parent Access Grant. If the child Restricted Access Grant includes an object key path component prefix based restriction, not only will the API Key be restricted to just objects with that path prefix, but the hierarchically deterministic derived encryption key store contained in that child Restricted Access Grant can only be used to decrypt or encrypt objects with that same path prefix. Just as the child API Key cannot access objects beyond the restrictions contained in it's caveat, that child Encryption Key cannot be used to decrypt objects above the path restriction to which it is limited. By creating a restricted Access Grant, whether through the Satellite Admin Console or using an Uplink client, creating the Access Grant automatically creates an API Key and Encryption Key with the appropriate scope of restriction. At each level of the hierarchy of buckets, object key prefixes, and objects, a child HD Encryption Key is derived, and the hierarchy is encoded in the object and object metadata. Based on where an object falls in the hierarchy, if the parent encryption key is known, an encryption key can be derived for any level of the hierarchy that is valid from that point in the hierarchy and below to any child objects below it in the hierarchy. Similar to the hierarchically derived structure of Access Grants, developers or applications don’t need to worry about the complexity of maintaining a set of keys. Since the hierarchy is encoded into the encryption mechanism, a shareable key can be derived on demand. The shareable HD Encryption Key set is described as an EncryptionAccess in the Uplink Client. [Important Design Point](https://storj.dev/learn/concepts/access/encryption-and-keys#important-design-point) ------------------------------------------------------------------------------------------------------------- While the Access Grant is intended to be passed from an Uplink Client to a Satellite, the EncryptionAccess is designed to be passed peer to peer, but never to the Satellite. For efficiency and ease of use, the file sharing functions of the Uplink Client constructs a ‘security envelope’ that contains both the API Key and the EncryptionAccess, that is passed peer-to-peer. The application behavior is then for the receiving peer Client Uplink to separate the API Key and the EncryptionAccess, pass the API Key to the Satellite to obtain access to the object, and then, as the Object is downloaded, it is decrypted client-side using the HD Key. This behavior is automatic and all of that complexity is abstracted behind the `cp` and `share` commands. Previous [Capability Based Access vs Access Control Lists](https://storj.dev/learn/concepts/access/capability-based-access-control) Next [Key Management](https://storj.dev/learn/concepts/access/encryption-and-keys/key-management) --- # Understanding File Redundancy: Durability, Expansion Factors, and Erasure Codes - Storj Docs [Durability and expansion factor](https://storj.dev/learn/concepts/file-redundancy#durability-and-expansion-factor) -------------------------------------------------------------------------------------------------------------------- In a decentralized storage network, any storage node could go offline permanently at any time. A storage network’s redundancy strategy must store data in a way that provides access with high probability, even though any given number of individual nodes may be in an offline state. To achieve a specific level of _durability_ (defined as the probability that data remains available in the face of failures), many products in this space (Filecoin, MaidSafe, Siacoin, GFS, Ceph, IPFS, etc.) by default use replication, which means simply having multiple copies of the data stored on different nodes. Unfortunately, replication anchors durability to the network _expansion factor_, which is the storage overhead for reliably storing data. If you want more durability, you need more copies. For every increase of durability you desire, you must spend another multiple of the data size in bandwidth when storing or repairing the data, as nodes churn in and out of the network. For example, suppose your desired durability level requires a replication strategy that makes eight copies of the data. This yields an expansion factor of 8x, or 800%. This data then needs to be stored on the network, using bandwidth in the process. Thus, more replication results in more bandwidth usage for a fixed amount of data. On the one hand, replication does make network maintenance simpler. If a node goes offline, only one of the other storage nodes is needed to bring a new replacement node into the fold. On the other hand, for every node that is added to the redundancy pool, 100% of the replicated data must be transferred. ### [Erasure Code](https://storj.dev/learn/concepts/file-redundancy#erasure-code) Erasure codes are another redundancy approach, and importantly, they do not tie durability to the expansion factor. You can tune your durability without increasing the overall network traffic! Erasure codes are widely used in both distributed and peer-to-peer storage systems. While they are more complicated and possess trade-offs of their own, the scheme we adopt, Reed-Solomon, has been around since 1960 and is used everywhere from CDs, deep space communication, barcodes, advanced RAID-like applications–you name it. An erasure code is often described by two numbers, _k_ and _n_. If a block of data is encoded with a _k_, _n_ erasure code, there are _n_ total generated erasure shares, where only any _k_ of them are required to recover the original block of data! It doesn’t matter if you recover all of the even numbered shares, all of the odd numbered shares, the first _k_ shares, the last _k_ shares, whatever. Any _k_ shares can recover the original block. If a block of data is _s_ bytes large, each of the _n_ erasure shares are roughly _s_/_k_ bytes. For example, if a block is 10 MB, and you’re using a _k_ = 10, _n_ = 20 erasure code scheme, each erasure share of that block will only be 1 MB. This means that with _k_ = 10, _n_ = 20, the expansion factor is only 2x. For a 10 MB block, only 20 MB total is used, because there are twenty 1-MB shares. The same expansion factor holds with _k_ = 20, _n_ = 40, where there are forty 512-KB shares. Interestingly, the durability of a _k_ = 20, _n_ = 40 erasure code is better than a _k_ = 10, _n_ = 20 erasure code, even though the expansion factor (2x) is the same for both. This is because the risk is spread across more nodes in the _k_ = 20, _n_ = 40 case. To help drive this point home, we calculated the durability for various erasure code configuration choices in a network with a churn of 10%. We talked more about the math behind this table in section 3.4 of [our paper](https://storj.io/storjv3.pdf) , and we’ll discuss more about churn in an upcoming blog post, but suffice it to say, we hope these calculated values are illustrative: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/NbHOzcQeLRxFc5D9jpO70_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/NbHOzcQeLRxFc5D9jpO70_image.png) Notice how increasing the amount of storage nodes involved increases the amount of durability significantly (each new 9 is 10x more durable), without a change in the expansion factor. We also put this data together in a graph: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hOkAXzckl_KElZCUYZTcI_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hOkAXzckl_KElZCUYZTcI_image.png) Admittedly, this graph is a little disingenuous: the chances of you caring about having thirty-two 9s of durability is… low, to say the least. The National Weather Service [estimates](https://www.weather.gov/safety/lightning-odds) the likelihood of you not getting hit by lightning this year at only six 9s after all. But you should still be able to see that a _k_ = 2, _n_ = 4 is less durable than a _k_ = 16, _n_ = 32 configuration. In contrast, replication requires significantly higher expansion factors for the same durability. The following table shows durability with a replication scheme: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wJv3BviLsIRDlgWD_jOLY_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wJv3BviLsIRDlgWD_jOLY_image.png) Comparing the two tables, notice that replicating data at 10x can’t beat erasure codes with _k_ = 16, _n_ = 32, which is an expansion factor of only two. For durable storage, erasure codes simply require ridiculously less disk space than replication. If you want to learn more about how erasure codes work, you can read [this introductory tutorial](https://innovation.vivint.com/introduction-to-reed-solomon-bc264d0794f8) co-written by some of our team members in 2017. ### [Okay, erasure codes take less disk space. But isn’t repairing data more expensive?](https://storj.dev/learn/concepts/file-redundancy#okay-erasure-codes-take-less-disk-space-but-isn-t-repairing-data-more-expensive) It’s true that replication makes repair _simpler_. Every time a node is lost, only one of the remaining nodes is necessary for recovery. On the flip side, erasure codes require several nodes to be involved for each repair. Though this feels like a problem, it’s actually not. To understand why, let’s set up both scenarios, replication at 9x and erasure codes at _k_ = 18, _n_ = 36, and consider what it costs us. These numbers are chosen because they have similar durability (9x replication has six 9s of durability assuming 10% of node churn, and _k_ = 18, _n_ = 36 erasure coding has seven). We’ll consider what happens when we are storing a data block that is 18 MB and we suddenly lose one-third of our nodes. At 9x, replication in our model of course has an expansion factor of 9. Once again, replication is the simplest to implement. If we lose one-third of our nine nodes we will need to spin up three new nodes. Each new node transfers a copy of the lost data, which means that each node must transfer 18 MB. That’s a total of 54 MB of bandwidth usage for repair. No intensive CPU processing was needed. With _k_ = 18, _n_ = 36 erasure codes (with an expansion factor of only two), losing one-third of our nodes means we now only have 24 nodes still available and need to repair to twelve new nodes. The data each node is storing is only 1 MB each, but eighteen nodes must be contacted to rebuild the data. Let’s designate one of the nodes to rebuild the data. It will download eighteen 1 MB pieces, reconstruct the original file, then store the missing twelve 1 MB pieces on new nodes. If this designated node is one of the new nodes, we can avoid one of the transfers. The total overall bandwidth used is at most 30 MB, which is almost half of the replication scenario. This advantage in bandwidth savings becomes even wider with higher durabilities. ### [Downsides?](https://storj.dev/learn/concepts/file-redundancy#downsides) Erasure coding did require more CPU time, that’s true. Still, a reasonable erasure encoding library can generate encoded data at at least 650 MB/s, which is unlikely to be the major throughput bottleneck over a wide-area network with unreliable storage nodes. Erasure coding also required a designated node to do the repair. While this complicates architectures in untrusted environments, it is not an unsolvable problem. It simply requires the addition of hashes, signatures, and retries in a few new places. This is something we’ll talk about more down the road. We have a lot of blog posts to write! Notably, erasure coding does _not_ complicate streaming. Remember how I said erasure codes are used for satellite communication and CDs? As long as erasure coding is batched into small operations, streaming continues to work just fine. See Figure 4.2 and sections 4.1.2 and 4.8 in [our white paper](https://storj.io/storjv3.pdf) for more details about how we can pull native video streaming off. ### [Upsides?](https://storj.dev/learn/concepts/file-redundancy#upsides) Comparing 9x replication and _k_ = 18, _n_ = 36 erasure coding, the latter uses less than half the overall bandwidth for repair. It also uses less than a third of the bandwidth for storage and takes up less than a third of the disk space. It is roughly ten times more durable! Holy crap! Oh, and did I mention this also enables us to pay storage node operators more? Specifically over three times more? Because the disk-space usage is more efficient, there is more money available for each storage node operator. The income is less diluted across storage nodes, you could say. It’s worth re-reading those last two paragraphs. These gains are significant. Hopefully by this point you’re convinced that erasure codes are better. In this edition we dive deeper into why nodes joining and leaving the network - also known as churn - has a much more significant (and also bad) impact on a redundancy strategy that relies on replication. We make the case that using replication in a high-churn environment is not only impractical, but inevitably doomed to fail. Quoting [Blake and Rodrigues](https://pmg.csail.mit.edu/iris/blake03high-abstract.html) , “Data redundancy is the key to any data guarantees. However, preserving redundancy in the face of highly dynamic membership is costly.” ### [An Aside on Dynamics](https://storj.dev/learn/concepts/file-redundancy#an-aside-on-dynamics) Before diving into the exciting math parts, we need to quickly define a couple of concepts relating to network dynamics. The lifetime of a node is the duration between it joining and leaving the system for whatever reason. A network made of several nodes has an average lifetime, commonly called the mean time to failure (MTTF). The inverse of mean time to failure is churn rate or frequency of failure-per-unit-of-time. It’s an important relationship to understand, especially when MTTF is a unit of time much greater than the units needed for a specific problem. Distributed storage systems have mechanisms to repair data by replacing the pieces that become unavailable due to node churn. However, in distributed cloud storage systems, file repair incurs a cost for the bandwidth utilized during the repair process. Regardless of whether file pieces are simply replicated, or whether erasure coding is used to recreate missing pieces, the file repair process requires pieces to be downloaded from available nodes and uploaded to other uncorrelated and available nodes. After reading part one of this series, it’s clearly not feasible to rely on replication alone, but some projects have proposed combining erasure coding and replication. Once you’ve erasure coded a file and distributed it across a set of nodes, it’s going to have a defined durability for a given level of node churn. If you want to increase that durability for that given level of node churn, you have two choices: increase the erasure code k/n ratio or use replication to make copies of the erasure coded pieces. These two strategies are very different and have a huge impact on the network beyond just increasing durability. ### [Our Hypothetical Networks](https://storj.dev/learn/concepts/file-redundancy#our-hypothetical-networks) So, let’s define two hypothetical distributed storage networks, one using erasure coding alone for redundancy (the approach used on Storj’s V3 network), and one using erasure coding plus replication for redundancy (which is the approach used by Filecoin as well as the previous, depreciated Storj network). We will assume nodes on both networks are free to join and leave at any time, and that uptime for nodes can be highly variable based on the hardware, OS, available bandwidth, and a variety of other factors. When a node leaves a network, the pieces of data on that node become permanently unavailable. Of course, if nodes fall below a certain threshold of availability in a given month, the impact on the overall availability of files is effectively equivalent to the node leaving the network altogether. Let’s also assume both hypothetical networks use a 4⁄8 Reed-Solomon erasure code ratio and have 99.9% durability with node churn at 10%. Both networks want to achieve eleven 9s of durability though. One is going to achieve it through erasure coding alone, and the other is going to combine erasure coding with replication. ### [And Now, Some Math](https://storj.dev/learn/concepts/file-redundancy#and-now-some-math) As it turns out, if you know the target durability, you know the MTTF for nodes, and you know the erasure coding scheme, you can calculate the amount of data churn in a given time period. The formula for calculating data churn is: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3rI8DUo0ZtqiAO7CE_92p_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3rI8DUo0ZtqiAO7CE_92p_image.png) where is the churn rate, B is the number of bytes on the network, n is the total number of erasure shares, m is the repair threshold, and k is the number of pieces needed for rebuild. For example, on our hypothetical erasure-coding network, even if we use a 30⁄80 Reed-Solomon scheme (which is much more durable than the 4⁄8 scenario listed above), a MTTF of 9 months would mean you would have to **repair 35% of your data every month to achieve a durability of 99.999999999%!** This shows node churn is the single most impactful factor in file availability. Increasing node churn dramatically decreases file availability and durability. Strategies like erasure coding and replication are means of insulating against the impact of node churn, but without a mechanism to replace the data, file loss is simply a factor of the rate of churn. So, let’s take that math and apply it to our two hypothetical networks. The first thing we need to do is calculate how we get to eleven 9s of durability for each of the two scenarios: 1. For the erasure code-only scenario, calculate the k/n ratio that will deliver the target durability for the defined rate of churn. 2. For the erasure code+replication scenario, calculate the number of times the erasure coded pieces need to be replicated to deliver the target durability for the defined rate of churn. To calculate the durability of a replicated or erasure-coded file, we consider the CDF of the Poisson distribution, given by the formula: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/P_upWupwxFimFXZnB8Tp1_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/P_upWupwxFimFXZnB8Tp1_image.png) where D is the event that the most n-k pieces have been lost. In the case of simple replication, k=1, so a file is still recoverable when at most n-1 of the pieces have been lost; that is, if at least one of the copies is still on the network, the data is still accessible. When considering replication on a file that has already been subjected to erasure encoding, the calculation changes. Suppose that a file undergoes k=4, n=8 erasure-encoding (where 8 pieces are created and only 4 are needed for a rebuild), and then suppose further that each of the 8 erasure shares are replicated r=10 times each, for a total of 80 pieces. These 80 pieces are special in that not any 4 can be used to rebuild the file, so they should really be thought of as 80 pieces contained in 8 sets of 10 copies each. To rebuild a file, 4 of the sets must still each have at least 1 piece each. Thus, rather than having a single factor of P(D) determining the durability (with at most n-1 pieces being lost), one has a factor of P(D) for each unique set required for rebuild, since there are now k sets of which each one must not have lost more than r-1 pieces, where the expansion factor r determines the number of copies that are made (with there being r-1 copies made to achieve an expansion factor of r, including the original file). Calculating this probability requires the use of the Binomial distribution, where we let p be the probability that at most r-1 copies have been lost from a set. Then, to calculate the probability that there are at least k sets containing at least 1 copy each, we find the area of the upper tail of the Binomial CDF: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tgS12W3L1T6kYYh79MWnZ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tgS12W3L1T6kYYh79MWnZ_image.png) Let’s first look at the impact of node churn on durability based on the two hypothetical scenarios, one using replication+erasure coding, and the other optimizing for erasure coding alone. Based on the above formulas, the results are as follows: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YpgnLp2UFfmI_8J_hcRFE_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YpgnLp2UFfmI_8J_hcRFE_image.png) As it turns out (predictably) the increased durability can be achieved in the erasure-code-only scenario with no increase in expansion factor. Adding replication to already-erasure-coded data is much more efficient that just straight up replicating the original file, (which requires 17 copies to achieve), but has triple the expansion factor of erasure codes alone. In an environment where churn is even higher, or highly variable, durability is impacted significantly in either scenario: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hBwNFOLzWA6tq-1CAQvha_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hBwNFOLzWA6tq-1CAQvha_image.png) In these unpredictable or highly variable environments, it becomes necessary to address the worst case scenario in order to maintain a constant level of durability. Again, as is clear from the table below, node churn has a massive impact, and when using replication, that massive impact translates directly into increases in the expansion factor. In the table below you can see the impact of churn on expansion factor when trying to maintain a minimum durability of eleven 9s: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sw4fmv4i7HCYwf1IWNfch_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sw4fmv4i7HCYwf1IWNfch_image.png) So, what do these tables tell us? Well, there are a number of interesting observations to be drawn: * At higher rates of churn, replication dramatically increases the expansion factor and, as we learned in [this blog post](https://storj.io/blog/2018/11/replication-is-bad-for-decentralized-storage-part-1-erasure-codes-for-fun-and-profit/) , requires much higher bandwidth utilization for repair. * Erasure coding can be used to achieve higher rates of durability without increasing either the expansion factor or the amount of bandwidth used for repair. Just to drive that point home, let’s first look at how a file actually exists on the two hypothetical networks: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CxdjLft76zENSgseMEOJ7_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CxdjLft76zENSgseMEOJ7_image.png) It is worth understanding the differences in how repair actually behaves on our two networks, because the process for replication is very different compared to erasure codes. Continuing the example of the 1 TB file above, let’s examine how repair actually looks when 1⁄3 of nodes storing the data exit the network: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/20j9qE9ogcl8vbDvO3_yw_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/20j9qE9ogcl8vbDvO3_yw_image.png) One other important thing to remember about distributed storage networks is that the amount of data the network can store isn’t constrained by the amount of available hard drive space on the nodes. It’s constrained by the amount of bandwidth available to nodes. Allow me to explain. The following variables and calculated values are used in determining the amount of data and bandwidth a storage node operator can contribute: **Variables** 1. **Storage per storage node operator** - The amount of hard drive space available to share by a storage node. 2. **Download speed** - The downstream bandwidth available on the network on which the storage node is operating, measured in Mbps. 3. **Upload speed** - The upstream bandwidth available on the network on which the storage node is operating, measured in Mbps. 4. **ISP bandwidth cap** - The maximum amount of bandwidth a storage node operator can utilize in a month before being subjected to a bandwidth cap enforcement action such as incurring a financial penalty or being subjected to bandwidth throttling from an ISP. 5. **Storage node operator bandwidth utilization percentage** - The percentage of the total monthly bandwidth cap that a user will dedicate to be used by their storage node, assuming some percentage of bandwidth will be utilized for other services. 6. **Egress bandwidth percentage** - The average amount of egress traffic from client downloads based on the use cases we support. 7. **Repair bandwidth ratio (as a percent of storage)** - The percentage amount of repair traffic on the network, primarily driven by node churn, software or hardware failure. While actual nodes may experience higher or lower repair traffic based on the pieces they hold, this is the average across the network. 8. **Ingress bandwidth percentage** - The amount of bandwidth available for uploads of new data from clients.\\ **Calculations** 1. **Total available upload bandwidth based on download speed (excluding cap)** - The maximum amount of data available for ingress, based on download speed in Mbps multiplied by number of seconds in a month. 2. **Total available download bandwidth based on upload speed (excluding cap)** - This calculation is the percent of the bandwidth cap a user is willing to dedicate to the Storj network multiplied by the bandwidth cap for ingress. 3. **Maximum data uploaded per month (TB) based on BW cap x percent available for upload** - This calculation is the amount of data that can be uploaded irrespective of the cap, based on download speed in Mbps multiplied by seconds in a month. 4. **Maximum data uploaded per month (TB) based on download speed x seconds in month** - This calculation is the percent of the bandwidth cap a user is willing to dedicate to the Storj network multiplied by the bandwidth cap. 5. **Maximum data downloaded per month (TB) based on BW cap x percent available for download** - This calculation is the amount of data that can be downloaded irrespective of the cap, based on upload speed in Mbps times seconds in a month. 6. **Maximum data downloaded per month (TB) based on upload speed** - This calculation is the percentage of the bandwidth cap required to dedicate to Storj repair traffic times the bandwidth cap. 7. **Maximum repair traffic per month (TB) based on BW cap** - This calculation is the amount of data for repair traffic irrespective of the cap based on upload speed in Mbps times seconds in a month. 8. **Maximum repair traffic per month (TB) based on upload speed** - This is how many months it will take to fill the available hard drive space at the lesser ingress rate of percent of available BW cap or actual throughput. Although download speed is typically higher in asynchronous internet connections, from the perspective of a person uploading a file to, or downloading a file from, a decentralized file system, the upload and download from the client’s perspective are the inverse of the storage node. For example, when a client uploads data to the network, it is technically downloaded to the storage node. Similarly, when data is downloaded by a client, it is technically being uploaded by the storage node. The following examples are based on two different storage nodes with different bandwidth caps. Note that the amount of data stored is inclusive of the expansion factor. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/n1F-5i0TxbjGipmPeV_vd_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/n1F-5i0TxbjGipmPeV_vd_image.png) Bandwidth has a significant impact across the board. It’s generally finite and has to be split between ingress, egress and repair. As the expansion factor increases, the actual amount of bandwidth consumed for those functions increases at the same rates. Lower bandwidth caps further lower the actual amount of data the network can store with a given number of nodes. Increase the amount of bandwidth required for file repair and that number gets lower still. Let’s look at the impact on bandwidth available for repair if you also constrain nodes practical limits of shared storage space. In the scenario above where nodes have: * 2 TB bandwidth cap * 100 Mbps down/10 Mbps up asynchronous bandwidth * 2 TB of shared storage on average * 50% of data downloaded per month * 40% data uploaded per month * 10% churn * Nodes operate at 100% bandwidth capacity and storage Each node has less than 0.12 TB of bandwidth available for repair. And that’s in an environment storing archival data without a lot of download bandwidth. When scaling that distributed storage network up to an exabyte of data stored, you really see the impact of the expansion factor. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/D3c5vsnDACWeewhr_DODy_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/D3c5vsnDACWeewhr_DODy_image.png) Ultimately, the result is an exponential increase in the number of nodes required to support a given network size. Higher bandwidth use cases further exacerbate the problem by increasing the number of nodes required to service a given amount of stored data. That given network size has a finite amount of revenue associated with it, which is then spread over an increasing number of storage node operators, meaning that over time the amount of money earned by storage node operators decreases. Rapidly increasing demand for more storage node operators, combined with decreasing payouts per node, results in increased node churn, which only accelerates the cycle. Once again, increased churn increases the expansion factor from replication, increasing bandwidth utilized for repair, which further erodes the bandwidth available for storage and egress. What this means is that in the debate over any reliance on replication versus erasure coding alone, in an environment that must relentlessly optimize for bandwidth conservation, erasure coding without replication is the clear winner. Replication, and proof-of-replication approaches like that used in the Filecoin network, simply cannot sustain an acceptable level of durability with a corresponding expansion factor and repair rate that can operate in a bandwidth constrained environment. Just imagine that same network above with 25% churn where the replication example requires a 1,400% expansion factor to maintain sufficient durability. Sorry if I scared you with that one. When you have to factor in the reality that in the current storage market customers only pay for storage based on the actual, pre-erasure coded or replicated volume of data, and egress bandwidth, when it comes to the dollars, replication makes even less sense. Previous [Storj Managed vs. Self-Managed Encryption](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) Next [File Repair](https://storj.dev/learn/concepts/file-repair) --- # Software Updates - Storj Docs [Automatic Updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates#automatic-updates) --------------------------------------------------------------------------------------------------------------------- As of v1.52.2, the storagenode software will automatically update itself. We recommend that you install Watchtower in the event that the base image needs updating. Watchtower will look for new updates to the Docker container on Docker Hub in a random interval between 12 and 72 hours and automatically update your storage node when it sees a new version. First, please pull the latest watchtower image from docker: docker pull storjlabs/watchtower docker pull storjlabs/watchtower CopyCopied! To set up auto-update for storagenode, please run the following command once: docker run -d --restart=always --name watchtower -v /var/run/docker.sock:/var/run/docker.sock storjlabs/watchtower storagenode watchtower --stop-timeout 300s docker run -d --restart=always --name watchtower -v /var/run/docker.sock:/var/run/docker.sock storjlabs/watchtower storagenode watchtower --stop-timeout 300s CopyCopied! If you want to double check that watchtower is properly running, you can run the following command docker ps -a docker ps -a CopyCopied! You should see the “storjlabs/watchtower:latest” container with the uptime under the “status” column [Manual Updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates#manual-updates) --------------------------------------------------------------------------------------------------------------- Please use manual updates only if the automatic update method was unsuccessful, or is unavailable for your node configuration. 1. Stop the running Storage Node container: docker stop -t 300 storagenode docker stop -t 300 storagenode CopyCopied! 2. Remove the existing container: docker rm storagenode docker rm storagenode CopyCopied! 3. Pull the latest image from docker: docker pull storjlabs/storagenode:latest docker pull storjlabs/storagenode:latest CopyCopied! 4. Start your storage node again Previous versions of the command `docker run storagenode` that used the `-v` rather than the `--mount` option will not work properly. Copy the updated command from the [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-3-run-the-storage-node) article. Be sure to finish editing `WALLET`, `EMAIL`, `ADDRESS`, `STORAGE`, ``, and `` [Run the storage node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-3-run-the-storage-node) . Previous [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) Next [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) --- # Options for Multi-tenant Data Partitioning and Isolation - Storj Docs Many software-as-a-service (SaaS) applications store multi-tenant data with Storj. In addition, many Managed Service Providers (MSPs) and Value Added Resellers (VARs) leverage Storj to securely store data for their customers. Storj supports multiple strategies for partitioning and isolating multi-tenant SaaS data. Typical implementations utilize a database abstraction layer when overlaying identity and access management constructs onto user data, but the underlying storage is managed based on the use case at one of three levels: * Object Key Path Prefix * Bucket * Project The selection of tenancy model for a given use case depends on the requirements primarily for access management, security and billing, but ultimately, Storj has the right set of tools to ensure that any multi-tenant application will be secure, scalable, performant and easily manageable. This section describes the various strategies that can be applied when partitioning tenant data with Storj. For each of the different approaches, the considerations that may influence the approach that is appropriate for a particular solution type are highlighted. If you’re not sure what the best approach is for your use case, please contact us and we’ll help with a recommendation for your architecture or an introduction to a Storj partner with expertise in this area. [Foundational Architectural Constructs](https://storj.dev/learn/concepts/multi-tenant-data#foundational-architectural-constructs) ---------------------------------------------------------------------------------------------------------------------------------- As a prerequisite, understanding the [Storj information architecture](https://storj.dev/learn/concepts/key-architecture-constructs) is core to making an informed decision on an approach to multi-tenancy. In addition, understanding the principles for [access management](https://storj.dev/learn/concepts/access) are essential for ensuring the appropriate level of tenant isolation. Storj enables a number of different approaches to partitioning data for tenant isolation within a multi-tenant application. All data and metadata is stored in an encrypted state. The storj platform uses authenticated encryption in conjunction with erasure coding to ensure data is immutable when stored and cannot be changed independent of the metadata. The encryption scheme uses hierarchically deterministic derived keys for both access and encryption. This makes it very easy to achieve tenant isolation in any of the configurations described below. This model enables tenants to view, interact with and share data within the scope of the defined data tenancy while providing strong security and privacy between tenancies. Figure 1 below describes the process for credential creation. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Arch_Diagram_Access_Mgmt.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Arch_Diagram_Access_Mgmt.png) _Figure 1: Storj access management configuration sequence diagram_ Storj supports using common application access credentials within a multi-tenant application that provide full tenant isolation or creation of unique access credentials per tenant. Tenants may be configured to use unique encryption passphrases per tenant or hierarchically deterministic derived encryption keys. Note that when using the project per tenant model described below, unique credentials per customer are mandatory. Figure 2 below describes the process for tenant management using hierarchically deterministic derived keys. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Arch_Diagram_Provisioning.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Arch_Diagram_Provisioning.png) _Figure 2: Remote provisioning sequence diagram for multi-tenant application with hierarchically deterministic derived credentials_ All of the approaches below assume a simple data hierarchy where tenants are all defined at the same level as peers in the hierarchy.  The Storj access management paradigm fully supports combining approaches for complex models that include sub tenancies. Hierarchically deterministic derived credentials operate at the path prefix level and below, meaning that two credentials created for two path prefixes at the same level of a path hierarchy would not be able to perform operations between the two paths in the hierarchy. Each credential would have access to all data at any level below that path prefix within its respective path in the hierarchy if uploaded using that credential or any credential from which it was derived. This concept will be more clear with the examples provided below. For assistance with design of complex access management models, please contact us and we’ll help with a recommendation for your architecture or an introduction to a Storj partner with expertise in this area. [Multi-tenant Application - Bucket per Tenant](https://storj.dev/learn/concepts/multi-tenant-data#multi-tenant-application-bucket-per-tenant) ---------------------------------------------------------------------------------------------------------------------------------------------- The most straightforward approach to partitioning tenant data with Storj is to assign a separate bucket per tenant. The diagram below provides an example of this model. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Bucket_Per_Tenant.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Bucket_Per_Tenant.png) With this approach, each tenant would be assigned a bucket that holds its data. This bucket would be given a name that uniquely associates it with the tenant. This model works well when you’re working with a smaller collection of tenants (tens or hundreds). However, it does not scale well for environments that need to support a much larger population of tenants. Storj has a default quota of 100 buckets and the hard quota of 1,000 buckets per Storj Project within an Account. The other consideration here is bucket naming. Each bucket name must be unique within a Storj Project in your Storj account.  A bucket-per-tenant model would require a naming convention that ensured your tenant bucket names would support this requirement. Since bucket names are public, they are not encrypted and you should generally avoid using names that include tenant-specific information. Access management and tenant isolation is easy to achieve as separate credentials may be generated for client-side applications that are scoped per bucket. Separate encryption keys may also be used per tenant, but unless a common encryption key is used from which tenant encryption keys are generated, a common credential may not be used to access data across tenancies at an administrative level. When separate credentials are used per tenant, it is feasible to revoke a credential without impacting the validity of any other credential. Without a common encryption key across tenants, it is possible to aggregate information on an administrative level, such as listing all objects within the bucket (without decrypting their names), to count them and sum their sizes. This model makes calculating usage per tenant straightforward as usage is itemized at the Bucket level within a Project. Overall, while there is some simplicity to this model, it’s also clear the bucket-per-tenant model introduces challenges that could impact the scale and agility of your SaaS environment. Summary of Bucket Per Tenant configuration: * **Solution Architecture:**  Tenant data in an application is stored in a single Bucket per tenant * **Provisioning:** Each tenant represented as a Bucket where usage data is separate, but within the same Project * **Access Management:** No tenant can access data of other tenants unless explicitly shared; An administrative Access Grant credential can perform any operation on any data in any bucket * **Security:**  Encryption passphrase is automated with hierarchically deterministic derivation; Bucket name is unencrypted for UI, so data that may potentially contain user identifiable data should be Object Key/ Path Prefix-based to ensure it is encrypted; Advance usage allows users to be allowed to choose encryption passphrase * **Billing:**  Usage is aggregated at the bucket level, invoicing is at the project level * **Restrictions:** The default limit is 100 buckets per Project; the hard limit is 1,000 Buckets per Project; Separate Buckets may have different Placement Rules applied that restrict the storage nodes on which encrypted, erasure-coded pieces of data is stored associated with that Bucket [Multi-tenant Application - Object Key Path Prefix per Tenant](https://storj.dev/learn/concepts/multi-tenant-data#multi-tenant-application-object-key-path-prefix-per-tenant) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ To achieve better scale and overcome some of the limitations of the bucket-per-tenant model, SaaS providers may use object key path prefixes to associate objects with tenants. This approach allows you to scale to a much larger collection of tenants without compromising on the structure or organization of your data partitioning scheme. The diagram below provides an example of this model. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Object_Key_Per_Tenant.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Object_Key_Per_Tenant.png) Here, you will notice that two tenants are sharing a single bucket. Each tenant has a unique prefix which identifies the objects that belong to that tenant. There is no limit to the number of objects you can store in a bucket or the number of prefixes you can have. In this model, using tenant-identifying information in the Object Key Path Prefix is acceptable as all Object Key Path Prefix data is encrypted. Note that it is possible to store data in an encrypted state but enable unencrypted metadata storage to support lexicographical sorting. Note that when using this option, it’s extremely important to be thoughtful about how authorization and access restrictions are implemented to avoid inadvertent disclosure of tenant-specific path-prefix information. One challenge that can surface is that the activity for your S3 keys is unlikely to be evenly distributed across your tenants. In this model, you will need to separately monitor and meter usage per tenant. Storj does not aggregate usage information at the Object Key Path Prefix level. This model scales best for multi-tenant applications with hundreds of thousands or millions of users. Summary of Object Key Path Prefix per Tenant configuration: * **Solution Architecture:**  Tenant data in an application is aggregated and stored in a single Bucket * **Provisioning:** Each tenant user within the application represented as a unique top-level path prefix and data for each tenant is stored in a single Bucket under that top-level path prefix * **Access Management:** No tenant can access data of other tenant unless explicitly shared; An administrative Access Grant credential can perform any operation on any data * **Security:**  Encryption passphrase is automated with hierarchically deterministic derivation; Bucket name is unencrypted, but all path prefix based data that may potentially contain user data is encrypted; Advance usage allows users to be allowed to choose encryption passphrase * **Billing:**  Usage is aggregated at the bucket level, invoicing is at the project level * **Restrictions:** There are no system limitations; Performance may be impacted if lexicographical listing of large numbers of users is required (1m+); Usage restrictions and metering are not available at the path prefix level limiting data available for metering or billing at the customer tenant level. [Multi-tenant Application - Project per Tenant](https://storj.dev/learn/concepts/multi-tenant-data#multi-tenant-application-project-per-tenant) ------------------------------------------------------------------------------------------------------------------------------------------------ For the maximum level of tenant isolation, the Project per Tenant approach to partitioning tenant data with Storj provides a separate Storj invoice line per tenant and requires unique application access credentials per tenant. The diagram below provides an example of this model. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Project_per_tenant.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Project_per_tenant.png) This format is most commonly used with Managed Service Providers or Value Added Resellers that are reselling storage as part of a bundled solution. In this structure each Tenant is defined as a Project on the Storj Platform. This model has the highest level of tenant isolation as it is not possible to create a single credential that can perform operations on data in more than one tenancy. This model also provides the greatest level of flexibility to support Tenants that may be composed of Sub-tenants. A large enterprise may be represented as a Single Project, with multiple divisions represented as Buckets within that Project. Projects may be migrated from one Storj Account to another making migration or offboarding responsibility for data management and billing from the MSP, VAR or Storj Customer directly to the Tenant for offboarding or other purposes. Invoices are issued at the Project level within an Account. Billing information may be aggregated at the Account level via a the Solution Management API. Summary of Project per Tenant configuration: * **Solution Architecture:**  Tenant data in an application is stored in a single Project per tenant * **Provisioning:** Each tenant represented as a Project where usage, billing and access management are isolated per tenant; A management API is available for automation * **Access Management:** No tenant can access data of other tenant unless explicitly shared; Tenants are logically isolated as it is not possible to create a single Access Grant credential that can perform operations on data in two different Projects * **Security:**  Encryption passphrase may be set at the Project level and is automated with hierarchically deterministic derivation; Project name is unencrypted for UI and invoicing, so data that may potentially contain user identifiable data should be Object Key/ Path Prefix-based to ensure it is encrypted; Advance usage allows granular encryption passphrase implementation at the Object-key or Bucket level * **Billing:**  Usage is aggregated at the bucket level, invoicing is at the project level * **Restrictions:** The default limit is 3 Projects per Account; the hard limit is 80 Projects per Account; Separate Projects may have different Placement Rules applied that restrict the storage nodes on which encrypted, erasure-coded pieces of data is stored associated with Buckets in that Project [Tenancy Model Comparison Matrix](https://storj.dev/learn/concepts/multi-tenant-data#tenancy-model-comparison-matrix) ---------------------------------------------------------------------------------------------------------------------- Tenant isolation is one of the foundational topics that every SaaS provider must address. It’s how your architecture ensures one tenant is prevented from accessing the resources of another tenant. Failure here would represent a significant and potentially unrecoverable event for a SaaS business. As part of choosing a data partitioning model, you must also consider how a given partitioning model would influence the tenant isolation footprint of your solution. At any level, you can define tenant-specific restricted credentials that will be used to prevent cross-tenant access to resources using credential-specific path restrictions, operation restrictions, and encryption keys. | | | | | | --- | --- | --- | --- | | **Tenancy Isolation Model** | **Object Key Path Prefix** | **Bucket** | **Project** | | **_Best for_** | Multi-user/multi-tenant SaaS applications | Internal department data segmentation; Small MSP | Large MSP/VAR Reseller | | **_Access Management_** | Each tenant can have unique S3 credentials that isolate the access to their data including a unique encryption key; A single credential set for all tenants may be created | Each tenant can have unique S3 credentials that isolate the access to their data including a unique encryption key; A single credential set for all tenants may be created | Each tenant must have unique S3 credentials that isolate the access to their data including a unique encryption key; A single credential set for all tenants may not be created | | **_Security\*_** | Hierarchically deterministic derived encryption passphrase per tenant | Bucket name not encrypted; Hierarchically deterministic derived encryption passphrase per tenant | Project Name not encrypted | | **_Billing_** | Aggregated usage and billing | Metered Usage per BucketAggregated Billing | Metered Usage per Bucket Invoice per Project | | **_Default Limits_** | 100m max objects per Bucket (based on Project limit) | 100 Buckets per Project | 3 Projects per account | | **_Hard Limits_** | None | 1000 | 80 | | **_Other Considerations / Restrictions_** | Lexicographical listing of Tenants not supported with default encryption | S3 Bucket naming restrictions applyPlacement rules available | [Management API](https://github.com/storj/storj/blob/main/satellite/console/consoleweb/consoleapi/gen/README.md)
availablePlacement rules available | [Isolating and Ensuring Tenant Object Privacy with Encryption Keys](https://storj.dev/learn/concepts/multi-tenant-data#isolating-and-ensuring-tenant-object-privacy-with-encryption-keys) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ The tenant partitioning model of your SaaS solution may also be influenced by additional security considerations. While all data and metadata stored on the Storj platform is automatically encrypted with AES 256 GCM authenticated encryption, for some environments, the compliance and data sensitivity needs of an organization may require objects to be further protected through unique encryption keys per tenant. Here, the focus is on how we can provide each tenant with a key that protects their data. In these scenarios, storj has a range of encryption capabilities supporting both server-side encryption as well as end-to-end encryption. The tenant partitioning model you choose impacts how keys are applied. For example, with any model, the encryption scheme automatically provides encryption-based tenant isolation, but a single credential can be created to manage data across tenancies if required. You can assign a unique credential for each tenant with a unique, non-derived encryption key if that is required. For assistance with design of complex encryption models, please contact us and we’ll help with a recommendation for your architecture or an introduction to a Storj partner with expertise in this area. [Solution Management API](https://storj.dev/learn/concepts/multi-tenant-data#solution-management-api) ------------------------------------------------------------------------------------------------------ Storj provides a set of API endpoints to support MSPs and VARs with service management. This API is available to Enterprise Customers and enables more sophisticated integrations with enterprise resource planning applications or customer provisioning workflows. The supported features for the Solution Management API are: Project Management * Create new Project * Update Project * Delete Project * Get Projects * Get Project's Single Bucket Usage * Get Project's All Buckets Usage * Get Project's API Keys API Key Management * Create API key * Delete API Key User Management * Get User [GitHub API Documentation](https://github.com/storj/storj/blob/main/satellite/console/consoleweb/consoleapi/gen/README.md) For assistance with design of complex service delivery integrations, please contact us and we’ll help with a recommendation for your architecture or an introduction to a Storj partner with expertise in this area. [Additional Architectural Considerations](https://storj.dev/learn/concepts/multi-tenant-data#additional-architectural-considerations) -------------------------------------------------------------------------------------------------------------------------------------- When planning multitenant architectures, Storj offers addional capabilities to provide more spphisticated solutions. ### [Node Selection, Node Groups and Placement Rules](https://storj.dev/learn/concepts/multi-tenant-data#node-selection-node-groups-and-placement-rules) Storj offers a set of features that enable identification, grouping and selection of a specific set of Storage Nodes to which storage of data may be restricted. In the context of multi-tenancy, this allows tenant data to be even further restricted at the storage node level. This capability unlocks use cases where tenant data is distributed across storage nodes running within a specific customer’s private infrastructure or other public cloud infrastructure (AWS, GCP, Azure, etc.). Read more about Node Selection, Node Groups and Placement Rules. ### [Private Label Solutions](https://storj.dev/learn/concepts/multi-tenant-data#private-label-solutions) Storj supports private label branded solutions for partners and customers. This service enables our partners to offer a multi-tenant branded object storage service that can include both infrastructure operated by Storj as well as partner infrastructure, including participation in the Storj Commercial Node Operator Program and a bring your own storage model (BYOS). ### [Additional Resources](https://storj.dev/learn/concepts/multi-tenant-data#additional-resources) * [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) * [Access Management](https://storj.dev/learn/concepts/access) * [S3 Compatibility](https://storj.dev/dcs/api/s3/s3-compatibility) * [Immutability](https://storj.dev/learn/concepts/immutability) * [SDK for Multitenancy in a Single Application Bucket](https://pkg.go.dev/storj.io/uplink#hdr-Multitenancy_in_a_Single_Application_Bucket) Previous [Linksharing Service](https://storj.dev/learn/concepts/linksharing-service) Next [Key Management for Multi-tenant Data Partitioning and Isolation](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management) --- # Storage Node - Storj Docs [Introduction](https://storj.dev/node/get-started/install-node-software/cli/storage-node#introduction) ------------------------------------------------------------------------------------------------------- The Docker container has the software you need to run your Storage Node. [Step 1. Download the Storage Node Docker Container](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-1-download-the-storage-node-docker-container) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- docker pull storjlabs/storagenode:latest docker pull storjlabs/storagenode:latest CopyCopied! [Step 2. Set up the Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-2-set-up-the-storage-node) -------------------------------------------------------------------------------------------------------------------------------------------- **The setup step must be performed only once. If a node has already been set up, running with the SETUP flag will result in failure**. A network-attached storage location may work, but this is neither supported nor recommended! Splitting subfolders from the storage location (junctions, symlinks, hardlinks, etc.) will lead to a quick disqualification if they become unavailable! The writeability and readability checks are performed on the storage location, not on subfolders. LinuxmacOSWindows **Linux Users:** You **must** static mount via /etc/fstab. Failure to do so will put you in high risk of failing audits and getting disqualified. Here's how to do that: [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) 1. Copy the command into a plain text editor like a `nano`: docker run --rm -e SETUP="true" \ --user $(id -u):$(id -g) \ --mount type=bind,source="",destination=/app/identity \ --mount type=bind,source="",destination=/app/config \ --name storagenode storjlabs/storagenode:latest docker run --rm -e SETUP="true" \ --user $(id -u):$(id -g) \ --mount type=bind,source="",destination=/app/identity \ --mount type=bind,source="",destination=/app/config \ --name storagenode storjlabs/storagenode:latest CopyCopied! 2. Replace the `` and `` with your parameters. 3. Copy the updated command. 4. Run it in a terminal window. 5. Your node has been set up! [Step 3. Run the Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-3-run-the-storage-node) -------------------------------------------------------------------------------------------------------------------------------------- **Previous versions of the command that used the `-v` option rather than the `--mount type=bind` option will not work properly. Copy the updated command below.** LinuxmacOSWindows 1. Copy the command into a plain text editor, like a `nano`: docker run -d --restart unless-stopped --stop-timeout 300 \ -p 28967:28967/tcp \ -p 28967:28967/udp \ -p 127.0.0.1:14002:14002 \ -e WALLET="0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \ -e EMAIL="user@example.com" \ -e ADDRESS="domain.ddns.net:28967" \ -e STORAGE="2TB" \ --user $(id -u):$(id -g) \ --mount type=bind,source="",destination=/app/identity \ --mount type=bind,source="",destination=/app/config \ --name storagenode storjlabs/storagenode:latest docker run -d --restart unless-stopped --stop-timeout 300 \ -p 28967:28967/tcp \ -p 28967:28967/udp \ -p 127.0.0.1:14002:14002 \ -e WALLET="0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" \ -e EMAIL="user@example.com" \ -e ADDRESS="domain.ddns.net:28967" \ -e STORAGE="2TB" \ --user $(id -u):$(id -g) \ --mount type=bind,source="",destination=/app/identity \ --mount type=bind,source="",destination=/app/config \ --name storagenode storjlabs/storagenode:latest CopyCopied! 2. Edit the `WALLET`, `EMAIL`, `ADDRESS`, `STORAGE` and replace the ``, and `` with your parameters. 3. Copy the updated command. 4. Run it in a terminal window. 5. You're officially a Storage Node operator! 🎉 You can also check to see if the node was started properly by by running the following command in the terminal docker ps -a docker ps -a CopyCopied! [Step 4. Check the status of your node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-4-check-the-status-of-your-node) -------------------------------------------------------------------------------------------------------------------------------------------------------- You can check the status of your node, along with many other statistics by running the web [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) . It will look like this: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cFR1q3VoPctBwCp9bJ1CM_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cFR1q3VoPctBwCp9bJ1CM_image.png) Previous [Docker](https://storj.dev/node/get-started/install-node-software/cli/docker) Next [Software Updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates) --- # Getting started with Storj Testnet on Windows - Storj Docs If you want to try it on Linux, you can read this article: [https://github.com/storj/storj/wiki/Test-network](https://github.com/storj/storj/wiki/Test-network) In addition, we have an article for freeBSD: [Getting started with Storj Testnet on FreeNAS (freeBSD)](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd) See also our docker-compose based setup: [https://github.com/storj/up](https://github.com/storj/up) [Install the necessary dependencies](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-the-necessary-dependencies) ========================================================================================================================================================= It is recommended to install **Notepad++** for easy config file editing. 1. Install the latest Go (version 1.22.x or later), the executable can be found [here](https://golang.org/dl/) . Documentation for the installation can be found [here](https://golang.org/doc/install#install) . 2. Install `Msys2`, which can be found [here](http://www.msys2.org/) . Please, select the `x86_64` package. Run the **MSYS2 MinGW 64-bit** program from the Start menu and execute: pacman -S git make mingw-w64-x86_64-gcc pacman -S git make mingw-w64-x86_64-gcc CopyCopied! Now close the MinGW terminal. [Install NodeJS LTS (Optional)](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-node-js-lts-optional) ---------------------------------------------------------------------------------------------------------------------------------------------- You can do this in several different ways: * [https://nodejs.org/en/download/](https://nodejs.org/en/download/) * using [Chocolatey](https://chocolatey.org/) choco install nodejs-lts choco install nodejs-lts CopyCopied! Check the installation node --version node --version CopyCopied! [Install VisualStudio 2017 build tools for C++](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-visual-studio-2017-build-tools-for-c) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Install using a Chocolatey: choco install visualstudio2017-workload-vctools -y choco install visualstudio2017-workload-vctools -y CopyCopied! [Install Python](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-python) ----------------------------------------------------------------------------------------------------------------- Install using a Chocolatey: choco install python -y choco install python -y CopyCopied! Disable the [app execution alias for python installer](https://stackoverflow.com/a/66409838) , because otherwise you will get this error: python --versionPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases. python --versionPython was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases. CopyCopied! Finish setup by restarting the terminal. Now check the installation: python --version python --version CopyCopied! [Confirm dependencies were installed correctly](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#confirm-dependencies-were-installed-correctly) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Start a PowerShell or cmd terminal and execute: setx path "C:\msys64\mingw64\bin;C:\msys64\usr\bin" setx path "C:\msys64\mingw64\bin;C:\msys64\usr\bin" CopyCopied! Please restart your terminal to apply the changes. You should now be able to execute the following commands, please note that **for each command a version number should be returned**: go versiongit versiongcc --version go versiongit versiongcc --version CopyCopied! [Storj installation and setup instructions](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#storj-installation-and-setup-instructions) ======================================================================================================================================================================= [Compile Storj from Source](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#compile-storj-from-source) --------------------------------------------------------------------------------------------------------------------------------------- To compile Storj from main, please execute the following commands: git clone https://github.com/storj/storj -b maincd storjgo install ./... git clone https://github.com/storj/storj -b maincd storjgo install ./... CopyCopied! If you want to have access to the storagenodes' web dashboards and to the satellite's web dashboard, you need NodeJS LTS, VisualStudio BuildTools C++ and Python installed (see optional steps above) and compile the web UIs (PowerShell): cd .\web\satellite\$env:GOOS="js"; $env:GOARCH="wasm"; go build -o ./static/wasm/access.wasm storj.io/storj/satellite/console/wasmcp "$(go env GOROOT)/misc/wasm/wasm_exec.js" ./static/wasmget-item .\static\wasm\* | %{brotli -k $_.FullName}npm installnpm run buildcd ..\storagenodenpm installnpm run buildcd ..\multinodenpm installnpm run buildcd ..\..\satellite\admin\uinpm installnpm run buildcd ..\..\..And to finish compilation:go install -race -v storj.io/gateway@latestgo install ./... cd .\web\satellite\$env:GOOS="js"; $env:GOARCH="wasm"; go build -o ./static/wasm/access.wasm storj.io/storj/satellite/console/wasmcp "$(go env GOROOT)/misc/wasm/wasm_exec.js" ./static/wasmget-item .\static\wasm\* | %{brotli -k $_.FullName}npm installnpm run buildcd ..\storagenodenpm installnpm run buildcd ..\multinodenpm installnpm run buildcd ..\..\satellite\admin\uinpm installnpm run buildcd ..\..\..And to finish compilation:go install -race -v storj.io/gateway@latestgo install ./... CopyCopied! [Install the REDIS binaries](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-the-redis-binaries) ========================================================================================================================================= We should have the redis server set up locally. Download the pre-build redis binary with libraries or build your own: [https://github.com/meiry/redis5\_compiled\_for\_windows10](https://github.com/meiry/redis5_compiled_for_windows10) or [https://github.com/ServiceStack/redis-windows/raw/master/downloads/redis-latest.zip](https://github.com/ServiceStack/redis-windows/raw/master/downloads/redis-latest.zip) Unpack the archive and copy the binary and needed libraries to `%USERPROFILE%\go\bin` [Run PostgreSQL](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#run-postgre-sql) ================================================================================================================== We can install PostgreSQL either locally, in the WSL, or in a Docker container. In this example, we will create a `teststorj` DB and will use the database user `postgres`. [Run PostgreSQL in a Docker container](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#run-postgre-sql-in-a-docker-container) -------------------------------------------------------------------------------------------------------------------------------------------------------------- The easiest way is to run it in a Docker container, but it requires Docker installed. docker pull postgresdocker run --rm -p 5432:5432 --name postgres postgres docker pull postgresdocker run --rm -p 5432:5432 --name postgres postgres CopyCopied! In a new terminal, create the teststorj database: docker exec -it postgres createdb -U postgres teststorj docker exec -it postgres createdb -U postgres teststorj CopyCopied! To run your own queries in the PostgreSQL, you can use the following command to open an interactive terminal: docker exec -it postgres psql -h localhost -U postgres teststorj docker exec -it postgres psql -h localhost -U postgres teststorj CopyCopied! [Install PostgreSQL in the WSL](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-postgre-sql-in-the-wsl) ------------------------------------------------------------------------------------------------------------------------------------------------ If you have a WSL enabled, then you can install PostgreSQL in the Ubuntu shell. sudo apt updatesudo apt install postgresql -ysudo service postgresql start sudo apt updatesudo apt install postgresql -ysudo service postgresql start CopyCopied! To create the `teststorj` database for the satellite: sudo -u postgres psql sudo -u postgres psql CopyCopied! You should get a prompt `postgres=#`, execute this SQL command: create database teststorj; create database teststorj; CopyCopied! Then exit from the postgres shell by executing the command `\q`. To run your own queries in PostgreSQL you can use these command to open an interactive terminal: sudo -u postgres psql teststorj sudo -u postgres psql teststorj CopyCopied! ### [Enable access for postgres user by host](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#enable-access-for-postgres-user-by-host) Edit `/etc/postgresql/12/main/pg_hba.conf`: sudo nano /etc/postgresql/12/main/pg_hba.conf sudo nano /etc/postgresql/12/main/pg_hba.conf CopyCopied! Add this line above all lines that start with host: host teststorj postgres 0.0.0.0/0 trust host teststorj postgres 0.0.0.0/0 trust CopyCopied! Save the configuration file and restart the PostgreSQL: sudo service postgresql restart sudo service postgresql restart CopyCopied! [Install the native PostgreSQL locally](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#install-the-native-postgre-sql-locally) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- [https://www.postgresql.org/download/](https://www.postgresql.org/download/) [https://www.postgresql.org/docs/current/tutorial-install.html](https://www.postgresql.org/docs/current/tutorial-install.html) [Setup a local Storj Network](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#setup-a-local-storj-network) =========================================================================================================================================== First we have to make sure we are able to call the compiled Storj binaries. To do so, please execute the following on the command line in `cmd.exe`: setx path "C:\msys64\mingw64\bin;C:\msys64\usr\bin;%USERPROFILE%\go\bin" setx path "C:\msys64\mingw64\bin;C:\msys64\usr\bin;%USERPROFILE%\go\bin" CopyCopied! Now restart the terminal and execute the following: # This will create a local test network containing the Satellite, Uplink, S3 gateway and 10 storage nodesstorj-sim network setup --postgres=postgres://postgres@localhost/teststorj?sslmode=disable# This will run the created networkstorj-sim network run # This will create a local test network containing the Satellite, Uplink, S3 gateway and 10 storage nodesstorj-sim network setup --postgres=postgres://postgres@localhost/teststorj?sslmode=disable# This will run the created networkstorj-sim network run CopyCopied! At the moment it's assigning ports as follows: * Gateways start from port `11000` * Version control is at port `12000` * Bootstrap server is at port `13000` * Satellites start from port `10000` * Satellite Console starts on port `10002` * Storage Nodes public ports start from port `14000` * Storage Nodes private ports start from port `14001` * Storage Nodes web dashboard start from port `13002`, `13012`, `13022`, ..., `13092` [Getting environment variables for the Local test network](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#getting-environment-variables-for-the-local-test-network) ===================================================================================================================================================================================================== storj-sim network env storj-sim network env CopyCopied! [Setup the uplink](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#setup-the-uplink) ===================================================================================================================== In Powershell: uplink import $(storj-sim network env GATEWAY_0_ACCESS) uplink import $(storj-sim network env GATEWAY_0_ACCESS) CopyCopied! If the command throws an error such as PS > uplink import $(storj-sim network env GATEWAY_0_ACCESS)Error: accepts between 1 and 2 arg(s), received 0Usage: C:\Users\USER\go\bin\uplink.exe import [NAME] (ACCESS | FILE) [flags]Flags: -h, --help help for importGlobal Flags: --advanced if used in with -h, print advanced flags help --config-dir string main directory for uplink configuration (default "C:\\Users\\USER\\AppData\\Roaming\\Storj\\Uplink") PS > uplink import $(storj-sim network env GATEWAY_0_ACCESS)Error: accepts between 1 and 2 arg(s), received 0Usage: C:\Users\USER\go\bin\uplink.exe import [NAME] (ACCESS | FILE) [flags]Flags: -h, --help help for importGlobal Flags: --advanced if used in with -h, print advanced flags help --config-dir string main directory for uplink configuration (default "C:\\Users\\USER\\AppData\\Roaming\\Storj\\Uplink") CopyCopied! Then stop storj-sim (**Ctrl-C**) and run it back (`storj-sim network run`). After that, the configuration of uplink should work. More info you can read at [https://github.com/storj/storj/wiki/Test-network](https://github.com/storj/storj/wiki/Test-network) [Up- and Download Files](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#up-and-download-files) ================================================================================================================================ # This will list all buckets in your network. If the network is new, nothing should be returned.uplink ls # This is where we create bucket(mb = make bucket), e.g. uplink mb sj://Myfilesuplink mb sj://test# Now the bucket should appear in the list.uplink ls# This command is used to upload a file (cp = copy file) to your bucket.uplink cp bigfile.avi sj://test/# This will list all files in a specific bucket.uplink ls sj://test/# This is the command to download a file from your bucket to your machine. uplink cp sj://test/bigfile.avi bigfile.avi# This command will delete a file from a specific bucket.uplink rm sj://test/bigfile.avi # This will list all buckets in your network. If the network is new, nothing should be returned.uplink ls # This is where we create bucket(mb = make bucket), e.g. uplink mb sj://Myfilesuplink mb sj://test# Now the bucket should appear in the list.uplink ls# This command is used to upload a file (cp = copy file) to your bucket.uplink cp bigfile.avi sj://test/# This will list all files in a specific bucket.uplink ls sj://test/# This is the command to download a file from your bucket to your machine. uplink cp sj://test/bigfile.avi bigfile.avi# This command will delete a file from a specific bucket.uplink rm sj://test/bigfile.avi CopyCopied! You can read more about [Uplink CLI](https://storj.dev/dcs/api/uplink-cli) . [S3 Gateway](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#s3-gateway) ========================================================================================================= The S3 gateway, which also is being run by `storj-sim`, allows users to quickly and easily upload files to the Storj network through a S3 gateway (Minio). Furthermore, this gateway is accessible via localhost in the browser. Copy your S3 keys from the [Getting environment variables for the Local test network](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#getting-environment-variables-for-the-local-test-network) of `storj-sim` and configure the AWS CLI: aws configure set default.aws_access_key_id eUXZt66VWTTpcwgBazQnPsuSYriaws configure set default.aws_secret_access_key xDkJKUqJVhAj69CGH1VPqDPi47Qaws configure set default.s3.multipart_threshold 1TB aws configure set default.aws_access_key_id eUXZt66VWTTpcwgBazQnPsuSYriaws configure set default.aws_secret_access_key xDkJKUqJVhAj69CGH1VPqDPi47Qaws configure set default.s3.multipart_threshold 1TB CopyCopied! Here are the commands to make a bucket, upload the file, make an external link for sharing: aws s3 --endpoint http://localhost:11000 mb s3://test3aws s3 --endpoint http://localhost:11000 cp C:\bigvideo.avi s3://bigvideo.aviaws s3 --endpoint http://localhost:11000 lsaws s3 --endpoint http://localhost:11000 ls s3://test3aws s3 --endpoint http://localhost:11000 presign s3://test3/bigvideo.avi aws s3 --endpoint http://localhost:11000 mb s3://test3aws s3 --endpoint http://localhost:11000 cp C:\bigvideo.avi s3://bigvideo.aviaws s3 --endpoint http://localhost:11000 lsaws s3 --endpoint http://localhost:11000 ls s3://test3aws s3 --endpoint http://localhost:11000 presign s3://test3/bigvideo.avi CopyCopied! You can configure your AWS CLI to include an endpoint URL to the config: [Define an endpoint with AWS CLI](https://storj.dev/dcs/code/aws/aws-cli-endpoint) . [S3 gateway video streaming](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#s3-gateway-video-streaming) ----------------------------------------------------------------------------------------------------------------------------------------- Video streaming is possible with the S3 endpoint by executing the following command: aws s3 --endpoint http://127.0.0.1:11000 mb S3://Bucketaws s3 --endpoint http://127.0.0.1:11000 cp c:\StorjIntro.mp4 S3://Bucket/StorjIntro.mp4aws s3 --endpoint http://127.0.0.1:11000 presign s3://Bucket/StorjIntro.mp4 aws s3 --endpoint http://127.0.0.1:11000 mb S3://Bucketaws s3 --endpoint http://127.0.0.1:11000 cp c:\StorjIntro.mp4 S3://Bucket/StorjIntro.mp4aws s3 --endpoint http://127.0.0.1:11000 presign s3://Bucket/StorjIntro.mp4 CopyCopied! After the last command you will get an URL to your video file, which you can open in your browser or VLC player. You can read more about [S3 Gateway](https://storj.dev/learn/self-host/gateway-st) . [Relevant directories on Windows](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-windows#relevant-directories-on-windows) =================================================================================================================================================== #This is where the Storj code from github is stored:C:\Users\USER\storj#Stores the config files.C:\Users\USER\AppData\Roaming\Storj#Stores compiled binaries.C:\Users\USER\go\bin #This is where the Storj code from github is stored:C:\Users\USER\storj#Stores the config files.C:\Users\USER\AppData\Roaming\Storj#Stores compiled binaries.C:\Users\USER\go\bin CopyCopied! To revert the entire installation, deleting the directories above will do the trick. Previous [Getting started with Storj Testnet on Linux](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-linux) Next [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) --- # Setting Up a Self-Hosted S3 Compatible Gateway - Storj Docs A download can become a chargeable event for 2 times the actual file size if the gateway is running on another cloud provider. We recommend interfacing with the network directly through the [Uplink CLI API](https://storj.dev/dcs/api/uplink-cli) or using our [Storj-Hosted S3 Compatible Gateway](https://storj.dev/dcs/getting-started) . For a complete list of the supported architectures and API calls for the S3 Gateway, see [S3 Compatibility](https://storj.dev/learn/concepts/s3-compatibility) . [Minimum Requirements](https://storj.dev/learn/self-host/gateway-st#minimum-requirements) ------------------------------------------------------------------------------------------ ✅ 1 CPU ✅ 2GB of RAM Depending on the load and throughput, more resources may be required. To save on costs and improve performance, please see [Multipart Part Size](https://storj.dev/dcs/api/s3/multipart-upload/multipart-part-size) . [Dependencies](https://storj.dev/learn/self-host/gateway-st#dependencies) -------------------------------------------------------------------------- ✅ [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) ✅ [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) or [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) [Steps:](https://storj.dev/learn/self-host/gateway-st#steps) ------------------------------------------------------------- 1. [Get and install Gateway ST](https://storj.dev/learn/self-host/gateway-st#get-and-install-gateway-st) 2. [Configure Gateway ST](https://storj.dev/learn/self-host/gateway-st#configure-gateway-st) 3. [Run Gateway ST](https://storj.dev/learn/self-host/gateway-st#run-gateway-st) 4. [Configure AWS CLI to use Gateway ST](https://storj.dev/learn/self-host/gateway-st#configure-aws-cli-to-use-gateway-st) 5. [Try it out!](https://storj.dev/learn/self-host/gateway-st#try-it-out) [Get and install Gateway ST](https://storj.dev/learn/self-host/gateway-st#get-and-install-gateway-st) ------------------------------------------------------------------------------------------------------ Download, unzip, and install the binary for your OS: WindowsLinuxmacOSDocker Curl Download (PowerShell) curl https://github.com/storj/gateway-st/releases/latest/download/gateway_windows_amd64.exe.zip -o gateway_windows_amd64.exe.zip; Expand-Archive gateway_windows_amd64.exe.zip -Destination . -Force curl https://github.com/storj/gateway-st/releases/latest/download/gateway_windows_amd64.exe.zip -o gateway_windows_amd64.exe.zip; Expand-Archive gateway_windows_amd64.exe.zip -Destination . -Force CopyCopied! Direct Download [Windows Gateway Binary](https://github.com/storj/gateway-st/releases/latest/download/gateway_windows_amd64.exe.zip) [Configure Gateway ST](https://storj.dev/learn/self-host/gateway-st#configure-gateway-st) ------------------------------------------------------------------------------------------ You have two ways to configure your Gateway ST: 1. [Interactive Setup](https://storj.dev/learn/self-host/gateway-st#interactive-setup) (only if it is your first setup) 2. [Using an Access Grant](https://storj.dev/learn/self-host/gateway-st#using-an-access-grant) ### [Interactive Setup](https://storj.dev/learn/self-host/gateway-st#interactive-setup) 1\. Setup your S3 gateway by running the following command and following the instructions provided by the wizard: WindowsLinuxmacOSDocker PowerShell [FAQ](https://storj.dev/support/faqs) ./gateway.exe setup ./gateway.exe setup CopyCopied! 2\. Enter the numeric choice or satellite address corresponding to the satellite you've created your account on. The satellite address should be entered as @
: for example: `12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs@eu1.storj.io:7777`, or just use the number from the list: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BirgvyDy2IoOQ47RfoyHZ_self-s3-01.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BirgvyDy2IoOQ47RfoyHZ_self-s3-01.png) 3\. Choose an access name (this step may not yet be implemented in the version of S3 Gateway you are using - if you don't see this prompt, skip to step 5 below). If you would like to choose your own access name, please be sure to only use lowercase letters. Including any uppercase letters will result in your access name not getting recognized when creating buckets. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6vsa92CZ3AjvuQ0Hfc79__self-s3-02.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6vsa92CZ3AjvuQ0Hfc79__self-s3-02.png) 4\. Enter the [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) you generated: [![Didn't save your Access token? Simply create another one in the satellite web interface.](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Rw3hYkf0CYKx49aJUyCgU_self-s3-03.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Rw3hYkf0CYKx49aJUyCgU_self-s3-03.png) 5\. Create and confirm an encryption passphrase, which is used to encrypt your files before they are uploaded: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/r0PGzFlbeZmrAUhoUXuYJ_self-s3-04.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/r0PGzFlbeZmrAUhoUXuYJ_self-s3-04.png) Please note that **Storj Labs does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6\. Your S3 gateway is configured and ready to use! ### [Using an Access Grant](https://storj.dev/learn/self-host/gateway-st#using-an-access-grant) You can use two methods to obtain an Access Grant: 1. [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) 2. [Create an Access Grant](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/create-first-access-grant) Now we got our access grant and can configure the gateway as follows: WindowsLinuxmacOSDocker ./gateway setup --access 14aV.... --non-interactive ./gateway setup --access 14aV.... --non-interactive CopyCopied! This command will register the provided access as the default access in the gateway config file. [Run Gateway ST](https://storj.dev/learn/self-host/gateway-st#run-gateway-st) ------------------------------------------------------------------------------ The gateway functions as a daemon. Start it and leave it running. WindowsLinuxmacOSDocker ./gateway.exe run ./gateway.exe run CopyCopied! The gateway should output your S3-compatible endpoint, access key, and secret key. [![Example terminal output](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3WoImqP2O-QBdVwDK-eHV_self-s3-05.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/3WoImqP2O-QBdVwDK-eHV_self-s3-05.png) [Configure AWS CLI to use Gateway ST](https://storj.dev/learn/self-host/gateway-st#configure-aws-cli-to-use-gateway-st) ------------------------------------------------------------------------------------------------------------------------ Please make sure you have [AWS S3 CLI installed](https://docs.aws.amazon.com/cli/latest/userguide/installing.html) . Once you do, in a new terminal session, configure it with your Gateway's credentials: $aws configure---AWS Access Key ID: [Enter your Gateway's Access Key]AWS Secret Access Key: [Enter your Gateway's Secret Key]Default region name: [null]Default output format: [null]$aws configure set default.s3.multipart_threshold 64MB $aws configure---AWS Access Key ID: [Enter your Gateway's Access Key]AWS Secret Access Key: [Enter your Gateway's Secret Key]Default region name: [null]Default output format: [null]$aws configure set default.s3.multipart_threshold 64MB CopyCopied! Then, test out some AWS S3 CLI commands! See also [AWS CLI Endpoint](https://storj.dev/dcs/code/aws/aws-cli-endpoint) [Try it out!](https://storj.dev/learn/self-host/gateway-st#try-it-out) ----------------------------------------------------------------------- ### [Create a bucket](https://storj.dev/learn/self-host/gateway-st#create-a-bucket) aws s3 --endpoint=http://localhost:7777 mb s3://bucket-name aws s3 --endpoint=http://localhost:7777 mb s3://bucket-name CopyCopied! ### [Upload an object](https://storj.dev/learn/self-host/gateway-st#upload-an-object) aws s3 --endpoint=http://localhost:7777 cp your-large-file.mp4 s3://bucket-name/your-large-file.mp4 aws s3 --endpoint=http://localhost:7777 cp your-large-file.mp4 s3://bucket-name/your-large-file.mp4 CopyCopied! ### [List objects in a bucket](https://storj.dev/learn/self-host/gateway-st#list-objects-in-a-bucket) aws s3 --endpoint=http://localhost:7777 ls s3://bucket-name/ aws s3 --endpoint=http://localhost:7777 ls s3://bucket-name/ CopyCopied! ### [Download an object](https://storj.dev/learn/self-host/gateway-st#download-an-object) aws s3 --endpoint=http://localhost:7777 cp s3://bucket-name/your-large-file.mp4 ~/Downloads/your-large-file.mp4 aws s3 --endpoint=http://localhost:7777 cp s3://bucket-name/your-large-file.mp4 ~/Downloads/your-large-file.mp4 CopyCopied! ### [Generate a URL for an object](https://storj.dev/learn/self-host/gateway-st#generate-a-url-for-an-object) aws s3 --endpoint=http://localhost:7777 presign s3://bucket-name/your-large-file.mp4 aws s3 --endpoint=http://localhost:7777 presign s3://bucket-name/your-large-file.mp4 CopyCopied! (This URL will allow live video streaming through your browser or VLC) ### [Delete an object](https://storj.dev/learn/self-host/gateway-st#delete-an-object) aws s3 --endpoint=http://localhost:7777 rm s3://bucket-name/your-large-file.mp4 aws s3 --endpoint=http://localhost:7777 rm s3://bucket-name/your-large-file.mp4 CopyCopied! [All Commands](https://storj.dev/learn/self-host/gateway-st#all-commands) -------------------------------------------------------------------------- [`cp`](https://docs.aws.amazon.com/cli/latest/reference/s3/cp.html) - Copies a local file or S3 object to another location locally or in S3 [`ls`](https://docs.aws.amazon.com/cli/latest/reference/s3/ls.html) - List S3 objects and common prefixes under a prefix or all S3 buckets [`mb`](https://docs.aws.amazon.com/cli/latest/reference/s3/mb.html) - Creates an S3 bucket [`mv`](https://docs.aws.amazon.com/cli/latest/reference/s3/mv.html) - Moves a local file or S3 object to another location locally or in S3. [`presign`](https://docs.aws.amazon.com/cli/latest/reference/s3/presign.html) - Generate a pre-signed URL for an S3 object. This allows anyone who receives the pre-signed URL to retrieve the S3 object with an HTTP GET request. [`rb`](https://docs.aws.amazon.com/cli/latest/reference/s3/rb.html) - Deletes an empty S3 bucket [`rm`](https://docs.aws.amazon.com/cli/latest/reference/s3/rm.html) - Deletes an S3 object [`sync`](https://docs.aws.amazon.com/cli/latest/reference/s3/sync.html) - Syncs directories and S3 prefixes. Recursively copies new and updated files from the source directory to the destination. Only creates folders in the destination if they contain one or more files And that's it! You've learned how to use our S3-compatible Gateway. Ideally, you'll see how easy it is to swap out AWS for the Uplink, going forward. [Advanced usage](https://storj.dev/learn/self-host/gateway-st#advanced-usage) ------------------------------------------------------------------------------ Advanced usage for the single-tenant Gateway [Adding Access Grants](https://storj.dev/learn/self-host/gateway-st#adding-access-grants) ------------------------------------------------------------------------------------------ You can add several access grants to the `config.yaml`, using this format: access: 14aV.... # default Accessaccesses.site: 26NBm..... # the Access with name "site" access: 14aV.... # default Accessaccesses.site: 26NBm..... # the Access with name "site" CopyCopied! You can see the path to the default config file `config.yaml` with this command: WindowsLinuxmacOS ./gateway help ./gateway help CopyCopied! [Running options](https://storj.dev/learn/self-host/gateway-st#running-options) -------------------------------------------------------------------------------- You can run a gateway with specifying the access grant (or its name for example `--access site`) with the option `--access`, for example: WindowsLinuxmacOSDocker ./gateway run --access 14aV.... ./gateway run --access 14aV.... CopyCopied! ### [Running Gateway ST to host a static website](https://storj.dev/learn/self-host/gateway-st#running-gateway-st-to-host-a-static-website) You can also run a gateway to handle a bucket as a static website. WindowsLinuxmacOSDocker ./gateway run --access 14aV.... --website ./gateway run --access 14aV.... --website CopyCopied! Now you can navigate to [http://localhost:7777/site/](http://localhost:7777/site/) to see the bucket `site` as XML or to [http://localhost:7777/site/index.html](http://localhost:7777/site/index.html) to see a static page, uploaded to the bucket `site`. You can publish this page to the internet, but in this case, you should run your gateway with the option `--server.address local_IP:local_Port` (replace`local_IP`with the local IP of your PC and`local_Port` with the port you want to expose). If you use`localhost` or `127.0.0.1` as your `local_IP,` you will not be able to publish it directly (via port forwarding for example), instead, you will have to use a reverse proxy here. ### [Running Gateway ST to host a static website with cache](https://storj.dev/learn/self-host/gateway-st#running-gateway-st-to-host-a-static-website-with-cache) You can use the [Minio caching technology](https://docs.min.io/docs/minio-disk-cache-guide.html) in conjunction with the hosting of a static website. > The following example uses `/mnt/drive1`, `/mnt/drive2` ,`/mnt/cache1` ... `/mnt/cache3` for caching, while excluding all objects under bucket `mybucket` and all objects with '.pdf' extensions on an S3 Gateway setup. Objects are cached if they have been accessed three times or more. Cache max usage is restricted to 80% of disk capacity in this example. Garbage collection is triggered when the high watermark is reached (i.e. at 72% of cache disk usage) and will clear the least recently accessed entries until the disk usage drops to the low watermark - i.e. cache disk usage drops to 56% (70% of 80% quota). Export the environment variables before running the Gateway: WindowsLinuxmacOSDocker Cache disks are not supported, because caching requires the [`atime`](https://kerolasa.github.io/filetimes.html) function to be enabled. $env:MINIO_CACHE="on"$env:MINIO_CACHE_EXCLUDE="*.pdf,mybucket/*"$env:MINIO_CACHE_QUOTA=80$env:MINIO_CACHE_AFTER=3$env:MINIO_CACHE_WATERMARK_LOW=70$env:MINIO_CACHE_WATERMARK_HIGH=90 $env:MINIO_CACHE="on"$env:MINIO_CACHE_EXCLUDE="*.pdf,mybucket/*"$env:MINIO_CACHE_QUOTA=80$env:MINIO_CACHE_AFTER=3$env:MINIO_CACHE_WATERMARK_LOW=70$env:MINIO_CACHE_WATERMARK_HIGH=90 CopyCopied! Setting `MINIO_BROWSER=off` env variable would disable the Minio browser. This would make sense if running the gateway as a static website in production. Previous [Write Once, Read Many (WORM)](https://storj.dev/learn/concepts/worm) Next [Getting started with Storj Testnet on FreeNAS (freeBSD)](https://storj.dev/learn/tutorials/getting-started-with-storj-testnet-on-freenas-freebsd) --- # Key Management for Multi-tenant Data Partitioning and Isolation - Storj Docs [Multi-Tenant Isolation and Access Management](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#multi-tenant-isolation-and-access-management) =============================================================================================================================================================================== Applications and systems often provide for multiple distinct groups of uses to access common sets of services. Typically isloation is handled in the application layer via Identity and Access Management tooling(IAM). Lower in the applicaiton stack, storage platforms have many options to isolate data: from following filesystem conventions to metadata stores with unstructured data. Here we outline the options for using Storj in a multi-tenant mobile application requiring tenant data partitioning and isolation. The focus is primarily on access management options, including application authorization and key management capabilities. We present common implementation patterns but actual implementation of specific integrations will depend on the requirements of your application, including the relevant security policies in place. [Prerequisites](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#prerequisites) ================================================================================================================= To better understand the concepts described in this document, please read the following related documentation sections: * [Edge Security Models](https://storj.dev/learn/concepts/security-models) * [Multi-tenant Data Partitioning and Isolation](https://storj.dev/learn/concepts/multi-tenant-data) Those content sections will help you identify the appropriate model for multi-tenant data partitioning and isolation, and provide an understanding of the different options available for access and credential management. With that understanding, this document will provide different approaches to implementing a scalable approach for your application. Important Note: In all cases and approaches below, Storj assumes that your application has an existing mechanism for user authentication and identity management generally, for groups, roles, authorization, etc. within the context of your application. The concepts and approaches described below are limited to application authorization related to storage of data on Storj only. [Approaches to Credential Management for Multi-tenant Applications](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#approaches-to-credential-management-for-multi-tenant-applications) ========================================================================================================================================================================================================================= Storj provides tools to enable secure and scalable application integration, including supporting multiple access patterns including tools to manage credentials associated with the multi-tenant users of those applications. Establishing credential lifecycle management with least privilege and defined expiration within the paradigm of the application’s security policy provides optimal protection against common credential-related attack vectors. There are several tools in the Storj protocol related to credential and access management: * **Access Grant** - authorization token to perform actions on the service, a type of Bearer token that includes: * API Key - may be restricted based on operation, path, TTL, etc. * Encryption Key - may be restricted on path * Can be used to generate other access grants, S3 credentials and Linkshare Links ([More information](https://storj.dev/learn/concepts/access/access-grants) ) * **S3 Credential** - Programmatically generated with restrictions on path, operation and duration. * Derived from Access Grant and subject to restrictions encoded in Access Grant ([More information](https://storj.dev/dcs/api/s3/s3-compatibility) ) * Compatible and Interoperable with S3-compatible technology (Software, SDKs, etc.) * **Presigned URL** - standard S3 function to generate timebound unauthenticated bucket or path access link to interact with objects * Generated with S3 Credential and subject to restrictions encoded in S3 Credential ([More information](https://storj.dev/dcs/api/s3/presigned-urls) and some background detail) * **Linkshare Link** - persistent public HTTP link to retrieve objects * Generated with Access Grant and subject to restrictions encoded in Access Grant ([More information](https://storj.dev/learn/concepts/linksharing-service) ) * **Uplink Tools** - generate and manage Access Grants, S3 Credentials, linkshare links ([More information](https://storj.dev/dcs/api/uplink-cli) ) * Uplink is offered in several options, including: * [Storj CLI](https://storj.dev/dcs/api/uplink-cli) (Linux, Windows, Mac) * [Go Library](https://github.com/storj/storj/wiki/Libuplink-Walkthrough) * [Bindings for C](https://github.com/storj/uplink-c) * [Uplink Access](https://github.com/storj/access-python) (Uplink Lite library for Python native and Access Management only) These tools can be combined to support flexible architectures to serve most customer use cases for multi-tenant applications. [Typical Multi-tenant Solution Architecture Patterns](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#typical-multi-tenant-solution-architecture-patterns) ============================================================================================================================================================================================= Customer applications generally use one of the following solution architecture patterns when utilizing unique credentials as part of a multi-tenant applications. [Shared Datastore / Shared Schema](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#shared-datastore-shared-schema) ----------------------------------------------------------------------------------------------------------------------------------------------------- In this pattern, all tenants share the same database and the same tables. The data for different tenants is distinguished using an identifier and referenced with metadata. The simplest approach, this involves storing all tenants' data in the same datastore, distinguished by a tenant identifier. While it offers ease of implementation and cost efficiency, it poses significant security risks and potential performance issues [Shared Datastore / Seperate Schema](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#shared-datastore-seperate-schema) --------------------------------------------------------------------------------------------------------------------------------------------------------- Each tenant has its own schema within the same database. This pattern provides a logical separation of tenant data. This provides a better isolation level by assigning each tenant a distinct schema within the same database, facilitating tenant-specific customizations and improved security, albeit with increased management complexity [Dedicated Datastore](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#dedicated-datastore) ----------------------------------------------------------------------------------------------------------------------------- Each tenant has its own database. This pattern offers the highest level of isolation, where each tenant has a dedicated datastore. This ensures strong data isolation and allows for customizable configurations, but at the cost of higher operational overhead and resource usage. [Attribute-based Access Control (ABAC)](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#attribute-based-access-control-abac) --------------------------------------------------------------------------------------------------------------------------------------------------------------- Access is granted based on attributes (e.g., roles, departments, projects) rather than just tenant identifiers. This pattern is useful for complex, hierarchical access requirements. ABAC uses attributes associated with users, resources, and the environment to make real-time access decisions. This flexibility is particularly advantageous in multi-tenant environments, where tenants may have varying and complex access requirements. For instance, ABAC can evaluate user attributes such as department, role, and security clearance, as well as resource attributes like data sensitivity and classification, and environmental attributes including time of day and IP address. This allows for highly customized access policies that can accommodate the unique needs of each tenant. [Python Access Library](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#python-access-library) ================================================================================================================================= The following python information is using the SDK located at [https://github.com/storj/access-python](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management) . Note, this has been tested with Python 3.12.0. Ensure your environment certs and chains are installed. Create virtual environment $ python3 -m venv .venv $ python3 -m venv .venv CopyCopied! Activate the environment: $ . ./.venv/bin/activate $ . ./.venv/bin/activate CopyCopied! Install the project into the virtual environment as an editable project (.venv) $ python3 -m pip install -e ".[dev,tests]" (.venv) $ python3 -m pip install -e ".[dev,tests]" CopyCopied! * * * [Python CLI Tool](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#python-cli-tool) ===================================================================================================================== Once installed, the python access SDK provides a basic cli tool called `access` [Registration](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration) --------------------------------------------------------------------------------------------------------------- ### [Registration for S3 Credentials](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration-for-s3-credentials) access register --access access register --access CopyCopied! ### [Registration for Linksharing](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration-for-linksharing) access register --access --public=true access register --access --public=true CopyCopied! [Restriction](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#restriction) ------------------------------------------------------------------------------------------------------------- access restrict --access --readonly true access restrict --access --readonly true CopyCopied! [Other Common Examples](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#other-common-examples) --------------------------------------------------------------------------------------------------------------------------------- Config with an unrestricted Access Grant credential access restrict --access --readonly=false access restrict --access --readonly=false CopyCopied! Create path-prefix specific S3 credential bound to a top-level path prefix representing a tenant access restrict --access --prefix sj://// access restrict --access --prefix sj://// CopyCopied! Restrict operations: Read/Write/List not Delet uplink access restrict --access --disallow-deletes true uplink access restrict --access --disallow-deletes true CopyCopied! * * * [Uplink CLI Tool](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#uplink-cli-tool) ===================================================================================================================== [Registration](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration-2) ----------------------------------------------------------------------------------------------------------------- Allows you to register an Access Grant with the S3 gateway, allowing you to get S3 credentials assocated to the provided Access Grant. ### [Registration for S3 credentials](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration-for-s3-credentials-2) uplink access register uplink access register CopyCopied! ### [Registration for linksharing](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#registration-for-linksharing-2) uplink access register --access --public=true uplink access register --access --public=true CopyCopied! [Restriction](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#restriction-2) --------------------------------------------------------------------------------------------------------------- Allows you to restrict the permissions an Access Grant has. (e.g. disallow reads, writes, timebox, etc.) Example: uplink access restrict --access --readonly true uplink access restrict --access --readonly true CopyCopied! [URL Sharing Construction](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#url-sharing-construction) --------------------------------------------------------------------------------------------------------------------------------------- https://link.storjshare.io/s/// https://link.storjshare.io/s/// CopyCopied! You can also optionally add _?map=1_ to the URL to return a graphic map of the nodes serving the object. ### [Linksharing Query Parameters](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#linksharing-query-parameters) _download_ - if value is 1, forces a download of the object _wrap_ - if value is 1, shows the storj sharing frame, if 0, goes directly to data using the browser to render based on MIME type _map_ - if value is 1, shows only the map. Note that map=1 must be set for the following parameters to take affect. _include-stats_ - If value is 1, shows data with the map. If 0, hides data _width_ (int) - configures width of map - defaults to 800 _view_ - if wrap is not set, this is the opposite of wrap [Other Common Examples...](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#other-common-examples-2) -------------------------------------------------------------------------------------------------------------------------------------- Config with an unrestricted Access Grant credential uplink share sj:/// --readonly=false uplink share sj:/// --readonly=false CopyCopied! Create path-prefix specific S3 credential uplink access restrict --access --prefix sj:////uplink access register uplink access restrict --access --prefix sj:////uplink access register CopyCopied! Time bound to 2 weeks uplink access restrict --access --not-after +336h uplink access restrict --access --not-after +336h CopyCopied! Path bound to single top-level path prefix representing a tenant uplink access restrict --access --prefix sj://// uplink access restrict --access --prefix sj://// CopyCopied! Restrict operations: Read/Write/List not Delete uplink access restrict --access --disallow-deletes uplink access restrict --access --disallow-deletes CopyCopied! List credentials uplink access list uplink access list CopyCopied! Delete credential uplink access revoke --access uplink access revoke --access CopyCopied! REST API Storj provides a set of REST APIs by which you can perform basic operations related to access management. To execute the list and delete commands you must be logged into storj.io. [Export List of IDs](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#export-list-of-ids) =========================================================================================================================== The following will export your access list including name, 50 at a time. You will need to increment pages 1+ for lists longer than 50. Please note the limit is hard coded on the back end at 50 and changing that figure to greater than 50 will have no effect. Page 1, items 1-50 & Page, Items 51-100. Continue as needed. pageCount at the end of the command output will tell you the number of pages you have. https://us1.storj.io/api/v0/api-keys/list-paged?projectID={yourprojectid}&limit=50&page=1&order=0&orderDirection=0 https://us1.storj.io/api/v0/api-keys/list-paged?projectID={yourprojectid}&limit=50&page=1&order=0&orderDirection=0 CopyCopied! { "apiKeys": [ { "id": "acc0dd0a-786b-46e7-b5e8-6b9c8bfffbb8", "projectId": "c4885998-ead0-48db-abe6-ffff8635b453", "projectPublicId": "f3452ca7-9d8b-4aa1-9e32-f2ffa0f58bd4", "userAgent": null, "name": "access1_lab", "createdAt": "2023-12-22T21:19:37.48406Z" }, { "id": "01c46872-1573-4944-8a0a-54752aff98f1", "projectId": "c4885998-ead0-48db-ffe6-ff798635b453", "projectPublicId": "f3452ca7-9d8b-4ff1-9e32-f2a9a0f581d4", "search": "", "limit": 50, "order": 0, "orderDirection": 0, "offset": 0, "pageCount": 1, "currentPage": 1, "totalCount": 1 } ]} { "apiKeys": [ { "id": "acc0dd0a-786b-46e7-b5e8-6b9c8bfffbb8", "projectId": "c4885998-ead0-48db-abe6-ffff8635b453", "projectPublicId": "f3452ca7-9d8b-4aa1-9e32-f2ffa0f58bd4", "userAgent": null, "name": "access1_lab", "createdAt": "2023-12-22T21:19:37.48406Z" }, { "id": "01c46872-1573-4944-8a0a-54752aff98f1", "projectId": "c4885998-ead0-48db-ffe6-ff798635b453", "projectPublicId": "f3452ca7-9d8b-4ff1-9e32-f2a9a0f581d4", "search": "", "limit": 50, "order": 0, "orderDirection": 0, "offset": 0, "pageCount": 1, "currentPage": 1, "totalCount": 1 } ]} CopyCopied! [Delete IDs](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#delete-ids) =========================================================================================================== Although the listing above is a traditional GET and can be sent through your browser the delete task must be sent as a DELETE. There are various ways to do this including using [Postman](https://www.postman.com/) or a browser plugin like [RESTer](https://chromewebstore.google.com/detail/rester/eejfoncpjfgmeleakejdcanedmefagga?pli=1) . [Sample Command](https://storj.dev/learn/concepts/multi-tenant-data/multi-tenant-access-management#sample-command) ------------------------------------------------------------------------------------------------------------------- https://us1.storj.io/api/v0/apikeys/delete/acc0dd0a-786b-46e7-b5e8-6b9c8b05fbb8 https://us1.storj.io/api/v0/apikeys/delete/acc0dd0a-786b-46e7-b5e8-6b9c8b05fbb8 CopyCopied! Read more about [Access Grants](https://storj.dev/learn/concepts/access/access-grants) . Previous [Multi-tenant Data Partitioning and Isolation](https://storj.dev/learn/concepts/multi-tenant-data) Next [Multiregion Availability](https://storj.dev/learn/concepts/multiregion-availability) --- # Implementing Nextcloud Using Storj - Storj Docs [Github resource](https://storj.dev/dcs/third-party-tools/nextcloud#github-resource) ------------------------------------------------------------------------------------- [https://github.com/storj-thirdparty/nextcloud-app/](https://github.com/storj-thirdparty/nextcloud-app/) Previous [MSP360](https://storj.dev/dcs/third-party-tools/msp360) Next [NFT storage for OpenSea](https://storj.dev/dcs/third-party-tools/opensea) --- # QNAP Hybrid Backup Sync 3 Overview and Integration with Storj - Storj Docs **QNAP Hybrid Backup Sync (HBS) 3** is a comprehensive backup, recovery, and data synchronization solution for QNAP NAS devices. It supports various storage solutions, including local, remote, and cloud storage. For more information, visit the [QNAP website](https://www.qnap.com/) . You can also explore [QNAP's HBS 3](https://www.qnap.com/solution/hbs3/en-us/) for detailed features. [Advantages of QNAP HBS 3 with Storj](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#advantages-of-qnap-hbs-3-with-storj) --------------------------------------------------------------------------------------------------------------------------------------------- * **Comprehensive Coverage**: Backup and synchronize data across multiple platforms, including NAS, cloud, and remote servers. * **Efficient Disaster Recovery**: Using Storj's global network of tens of thousands of Storage nodes provides quick and easy recovery to ensure minimal downtime in case of data loss. * **Real-time Synchronization**: Keep your data updated across different locations in real time. * **Flexible Scheduling**: Customizable backup schedules to fit business needs. [Integration](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#integration) --------------------------------------------------------------------------------------------- To integrate your QNAP NAS with your preferred backup solution using HBS 3, you'll need to configure settings within HBS 3. ### [Requirements](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#requirements) * A QNAP NAS device with HBS 3 installed. * An active Storj account: Navigate to [https://storj.io/signup?partner=qnap](https://storj.io/signup?partner=qnap)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. * A bucket for QNAP in your Storj account. ### [Set Up HBS 3 on Your QNAP NAS](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#set-up-hbs-3-on-your-qnap-nas) 1. **Install HBS 3**: Ensure that HBS 3 is installed on your QNAP NAS. You can find it in the QNAP App Center. 2. **Launch HBS 3**: Open HBS 3 from your QNAP interface. ### [Configure HBS 3 to use Storj](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#configure-hbs-3-to-use-storj) 1. Go to "Storage Spaces" 2. Create new S3 compatible space. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup1.png) 3. Create [Storj S3-compatible credentials](https://storj.dev/dcs/access#create-s3-credentials) 4. Enter the following on the "Create a Storage Space" screen * **Service provider**: S3 Compatible * **Server address**: gateway.storjshare.io * **Signature version**: v4 * **Region**: Global * **Access key** and **Secret key**: created in the previous step [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup2.png) 5. [Create a bucket](https://storj.dev/dcs/buckets/create-buckets) for the "Use specific bucket" option 6. Select **Create** ### [Configure Backup Jobs](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3#configure-backup-jobs) 1. Create a New Backup Job: Choose remote as the backup you want to create 2. Select Source: Choose the folders or volumes on your NAS that you want to back up 3. Select Destination: Choose Storj 4. Enter the bucket name created previously [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/qnap-hbs3-backup4.png) 5. Set Schedule and Options: Configure backup schedule, versioning, encryption, and other options based on your needs. 6. Save and Run the Backup Job: Save the configuration and run the backup job to ensure it works as expected. Previous [Plex](https://storj.dev/dcs/third-party-tools/plex) Next [Rclone](https://storj.dev/dcs/third-party-tools/rclone) --- # Setting Up and Using Mountain Duck - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/mountainduck#introduction) ---------------------------------------------------------------------------------- Mountain Duck is an inexpensive, user-licensed application developed by the same team as [Cyberduck](docid:QQGzEDU8o-IodQWmr7xP3) , serving as a versatile file access tool. It allows users to mount server and cloud storage accounts as local disks in Finder on macOS and the File Explorer on Windows. Supporting various protocols like FTP, SFTP, WebDAV, and cloud storage providers, including Storj, Mountain Duck provides a seamless integration of remote storage into the user's file system. In this brief tutorial, we'll go over downloading and setting up Mountain Duck to integrate with Storj, facilitating easy and intuitive drag-and-drop file transfer to Storj. [Prerequisites:](https://storj.dev/dcs/third-party-tools/mountainduck#prerequisites) ------------------------------------------------------------------------------------- * Storj account with [Getting started](https://storj.dev/dcs/getting-started) * Storj S3 compatiable access and secret key (see [Create S3 Credentials](https://storj.dev/dcs/access#create-s3-credentials) ) [Downloading Mountain Duck](https://storj.dev/dcs/third-party-tools/mountainduck#downloading-mountain-duck) ------------------------------------------------------------------------------------------------------------ Users can download Mountain Duck by navigating to [https://mountainduck.io/](https://mountainduck.io/) . Mountain Duck offers a free trial, so that you can evaluate the software before deciding if you'll purchase a license. ### [Using Mountain Duck with Storj](https://storj.dev/dcs/third-party-tools/mountainduck#using-mountain-duck-with-storj) Once the download is complete, install and run the Mountain Duck client. Click the new, duck-shaped icon in your menu bar (MacOS) / system tray (Windows), and select **Open Connection**. Perform the following actions in the resulting window: Select **Storj DCS** from the top-most selection list. * If "Storj DCS" is not an option in this list, select **More options...** to open the Profiles window. Find **Storj DCS** in the profile list, check it's checkbox, and close the Profiles window. This will add **Storj DCS** to the selection list. Populate the **Nickname**, **Access Key**, and **Secret Key** fields. * Enter any name of your choice into the **Nickname** selection. * Enter your S3 Gateway Credentials Access Key into the **Access Key** selection. * Enter your S3 Gateway Credentials Secret Key into the **Secret Key** selection. Finally, click **Connect**. If you’ve added your S3 Gateway Credentials properly, a folder will display in Finder (MacOS) / Explorer (Windows), displaying one folder per Storj. You can now drag and drop files to the **Storj** network seamlessly and easily via Mountain Duck and your operating system. Congrats! Previous [MongoDB Ops Manager](https://storj.dev/dcs/third-party-tools/mongodb) Next [MSP360](https://storj.dev/dcs/third-party-tools/msp360) --- # Guide to Integrate Photos+ App with Storj - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/photos-plus#introduction) --------------------------------------------------------------------------------- **Photos+** is an iOS/Android App. It allows you to store and manage your photos and videos in your own cloud storage account. You can use **Photos+** with **Storj** S3-compatible storage. **Main site**: [https://photosplus.app/](https://photosplus.app/) Mobile app download links: * Apple App Store: [https://apps.apple.com/us/app/photos-cloud-library/id1310744251](https://apps.apple.com/us/app/photos-cloud-library/id1310744251) * Google Play Store: [https://play.google.com/store/apps/details?id=com.pixegram.photosplus](https://play.google.com/store/apps/details?id=com.pixegram.photosplus) [Configure Photos+ to use Storj](https://storj.dev/dcs/third-party-tools/photos-plus#configure-photos-to-use-storj) -------------------------------------------------------------------------------------------------------------------- 1. When starting **Photos+**, you will be shown an empty Library. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/utqlQk3YxL60YZ5gWsSwK_img2807.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/utqlQk3YxL60YZ5gWsSwK_img2807.png) 2\. Click on the person-shaped icon in the lower right corner to show your Profile page. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/a5v_k_PKDJqIsxs1DGfD1_img2808.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/a5v_k_PKDJqIsxs1DGfD1_img2808.png) 3\. Click on the cog wheel icon on the upper right to access Settings. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WTySRmSPRk7ew95G59r2C_imgedaea36c758c-1-2.jpeg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WTySRmSPRk7ew95G59r2C_imgedaea36c758c-1-2.jpeg) 4\. Click **Configure** to begin setting up Storj for Photos+. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yXxrIf3BXor9m9KsqPY6W_imgf65448a9a594-1.jpeg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/yXxrIf3BXor9m9KsqPY6W_imgf65448a9a594-1.jpeg) 5\. Select **S3 Storage** and enter “gateway.storjshare.io” as the URL, along with your corresponding access key and secret key. See [Getting started](https://storj.dev/dcs/getting-started) for details on creating these access credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zIpOoL3wJvmashUj-iHjB_img419569e7945f-1.jpeg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zIpOoL3wJvmashUj-iHjB_img419569e7945f-1.jpeg) 6\. Once you’ve completed configuring Storj as your Cloud Storage Provider, to see Storj in action, you’ll need to click the icon in the lower right corner composed of four squares to return to your Library. From there, click the three-dot icon in the upper right corner. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UGNi_XIgzeXZMqdxT_e6Y_img2812.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UGNi_XIgzeXZMqdxT_e6Y_img2812.png) 7\. Click **Add Album** and type in your chosen Album name. Then click the large checkbox in the center of the screen to continue. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/nGx6MrNH0jddwuOyCkMpN_img2830.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/nGx6MrNH0jddwuOyCkMpN_img2830.png) 8\. Once your album is created, click its name to view it. While viewing the album, you can add content to it using the plus-sign icon in the upper right corner. This will bring up the “Select Album” screen. Click the album from which you want to add photographs. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/GKmxVS6gEwcqADIQOf6Di_img2865.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/GKmxVS6gEwcqADIQOf6Di_img2865.png) 9\. When viewing an album, select individual media to add by clicking each item, or use the blank checkbox next to the **Add** checkbox in the upper right to add all items. Once you’ve selected all the items your want in your album, click **Add** to continue. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fKryepsJ2ygBUCb7NplLE_img2863.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fKryepsJ2ygBUCb7NplLE_img2863.png) 10\. At this point, you should see an album in your Library. You’re ready to synchronize your media to Storj. Click the circular arrow icon at the bottom center of the screen. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/TMipi78UFMC_XlLSWX_W1_img2806.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/TMipi78UFMC_XlLSWX_W1_img2806.png) 11\. Click **Start** to begin synchronizing your library. You may check via the Storj dashboard or use any of our command line tools to see if your library has been backed up to Storj. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tEymuK4I_atEURjaPffbs_img2866.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/tEymuK4I_atEURjaPffbs_img2866.png) Previous [oCIS - ownCloud Infinite Scale](https://storj.dev/dcs/third-party-tools/ocis) Next [PixelFed](https://storj.dev/dcs/third-party-tools/pixelfed) --- # Backing up WordPress with UpdraftPlus plugin and Storj - Storj Docs [Installation of UpdraftPlus](https://storj.dev/dcs/third-party-tools/wordpress-site-with-updraftplus#installation-of-updraft-plus) ------------------------------------------------------------------------------------------------------------------------------------ UpdraftPlus is a common plugin for WordPress. First, you need to [install WordPress](https://wordpress.org/support/article/how-to-install-wordpress/) . You can also use`docker-compose` to [install it locally or on your remote server](https://docs.docker.com/samples/wordpress/) . To download, install and activate the UpdraftPlus plugin, please follow their guide: [https://updraftplus.com/download/](https://updraftplus.com/download/) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W1rX6ZdrsYO76Yy5AuhIm_wordpress.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W1rX6ZdrsYO76Yy5AuhIm_wordpress.png) We will continue configuring the UpdraftPlus plugin after we have created the Gateway MT credentials. [Generate Gateway MT credentials](https://storj.dev/dcs/third-party-tools/wordpress-site-with-updraftplus#generate-gateway-mt-credentials) ------------------------------------------------------------------------------------------------------------------------------------------- Please sign in to your Storj account **Navigate to the Access** page within your project and then click on **Create S3 Credentials**. A modal window will pop up where you should enter a name for this access grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BC_m93u0hx0LSTkrIlvAi_wordpress2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BC_m93u0hx0LSTkrIlvAi_wordpress2.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zMRmJWe8Yf__15KPTGG8o_wordpress3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zMRmJWe8Yf__15KPTGG8o_wordpress3.png) **Assign the permissions** you want this access grant to have, then click on **Encrypt My Access.** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/80-mA1KwBVtiknf691R4Z_wordpress4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/80-mA1KwBVtiknf691R4Z_wordpress4.png) **Enter the Encryption Passphrase** you used for your other access grants. If this is your first access grant, we strongly encourage you to use a mnemonic phrase as your encryption passphrase (The GUI automatically generates one on the client-side for you.) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UdKhUUmYf7OOGlCNaVq2Q_wordpress5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UdKhUUmYf7OOGlCNaVq2Q_wordpress5.png) Click either on the **Copy to clipboard** link or **Download .txt** and then confirm that you copied your Encryption Phrase to a safe place. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dy0nyX4BVQZLewP5yj9fJ_wordpress6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dy0nyX4BVQZLewP5yj9fJ_wordpress6.png) Click the **Create my Access** link to finish generating of S3 credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VQI4G3wAixCknE2lnML4q_wordpress7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VQI4G3wAixCknE2lnML4q_wordpress7.png) Copy your **Access Key**, **Secret Key**, and **Endpoint** to a safe location or download them. Now you are ready to configure **UpdraftPlus** plugin. [Configuring UpdraftPlus plugin to work with Storj](https://storj.dev/dcs/third-party-tools/wordpress-site-with-updraftplus#configuring-updraft-plus-plugin-to-work-with-storj) -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Now that we have finished generating the Gateway MT credentials, let´s go back to the UpdraftPlus configuration. Once the plugin has been activated, you should open its settings: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/iSJUjPPdgIb_C5Xo-sozY_wordpress8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/iSJUjPPdgIb_C5Xo-sozY_wordpress8.png) 1\. Click the **Settings** tab at the top part of the **_Settings_** page of the **UpdraftPlus** plugin. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VHpeQ4DAhNxi5CIZAQhw0_wordpress9.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VHpeQ4DAhNxi5CIZAQhw0_wordpress9.png) 2\. Specify a preferred backup schedule for files and/or databases and how many incremental backups you want to have. See [https://wordpress.org/plugins/updraftplus/](https://wordpress.org/plugins/updraftplus/) for more details. 3\. Click on the **S3-Compatible (Generic)** option. The following fields need to be filled in: **S3 access key**, **S3 secret key**, **S3 location** and **S3 end-point**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W-rtITn3IuYXGg8cRvscU_wordpress10.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W-rtITn3IuYXGg8cRvscU_wordpress10.png) 4\. Specify your **Access Key** from your GatewayMT credentials in the **S3 access key** field, your **Access Secret Key** from the GatewayMT credentials in the **S3 secret key** field, **Endpoint** from the GatewayMT credentials in the **S3 end-point** field, and your bucket in the **S3 location** field, select `Path style` in the **Bucket access style** and `Sigv4` as a **Signature version**. Then click the **Test S3-Compatible (Generic) Settings** button below. If everything was specified correctly, you should see a successful message like this: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wordpress-UpdraftPlus-2024.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wordpress-UpdraftPlus-2024.png) 5\. Please save the **UpdraftPlus** plugin settings with the **Save changes** button at the bottom of the page. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ZpdW_kXCk-t9jZugb0sMU_wordpress12.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ZpdW_kXCk-t9jZugb0sMU_wordpress12.png) After you successfully configured Storj as your storage back end in the **UpdraftPlus** plugin and saved your configuration, you can return back to the **_Backup / Restore_** tab to start your backup manually right away. Previous [Veeam](https://storj.dev/dcs/third-party-tools/veeam) Next [Zerto](https://storj.dev/dcs/third-party-tools/zerto) --- # How to Integrate Zerto with Storj - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/zerto#introduction) --------------------------------------------------------------------------- [**Zerto**](https://www.zerto.com/) brings together disaster recovery and data protection. It provides a single, scalable solution that offers simple cloud data management and protection across on-premises, hybrid, and multi-cloud environments. * You can use **Zerto** with **Storj** S3-compatible storage. * You can download a free trial [here](https://www.zerto.com/try-or-buy/try-zerto-free/) . * Demo site: [Zerto’s Hands on Labs](https://www.zerto.com/page/labs/?z_campaign=2020_Google_Ads_Training_Labs_On_demand&z_content=Labs&z_leadsource=Google_Adwords&z_referrer=Adwords&z_source=7012I000001hzgP&gclid=CjwKCAjwj42UBhAAEiwACIhADqQ1Xo-tUPvM5qy8Pe1U2IxOnx-KBzpTQAgevDJYc42LYIXwgLIJTRoCDkUQAvD_BwE) [Configure Zerto to use Storj](https://storj.dev/dcs/third-party-tools/zerto#configure-zerto-to-use-storj) ----------------------------------------------------------------------------------------------------------- Log into Zerto Virtual Manager (ZVM). On the left-hand side of the ZVM dashboard, click the `Setup` button (icon looks like a wrench). Tab over to `Repositories` and click `New Repository`. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wd8mAal1a9cJzhJz1ZIiu_image-131-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/wd8mAal1a9cJzhJz1ZIiu_image-131-2.png) On the `New Repository` wizard screen: * General: * Provide a name for the repository * Change `Storage Type` to S3-Compatible storage * Toggle whether to set this as your default LTR repo * Settings: * Region: enter the region your bucket is provisioned in (US1, EU1 or AP1) * Endpoint URL: provided in the [Getting started](https://storj.dev/dcs/getting-started) [https://gateway.storjshare.io/](https://gateway.storjshare.io/) * Bucket Name: enter the name of your bucket, for example, ¨demo-bucket * Access Key: provided in [Getting started](https://storj.dev/dcs/getting-started) you generated with Storj * Secret Access Key: provided in [Getting started](https://storj.dev/dcs/getting-started) you generated with Storj After populating all fields, click `Save`. You should now see the Storj Repo as part of your LTR repository list. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LTGvqT_kuVNQi-upd1i_w_image-128-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LTGvqT_kuVNQi-upd1i_w_image-128-2.png) You may optionally verify Zerto's connection via the Storj website. To do so, please sign in to your Storj account, click on `Buckets` on the left-hand side, then select your demo-bucket from the `Buckets` view, and provide the encryption passphrase. You will be taken to this bucket’s page, where you will see a _repository.config_ file, confirming the connection. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/159AagxGtKM2d-4Pa6ciu_image-132-1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/159AagxGtKM2d-4Pa6ciu_image-132-1.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/mXYqiwqgtYgHu7XVmFPOO_image-161.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/mXYqiwqgtYgHu7XVmFPOO_image-161.png) Once the repository is configured, return to the ZVM interface in Zerto. On the left-hand side, click `VPGs`. On the VPG management screen, tick the box next to the VPG you are looking to protect. Check the following Long-Term Retention settings and click `Done`: Returning to the VPG management page, click `Actions`, then `Run Retention Process`. This will initiate an upload of a copy of the virtual machine to the Storj repository. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/NjjDzbSCkPTtwdQR9nVhv_image-150-1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/NjjDzbSCkPTtwdQR9nVhv_image-150-1.png) You may return to the Storj website to see a copy of the Windows File Server in the Storj demo-bucket. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/f2lF3e0pHov1aETDPaluE_image-167.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/f2lF3e0pHov1aETDPaluE_image-167.png) [Restoring a backup with Zerto](https://storj.dev/dcs/third-party-tools/zerto#restoring-a-backup-with-zerto) ------------------------------------------------------------------------------------------------------------- Once the initial Retention Process has been completed, you may “accidentally” delete all the files in that recently copied file server in order to test the functionality of restoring a backup. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/2n7g0THrz5ACXRxzlXkWW_image-129.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/2n7g0THrz5ACXRxzlXkWW_image-129.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/7MGQmDFCJNHK1L7iSrIRw_image-125-1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/7MGQmDFCJNHK1L7iSrIRw_image-125-1.png) Return to the ZVM console and start a File Level Restore. Click `Restore`, then `Search and Restore`. Search for the deleted file share and click on it. Then click `Restore File`. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WgsTjg4zAftrU333gmhrE_image-138-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/WgsTjg4zAftrU333gmhrE_image-138-2.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/oOqJtwIiCO5d6UknkU77d_image-140.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/oOqJtwIiCO5d6UknkU77d_image-140.png) Click the folder icon and select the Fileshare to restore it to the Windows File Servers (WinFS), as shown below. Click `Restore`. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CYZhE0y58fP6p4aophQW5_image-126.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/CYZhE0y58fP6p4aophQW5_image-126.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Selcqw8DpSSzAZBkswAe2_image-136.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Selcqw8DpSSzAZBkswAe2_image-136.png) A file restore task will kick-off, beginning the movement of that file share directory and all its contents backed up in Storj back to the Windows File Server. Once completed, you can find the recovered folder and its files restored in the directory. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/foiWuDXaE2bKPhJpASFuY_image-152.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/foiWuDXaE2bKPhJpASFuY_image-152.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/QwfpOYEO6JYjVl4IaS-kl_image-178.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/QwfpOYEO6JYjVl4IaS-kl_image-178.png) Previous [WordPress backup with UpdraftPlus](https://storj.dev/dcs/third-party-tools/wordpress-site-with-updraftplus) --- # Getting Started with Rclone Configuration - Storj Docs Follow the [Getting Started guide](https://storj.dev/dcs/getting-started) to setup Rclone. There are 2 ways to use Rclone with Storj: 1. **S3 Compatible:** Connect to the Storj network via the S3 protocol/S3 gateway. 2. **Native:** Connect over the Storj protocol to access your bucket. [S3 Compatible](https://storj.dev/dcs/third-party-tools/rclone#s3-compatible) ------------------------------------------------------------------------------ Use our [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) to increase upload performance and reduce the load on your systems and network. A 1GB upload will result in only 1GB of data being uploaded. * Faster upload * Reduction in network load * Server-side encryption [See common commands](https://storj.dev/dcs/getting-started) to get started! [Native](https://storj.dev/dcs/third-party-tools/rclone#native) ---------------------------------------------------------------- Use our native Rclone integration to take advantage of client-side encryption, and to achieve the best possible download performance. Note that uploads will be erasure-coded locally [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) ; thus, uploading a 1GB file will result in 2.68GB uploaded data out of your network (to storage nodes across the network). * End-to-end encryption * Faster download speed [See common commands](https://storj.dev/dcs/third-party-tools/rclone/rclone-native) to get started! [Rclone - S3 Compatible](https://storj.dev/dcs/getting-started) ---------------------------------------------------------------- [Rclone - Native](https://storj.dev/dcs/third-party-tools/rclone/rclone-native) -------------------------------------------------------------------------------- Previous [QNAP Hybrid Backup Sync 3](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3) Next [Rclone Commands](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3) --- # Setting Up Plex with Storj for Private Streaming - Storj Docs [Video Storage](https://storj.dev/dcs/third-party-tools/plex#video-storage) ---------------------------------------------------------------------------- Managing a multimedia library can be tedious and time-consuming. Organizing your saved movies and TV shows into a streamable format requires effort to index, sort, and optimize the video files for playback. Fortunately, programs like Plex exist to make this easier. Plex is a media player platform that provides clients for desktop, mobile, and TV devices. These clients can stream from online services or your own downloaded videos. [Video Playback from Anywhere](https://storj.dev/dcs/third-party-tools/plex#video-playback-from-anywhere) ---------------------------------------------------------------------------------------------------------- With the Storj decentralized video storage service, your multimedia objects are available anywhere, at any time. Decentralized video storage offers many advantages over traditional centralized storage. These include higher availability, better security, and a lower operating budget. With decentralized storage, your videos are distributed across a global network of nodes. This ensures more reliable access with fewer single points of failure. For that same reason, your files are not vulnerable to the security measures that may or may not exist for one central data repository. Additionally, Storj's network eliminates many of the maintenance and engineering costs of centralized object storage services. The ability to store and retrieve your video files from anywhere using Storj's global network is great for hosting the files. But what about streaming and playback? Connecting Storj as the multimedia backend to a service like Plex would give the advantages of both services. Specifically, that means we want reliable, decentralized storage _with_ convenient streaming playback. Thankfully this is all possible! [Setting up Storj with Plex Using Rclone](https://storj.dev/dcs/third-party-tools/plex#setting-up-storj-with-plex-using-rclone) -------------------------------------------------------------------------------------------------------------------------------- [Rclone](https://rclone.org/) is a program that helps with the management of files on various cloud storage services. It provides a command called [`rclone mount`](https://rclone.org/commands/rclone_mount/) that allows files on cloud storage to be mounted as a local filesystem. For this guide, we are going to show how to set up Rclone to sync your local files with Storj. This can then serve as your storage backend for a service like Plex. [Getting Started](https://storj.dev/dcs/third-party-tools/plex#getting-started) -------------------------------------------------------------------------------- You should start by reading the [Rclone](https://storj.dev/dcs/third-party-tools/rclone) . Follow the steps to configure your Storj access credentials using the `rclone config` command. These docs show how to run basic commands to sync files from your local system to Storj buckets, but we would like to go a step further and mount a Storj bucket as its own filesystem. This will provide persistent storage for our video streaming service. ### [Mounting the Filesystem](https://storj.dev/dcs/third-party-tools/plex#mounting-the-filesystem) The `rclone mount` command can be used to mount a cloud storage service as a local filesystem. With this enabled, Rclone can bidirectionally copy new files to Storj and read them from your buckets for playback in the Plex client. Mount your file directories with this command: rclone mount Storj:media X:\ --vfs-cache-mode full --dir-cache-time 1h --read-only --no-checksum --no-modtime --rc rclone mount Storj:media X:\ --vfs-cache-mode full --dir-cache-time 1h --read-only --no-checksum --no-modtime --rc CopyCopied! This command does a few things: * `rclone mount Storj:media X:\` maps to `rclone mount : `, where `` is the Storj interface configured with Rclone following the steps in **Getting Started**, `` is the location in the Storj bucket where media files will be hosted, and `` is the directory on your local system that the Storj service should be mounted as. * `--vfs-cache-mode full` sets the [VFS file cache settings](https://rclone.org/commands/rclone_mount/#vfs-file-caching) for optimal file cache buffering * `--dir-cache-time 1h` sets the directory cache time to one hour * `--read-only` specifies that the mount should be read-only * `--no-checksum` disables checksums for better performance * `--no-modtime` prevents modification times from being written so that Plex doesn't pick them up as changed files * `--rc` enables remote control of Rclone via its API. This will be used to issue commands to sync the Rclone mount below. ### [Syncing New Files to Storj With Rclone](https://storj.dev/dcs/third-party-tools/plex#syncing-new-files-to-storj-with-rclone) Even though your Storj bucket is now mounted to your local filesystem, you may want to add new files to your Plex setup. In order to do this, we can move the files to the mounted buckets and tell Rclone to sync the entire system while it is running. To move new files to your Storj bucket, we can use the [`rclone move`](https://rclone.org/commands/rclone_move/) command like so: rclone move -P D:\shows\ Storj:media/shows/ --delete-empty-src-dirs --fast-list --drive-chunk-size=64M --max-backlog=999999 --transfers=8 --checkers=4 --no-traverse rclone move -P D:\shows\ Storj:media/shows/ --delete-empty-src-dirs --fast-list --drive-chunk-size=64M --max-backlog=999999 --transfers=8 --checkers=4 --no-traverse CopyCopied! The flags in this command such as `--transfers` may require some tweaking to work best based on your available CPU and memory. But the command is essentially copying files from the local `D:\shows\` directory to the `media/shows/` folder in our Storj bucket. ### [Refreshing the Local Sync Location](https://storj.dev/dcs/third-party-tools/plex#refreshing-the-local-sync-location) Now that the files have been copied, we need to notify the mounted Rclone directory to refresh its contents. We can issue commands directly to the Rclone mount while it is running thanks to the `--rc` flag that was passed to it when we set up the mount. This is done by running [`rclone rc`](https://rclone.org/rc/) . Sync your Rclone mount with this command: rclone rc vfs/refresh -v --fast-list recursive=true rclone rc vfs/refresh -v --fast-list recursive=true CopyCopied! This recursively refreshes the root directory of the Rclone mount to pick up the newly uploaded files in Storj. **Tip:** You can even run `rclone move` and `rclone rc vfs/refresh` on a script or job to automatically keep your multimedia service up-to-date. [Wrapping Up](https://storj.dev/dcs/third-party-tools/plex#wrapping-up) ------------------------------------------------------------------------ Now that you've set up Rclone to read and write to your Storj buckets, you can configure Plex to use your mounted buckets as a storage location. Some tips for configuring Plex with this setup are: * Under Settings > Library, uncheck "empty trash automatically after each scan" * Check "use partial scan" so that Plex doesn't scan the entire Storj mount every time new content is discovered These, along with the other steps we took while setting up the mount, will help optimize Plex performance when reading from Storj. With Plex configured to use Storj for storage, you now have a convenient streaming and organization platform backed by reliable, decentralized object storage. Previous [PixelFed](https://storj.dev/dcs/third-party-tools/pixelfed) Next [QNAP Hybrid Backup Sync 3](https://storj.dev/dcs/third-party-tools/qnap-hybrid-backup-sync-3) --- # How to use Storj with Hugging Face - Storj Docs [Hugging Face](https://huggingface.co/) (🤗 ) is a platform that allows developers to train and deploy open-source AI models. It's similar to GitHub in providing a space for developers to code and deploy AI applications, including language models, transformers, text2image, and more. One of the stand-out features of the platform is “🤗 Datasets” – which is a collection of over 5,000 ML datasets that are available for use. _In this guide, we will walk through configuring _[_HuggingFace Datasets_](https://huggingface.co/docs/datasets/index) _ with Storj using _[_S3FS_](https://huggingface.co/docs/datasets/filesystems) _ until a Storj-native integration pattern is defined._ [Prerequisites](https://storj.dev/dcs/third-party-tools/hugging-face#prerequisites) ------------------------------------------------------------------------------------ * Familiarity and account with Hugging Face (see [Quick Start Guide](https://huggingface.co/docs/huggingface_hub/quick-start) ) * Familiarity with [Colab](https://colab.research.google.com/) or equivalent environment to run code in (see [Notebooks](https://huggingface.co/docs/transformers/notebooks) ) * Storj S3 compatible access and secret key (see [Getting started](https://storj.dev/dcs/getting-started) ) * A bucket created on Storj (see [Create buckets](https://storj.dev/dcs/buckets/create-buckets) ) [Setup Storj with S3Fs](https://storj.dev/dcs/third-party-tools/hugging-face#setup-storj-with-s3-fs) ----------------------------------------------------------------------------------------------------- Storj will use s3fs in order to work with the Hugging Face APIs. First, install some dependencies needed. pip install -qqU s3fs datasets pip install -qqU s3fs datasets CopyCopied! Next, enter your Storj S3 compatible access and secret key (see [Getting started](https://storj.dev/dcs/getting-started) ) from getpass import getpasskey = getpass('Enter Storj access key')secret = getpass('Enter Storj secret key')import s3fsstorage_options={"key":key, "secret":secret, "client_kwargs": {'endpoint_url':"https://gateway.storjshare.io"}}fs = s3fs.S3FileSystem(**storage_options) from getpass import getpasskey = getpass('Enter Storj access key')secret = getpass('Enter Storj secret key')import s3fsstorage_options={"key":key, "secret":secret, "client_kwargs": {'endpoint_url':"https://gateway.storjshare.io"}}fs = s3fs.S3FileSystem(**storage_options) CopyCopied! Create a bucket (see [Create buckets](https://storj.dev/dcs/buckets/create-buckets) ) from the dataset to be stored in. In this walk-through, the bucket will be called `my-dataset-bucket`. [Transfer the existing Hugging Face dataset to Storj](https://storj.dev/dcs/third-party-tools/hugging-face#transfer-the-existing-hugging-face-dataset-to-storj) ---------------------------------------------------------------------------------------------------------------------------------------------------------------- If your dataset is already on [Hugging Face Hub](https://huggingface.co/datasets) , you can use the [load\_dataset\_builder](https://huggingface.co/docs/datasets/v2.8.0/en/package_reference/loading_methods#datasets.load_dataset_builder) function to download and transfer it to Storj. It'll first download raw datasets to your specified `cache_dir`, then prepare it to uploaded to Storj using the `storage_options` defined previously. Here we transfer the dataset [imdb](https://huggingface.co/datasets/imdb) to Storj. from datasets import load_dataset_builderbuilder = load_dataset_builder("imdb")output_dir = "s3://my-dataset-bucket/imdb"builder = load_dataset_builder("imdb")builder.download_and_prepare(output_dir, storage_options=storage_options, file_format="parquet") from datasets import load_dataset_builderbuilder = load_dataset_builder("imdb")output_dir = "s3://my-dataset-bucket/imdb"builder = load_dataset_builder("imdb")builder.download_and_prepare(output_dir, storage_options=storage_options, file_format="parquet") CopyCopied! [Save the dataset to Storj](https://storj.dev/dcs/third-party-tools/hugging-face#save-the-dataset-to-storj) ------------------------------------------------------------------------------------------------------------ Once you've [encoded a dataset](https://huggingface.co/docs/datasets/index) , you can persist it using the `save_to_disk` method. encoded_dataset.save_to_disk("s3://my-dataset-bucket/imdb/train", storage_options=storage_options) encoded_dataset.save_to_disk("s3://my-dataset-bucket/imdb/train", storage_options=storage_options) CopyCopied! [Load dataset from Storj](https://storj.dev/dcs/third-party-tools/hugging-face#load-dataset-from-storj) -------------------------------------------------------------------------------------------------------- Use the `load_from_disk` method so you can download your datasets. from datasets import load_from_disk# load encoded_dataset from cloud storagedataset = load_from_disk("s3://my-dataset-bucket/imdb/train", storage_options=storage_options)print(len(dataset)) from datasets import load_from_disk# load encoded_dataset from cloud storagedataset = load_from_disk("s3://my-dataset-bucket/imdb/train", storage_options=storage_options)print(len(dataset)) CopyCopied! Previous [HashBackup](https://storj.dev/dcs/third-party-tools/hashbackup) Next [iconik](https://storj.dev/dcs/third-party-tools/iconik) --- # Guidelines for Integrating HashBackup with Storj - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/hashbackup#introduction) -------------------------------------------------------------------------------- One of the most important things you can do to maintain the integrity and accessibility of your files is to routinely perform backups. Data backups are a familiar concept for many, allowing for efficient recovery from lost or damaged files. The best way to benefit from data backups is to do them regularly. However, frequent backups can quickly start requiring significant storage space. This is especially true for long-term backups. They also create copies of your files, which must be securely protected just as much as with your current live files. These are some of the problems that [HashBackup](https://www.hashbackup.com/hashbackup/overview.html) tries to solve. HashBackup addresses the issues of security and storage by not only encrypting backups but also compressing them. This approach offers an efficient, reliable solution for performing backups regularly which doesn't need compromise due to storage or compute limitations. The benefits of HashBackup can be enhanced with the supplemental storage and accessibility offered by Storj. This document will describe how to configure Storj as a backup destination for HashBackup. [Running HashBackup with Storj as a Destination](https://storj.dev/dcs/third-party-tools/hashbackup#running-hash-backup-with-storj-as-a-destination) ----------------------------------------------------------------------------------------------------------------------------------------------------- While HashBackup compresses backups to limit the storage requirements necessary for local storage, there are still use cases for backing up data externally to cloud services like Storj. For example, the decentralized network of Storj nodes increases availability and security when accessing your backups. HashBackup allows the configuration of additional storage destinations through a `dest.conf` file which contains information about the destination and access keys to upload data. Before that, however, you must first ensure that HashBackup is properly installed to perform local backups. To install HashBackup on your local system, follow these steps [as shown in the HashBackup docs](https://www.hashbackup.com/hashbackup/quickstart.html) : 1. Download and extract the `hb` installer binary for your system architecture from the [HashBackup Downloads page](https://www.hashbackup.com/hashbackup/download.html) 2. Run the binary with `./hb` to install HashBackup 3. Move the `hb` binary to your local search path (on Linux, `sudo mv hb /usr/local/bin/`) Now, we must create a bucket in Storj that will hold the backup data uploaded by HashBackup. While doing this, it will be important to also create access keys for the bucket which can be used by HashBackup to securely access the Storj bucket. 1. Follow [S3 Credentials](https://storj.dev/dcs/api/s3/credentials) to get an **Access Key**, **Secret Key**, and **End Point**. Keep them in a safe location as these will be used later to authenticate HashBackup with Storj. Now it is time to create the local backup directory with HashBackup. This step will initialize a local HashBackup folder which could normally be used to maintain encrypted backups on your personal machine. However, we will provide the additional configuration necessary to enable remote backups with Storj. 1. Create a backup directory with `hb init -c backup` (this creates a folder called `backup` which will hold all of your backup config settings) 2. Create a file called `dest.conf` within the `backup` directory The `dest.conf` file will hold all of the external configuration details as listed in the [HashBackup S3 Destination docs](https://www.hashbackup.com/hashbackup/destinations/s3.html) . For Storj, this file should look as follows: destname storjtype s3host partsize 64msecureaccesskey secretkey bucket destname storjtype s3host partsize 64msecureaccesskey secretkey bucket CopyCopied! This file contains a few key definitions: * **destname**: this is the destination name which will be referred to by HashBackup * **type**: should be set to **"s3"** for Storj * **host**: this points to the gateway endpoint created with our S3 gateway access credentials, for example **"gateway.us1.storjshare.io"**. * **partsize**: Storj processes files in 64MB segments, so declaring this value here (as **"64m"**) optimizes backups to work with Storj * **accesskey**: this is the **Access Key** saved from earlier when creating the S3 gateway credentials for our access grant * **secretkey**: this is the **Secret Key** from earlier * **bucket**: the name of the bucket in Storj, for example **"hashbackup"** With HashBackup now configured to send remote backups to Storj, any new files that are backed up will create a local copy as well as a remote copy. For example, running the following command will back up a local directory called `data` both in the local `backup` folder as well as in the `hashbackup` Storj bucket we just configured: hb backup -c backup data hb backup -c backup data CopyCopied! If the local backup is lost, damaged, or pruned but later needed, the remote backup can be recovered from Storj following the standard [destination recovery steps documented on HashBackup's website](https://www.hashbackup.com/hashbackup/quickstart.html#_recover) . ### [Conclusion](https://storj.dev/dcs/third-party-tools/hashbackup#conclusion) Storj offers an excellent option for decentralized, distributed, cloud-based file storage. With a global distribution of network nodes and inherently secure decentralized access, Storj is a great platform for hosting files and data. These same benefits extend to backups of data, which is where an automated tool like HashBackup can combine with Storj to ensure that your files are always accessible locally. In this article, we showed how to do just that by installing HashBackup and configuring it to use Storj as a remote destination. Now, the power of encrypted and compressed backups are able to be hosted on the distributed Storj platform, with all of the benefits that brings. Previous [Hammerspace](https://storj.dev/dcs/third-party-tools/hammerspace) Next [Hugging Face](https://storj.dev/dcs/third-party-tools/hugging-face) --- # Configuring PixelFed with Storj - Storj Docs We have a webinar walking you through it, but you can also refer to the steps below: The things you need here are: * A Storj bucket * S3 compatible credentials * Linksharing credentials for public access Because of the linksharing credentials part, the easiest way to generate all of the things you need is through our uplink CLI. After downloading and installing the [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) (so that `ls`, `mb`, `cp`, etc work), you can use the following steps: uplink mb sj://pixelfed uplink mb sj://pixelfed CopyCopied! In subsequent steps it'll be referred to as `BUCKET`. To generate S3 compatible credentials `Access Key ID` and `Secret Key`, run uplink share --register --readonly=false --not-after=none sj://BUCKET uplink share --register --readonly=false --not-after=none sj://BUCKET CopyCopied! Along with the credientials, the output will have the AWS endpoint you'll need to set which is [https://gateway.storjshare.io](https://gateway.storjshare.io/) . Storj doesn’t have the same sort of concept of public buckets that S3 has. We support public access, but it’s able to be more fine-grained than at the bucket level. To generate `LINKSHARINGKEY` you can do uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET CopyCopied! You’ll get a Browser URL, but the URL is not quite right. It will be of the form `https://link.storjshare.io/s/LINKSHARINGKEY/BUCKET/`. To make the content embeddable, swap the `/s/` for `/raw/`. This url should be used as the AWS alias host or AWS url. In the [PixelFed environment](https://docs.pixelfed.org/running-pixelfed/installation/#configure-environment-variables) , we'll use this url for `AWS_URL`. Set `PF_ENABLE_CLOUD=true` and `FILESYSTEM_DRIVER=s3` Your PixelFed S3 Configuration will look like this PF_ENABLE_CLOUD=trueFILESYSTEM_DRIVER=s3FILESYSTEM_CLOUD=s3AWS_ACCESS_KEY_ID=ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY=SECRET_KEYAWS_DEFAULT_REGION=globalAWS_BUCKET=BUCKETAWS_URL=https://link.storjshare.io/raw/LINKSHARINGKEY/BUCKETAWS_ENDPOINT=https://gateway.storjshare.io#AWS_USE_PATH_STYLE_ENDPOINT=false PF_ENABLE_CLOUD=trueFILESYSTEM_DRIVER=s3FILESYSTEM_CLOUD=s3AWS_ACCESS_KEY_ID=ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY=SECRET_KEYAWS_DEFAULT_REGION=globalAWS_BUCKET=BUCKETAWS_URL=https://link.storjshare.io/raw/LINKSHARINGKEY/BUCKETAWS_ENDPOINT=https://gateway.storjshare.io#AWS_USE_PATH_STYLE_ENDPOINT=false CopyCopied! Reload config and restart PixelFed services sudo php artisan config:cachesudo systemctl restart pixelfed nginx php8.1-fpm.service sudo php artisan config:cachesudo systemctl restart pixelfed nginx php8.1-fpm.service CopyCopied! Previous [Photos+](https://storj.dev/dcs/third-party-tools/photos-plus) Next [Plex](https://storj.dev/dcs/third-party-tools/plex) --- # Can we use an exchange as a wallet for STORJ tokens? - Storj Docs It is very important to note that an exchange address is not a valid address unless it is of the type that enables you to hold the private key yourself (decentralized exchange). See article [How do I hold STORJ? What is a valid address or compatible wallet?](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) If you specify an exchange address where you do not hold the private keys as your payout address, and also opt-in for [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) , it will be impossible to withdraw tokens from L2 (zkSync) to L1 (Ethereum) if this exchange does not yet provide support for zkSync. In most cases, you do not control the private keys from the deposit address of the centralized exchanges, so all the funds in such an account are under the exclusive control of the exchange. This means that they can decide whether they will allow you to access any tokens you deposit there or not. Since the deposit address is disposable, the exchange could also change it at any time without further notice, thus funds sent to an old deposit address after such a change could be lost. Most of the exchanges use a separate deposit addresses for every token and if you send STORJ to the Ethereum deposit address for example, they could be lost. Exchanges post warnings about this on their deposit addresses so you may have no recourse if you ignore the warning and deposit STORJ to the wrong exchange deposit address anyway. If you are a EU resident, you will be eligible to confirm the source address of funds due to MiCA changes, due to this mandatory requirement it's not possible for you to use the exchange address as your wallet address in the node's configuration at all, see the [relarted thread](https://forum.storj.io/t/getting-payed-to-kraken-address-with-mica/30295) on the forum. We will not be able to assist to recover STORJ tokens if you have any problems with an exchange; in order to recover tokens, you will have to file a support ticket directly with the help desk of the exchange in question. Previous [Can Storj use a different blockchain for payments?](https://storj.dev/node/faq/can-storj-use-other-blockchain) Next [Graceful Exit Guide](https://storj.dev/node/faq/graceful-exit-guide) --- # Integrating Mastodon with Storj: A Comprehensive Guide - Storj Docs We have a webinar walking you through it, but you can also refer to the steps below: [https://youtu.be/2OFB1fKoQss?t=14](https://youtu.be/2OFB1fKoQss?t=14) The following instructions have been tested with Mastodon 4.0.2. The things you need here are: * A Storj bucket * S3 compatible credentials (access key and secret key) * Linksharing credentials for public access Because of the linksharing credentials part, the easiest way to generate all of the things you need is through our uplink CLI. After downloading and installing the [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) (so that `ls`, `mb`, `cp`, etc work), you can use the following steps: To make a bucket, you can choose the bucketname, like `mastodon`, and do uplink mb sj://mastodon uplink mb sj://mastodon CopyCopied! In subsequent steps it'll be referred to as `BUCKET`. To generate S3 compatible credentials `Access Key ID` and `Secret Key`, run uplink share --register --readonly=false --not-after=none sj://BUCKET uplink share --register --readonly=false --not-after=none sj://BUCKET CopyCopied! Along with the credientials, the output will have the AWS endpoint you'll need to set which is [https://gateway.storjshare.io](https://gateway.storjshare.io/) . Storj doesn’t have the same sort of concept of public buckets that S3 has. We support public access, but it’s able to be more fine-grained than at the bucket level. To generate `LINKSHARINGKEY` you can do uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET uplink share --url --readonly --disallow-lists --not-after=none sj://BUCKET CopyCopied! You’ll get a Browser URL, but the URL is not quite right. It will be of the form `https://link.storjshare.io/s/LINKSHARINGKEY/BUCKET/`. To make the content embeddable, swap the `/s/` for `/raw/`. This url should be used as the AWS alias host or AWS url. For Mastodon to use this url we'll need to set the `S3_ALIAS_HOST` setting (which seems to support path prefixes crammed in there as well). Note the lack of `https://` and the lack of trailing slash below. Once you have these things, you should be able to plop this configuration in to your Mastodon’s `.env.production` configuration and you should be all set. S3_ENABLED=trueS3_PROTOCOL=httpsS3_REGION=globalS3_ENDPOINT=https://gateway.storjshare.ioS3_HOSTNAME=gateway.storjshare.ioS3_BUCKET=BUCKETS3_ALIAS_HOST=link.storjshare.io/raw/LINKSHARINGKEY/BUCKETAWS_ACCESS_KEY_ID=ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY=SECRET_KEY S3_ENABLED=trueS3_PROTOCOL=httpsS3_REGION=globalS3_ENDPOINT=https://gateway.storjshare.ioS3_HOSTNAME=gateway.storjshare.ioS3_BUCKET=BUCKETS3_ALIAS_HOST=link.storjshare.io/raw/LINKSHARINGKEY/BUCKETAWS_ACCESS_KEY_ID=ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY=SECRET_KEY CopyCopied! If you’re doing the `rake mastodon:setup` wizard and Storj isn't listed, choosing `Minio` as your object storage provider and telling it you do want to access the uploaded files from your own domain should allow you to set the same settings in the setup wizard. Of course, these instructions mean all your media will be served from [link.storjshare.io](http://link.storjshare.io/) , and maybe you don’t like that. You can always follow [our instructions for sharing a bucket via DNS settings for your own domain name](https://storj.dev/dcs/code/static-site-hosting) . If you do that, you’d replace `S3_ALIAS_HOST` with your domain name backed by Storj. Previous [LucidLink Filespace](https://storj.dev/dcs/third-party-tools/lucidlink) Next [MASV](https://storj.dev/dcs/third-party-tools/MASV) --- # Managing Files using S3 Browser with Storj - Storj Docs [Simplify File Management with S3 Browser and Storj](https://storj.dev/dcs/third-party-tools/s3-browser#simplify-file-management-with-s3-browser-and-storj) ------------------------------------------------------------------------------------------------------------------------------------------------------------ S3 Browser is a Windows-based client that provides simple and reliable file management for AWS S3 storage and [AWS S3 compatible storage such as Storj](https://www.storj.io/blog/what-is-s3-compatibility) . Via the intuitive web file management interface, users can store and retrieve files from their Storj bucket anytime and anywhere. While S3 Browser is free for personal use, users who wish to utilize the S3 Browser in commercial, business, government, or military institutions, or for any other profit activity, must purchase a pro license. Keep in mind that to get the best performance in using S3 Browser to manage your Storj buckets, you’ll want to apply some additional configurations to your S3 Browser instance. S3 Browser can be configured to download large files via multiple parallel threads. By default, S3 Browsers will download everything using 5MB chunks, whereas, you have the configuration option to increase that download size to 64MB, the segment size for Storj. We suggest configuring your S3 Bucket instance to **_Enable Multipart downloads with part size (in megabytes)_** of 64. You can find more on configuring this option [here](https://s3browser.com/multipart-downloads.aspx) . One license allows you to install one instance of S3 Browser on a single computer. Your license can be transferred if you change your PC. The license is a lifetime license and includes one year of free upgrades and support. Users are also limited to two accounts added within the free version of S3 Browser. [Downloading S3 Browser](https://storj.dev/dcs/third-party-tools/s3-browser#downloading-s3-browser) ---------------------------------------------------------------------------------------------------- [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/imHgm4QwRRec0sKL2Z-yx_pasted-image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/imHgm4QwRRec0sKL2Z-yx_pasted-image-0.png) As noted, S3 Browser is only available for Windows, supporting **Windows XP/Vista/7/8/10/11 and Windows Server 2003/2008/2012/2016/2019/2022.** Users can download the S3 Browser client by navigating to the S3 Browser homepage at [https://s3browser.com/](https://s3browser.com/) and selecting the _Download Now_ icon, or at [https://s3browser.com/download.aspx](https://s3browser.com/download.aspx) . Some stats for the S3 Browser Download: **S3 Browser Version** 10.3.1 **Size of file**: 5.37 MB (5 631 160 bytes) **SHA256**: 0b813e6f4d5cc9d2898fd9045f577d0f5e750dd960408abf3894b447033143e2 **Operating System**: Windows XP/Vista/7/8/10/11 and Windows Server 2003/2008/2012/2016/2019/2022 There is no option to download S3 Browser via CLI ### [Generate Credentials to the Gateway MT](https://storj.dev/dcs/third-party-tools/s3-browser#generate-credentials-to-the-gateway-mt) Users interested in accessing their Storj bucket(s) via S3 Browser can do so via the hosted AWS multitenant gateway known as Gateway MT. This backward-compatible hosted gateway is one of the most versatile ways to get up and running with Storj when using platforms such as S3 Browser or other file manager platforms that support Storj. **Gateway MT offers the following:** * Encryption, erasure coding, and upload to nodes occur server side * Supports parallelism for upload and multi transfer for download * A 1GB upload will result in 1GB of data being uploaded to storage nodes across the network based on the S3 standard **Navigate to the Access** page within your project and then click on **Create S3 Credentials**. A modal window will pop up where you should enter a name for this access grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/U_P56dlNYzj-p7I4Ubsvj_rclone1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/U_P56dlNYzj-p7I4Ubsvj_rclone1.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xTdExe6AA-ZbmJWOqNmSf_rclone2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xTdExe6AA-ZbmJWOqNmSf_rclone2.png) **Assign the permissions** you want this access grant to have, then click on **Encrypt My Access**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/m_NwIW3B7Rx5xOL1zRAwz_rclone3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/m_NwIW3B7Rx5xOL1zRAwz_rclone3.png) **Enter the Encryption Passphrase** you used for your other access grants. If this is your first access grant, we strongly encourage you to use a mnemonic phrase as your encryption passphrase. (The GUI automatically generates one on the client-side for you) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JrZT5rCAHWkwTWMy-iJzE_rclone4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JrZT5rCAHWkwTWMy-iJzE_rclone4.png) Click either on the **Copy to clipboard** link or **Download .txt** and then confirm that you copied your Encryption Phrase to a safe place. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1tsIfAbcVWQWViVWNSYF1_rclone5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1tsIfAbcVWQWViVWNSYF1_rclone5.png) Click the **Create my Access** link to finish generating of S3 credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/m4gl1YLwvpUBQ0DTu6mQe_rclone6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/m4gl1YLwvpUBQ0DTu6mQe_rclone6.png) Copy your **Access Key**, **Secret Key**, and **Endpoint** to a safe location or download them. We’ll be using this shortly! Storj does not know or store your encryption passphrase. However, if you are still reluctant to enter your passphrase into our web application, that’s completely understandable, and you should select **Continue in CLI** and follow [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) ### [Configuring Storj + S3 Browser](https://storj.dev/dcs/third-party-tools/s3-browser#configuring-storj-s3-browser) Now that your S3 Browser client is downloaded and installed and you’ve generated and saved your S3 Gateway Credentials, it’s time to configure S3 Browser to interface with your Storj bucket. Select the **Accounts** menu item at the top left of the S3 Browser client. Select **Add New Account**. Add any name to your account in the **Display Name** selection. In the dropdown menu titled **Account type** select **S3 Compatible Storage**. In the **REST Endpoint** section enter the **S3 Gateway Credentials End Point** without `https://` and trailing `/`. In the **Access Key ID** section enter the **S3 Gateway Credentials Access Key**. In the **Secret Access Key** section enter the **S3 Gateway Credentials Secret Key**. Optionally, you’ll be able to protect your Access Keys with a master password by selecting the **Encrypt Access Keys with a Password** checkbox. Check the box **Use secure transfer (SSL/TSL)** to secure all transfers via (SSL/TLS). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/floRrJHtKxYJNVPKRL2Cl_s3browser.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/floRrJHtKxYJNVPKRL2Cl_s3browser.png) Finallly, hit **Connect**. If you’ve added in your S3 Gateway Credentials properly, you’ll see the following: ### [Uploading Files to Storj Through S3 Browser](https://storj.dev/dcs/third-party-tools/s3-browser#uploading-files-to-storj-through-s3-browser) Within the S3 Browser, you’ll be able to upload files directly to your Storj bucket once you’ve effectively tied in StorJ to S3 Browser. Start by selecting which Storj bucket you wish to upload data into by selecting the bucket at the top left. Once you’ve selected your bucket, select the **Upload** icon. Here, you’ll be prompted to select whether you’d like to **upload file(s)** or **upload folder(s)**. Following a selection of **upload file(s)** or **upload folder(s)** you’ll be prompted with a file navigator to select the file or folder you wish to upload. ### [Downloading Files From Storj Through S3 Browser](https://storj.dev/dcs/third-party-tools/s3-browser#downloading-files-from-storj-through-s3-browser) Within the S3 Browser, you’ll be able to download files directly from your Storj bucket once you’ve effectively tied in StorJ to S3 Browser. Start by selecting which Storj bucket you wish to download data from by selecting the bucket at the top left. Once you’ve selected your bucket, select the **Download** icon. Here, you’ll be prompted to select whether you’d like to **download file(s)** or **download folder(s)** Following a selection of **download file(s)** or **download folder(s)** you’ll be prompted with a file navigator to select the file or folder you wish to download. Previous [Rucio](https://storj.dev/dcs/third-party-tools/rucio) Next [s3fs](https://storj.dev/dcs/third-party-tools/s3fs) --- # Guide for Rubrik Integration - Storj Docs [Integration](https://storj.dev/dcs/third-party-tools/rubrik#integration) -------------------------------------------------------------------------- To integrate Storj with Rubrik, you will need to create S3 credentials in Storj and add them within Rubrik. ### [Requirements](https://storj.dev/dcs/third-party-tools/rubrik#requirements) * An active Storj account * A bucket for use with Rubrik in your Storj instance * An active Rubrik Security Cloud (RSC) account and installation * * * ### [Create an Account](https://storj.dev/dcs/third-party-tools/rubrik#create-an-account) To begin, you will need to create a Storj account. Navigate to [https://www.storj.io/signup?partner=rubrik](https://www.storj.io/signup?partner=rubrik)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/rubrik#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1. Navigate to **Browse** on the left side menu. 2. Click on the **New Bucket** button. 3. Assign the bucket an easily identifiable name, such as "my-bucket". 4. Optional: Enable Object Lock (required for immutability in many applications). * If you enable Object Lock, you can also set a default retention period using either Governance or Compliance Mode 5. Optional: Enable Object Versioning (note that this will be enabled by default if Object Lock is enabled) 6. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/rubrik#generate-s3-credentials) Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/third-party-tools/rubrik#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | * * * [Connecting Rubrik to Storj](https://storj.dev/dcs/third-party-tools/rubrik#connecting-rubrik-to-storj) -------------------------------------------------------------------------------------------------------- ### [Cloud Credentials Configuration](https://storj.dev/dcs/third-party-tools/rubrik#cloud-credentials-configuration) 1. Log into your Rubrik Security Cloud (RSC) Account: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image1.png) 2. Go to **Settings**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image3.png) 3. Go to the **Archival & Storage** dropdown and select **Data Center Archival Locations**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image2.png) 4. In **Create Archival Location**, select **Object Store (S3 Compatible)** and hit **Next**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image5.png) 5. In **Select object store vendor**, select **Amazon S3 compatible** and hit **Next**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image4.png) 6. Enter **Storage Information** and follow steps to add Archival Location: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image7.png) 7. Verify Archival **Status**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image6.png) 8. Create or Edit SLA and turn **Archiving** to On: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image9.jpg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image9.jpg) 9. Select your Storj **Archival Location**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image8.png) 10. Select **Archiving Policy**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image12.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image12.png) 11. Assign SLA to VMs; Hosts; etc. and begin backup snapshots and archiving. You can view the **Events** tab in RSC to monitor backup snapshots and archiving. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image10.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image10.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image11.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image11.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image13.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image13.png) ### [Confirming backups via the Storj.io website](https://storj.dev/dcs/third-party-tools/rubrik#confirming-backups-via-the-storj-io-website) 1. Once the backup snapshot indexing and Ransomware Threat Monitoring analysis (if enabled) are completed in RSC (you can view them in the events tab), Storj should look like this: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image14.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image14.png) 2. Everything is immutable and encrypted from within Rubrik: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image15.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rubrik/image15.png) Previous [Restic](https://storj.dev/dcs/third-party-tools/restic) Next [Rucio](https://storj.dev/dcs/third-party-tools/rucio) --- # Guide to Integrating iconik with Storj - Storj Docs [iconik](https://www.iconik.io/) is a cloud media management and collaboration software that gathers and organizes media from multiple storage locations. iconik has powerful features that allow users to find, share, and collaborate on media from anywhere in the world. iconik is web-based and runs in the cloud, using its iconik Storage Gateway (ISG) to manage and track files while allowing users to bring their own storage. [Advantages of iconik with Storj](https://storj.dev/dcs/third-party-tools/iconik#advantages-of-iconik-with-storj) ------------------------------------------------------------------------------------------------------------------ iconik is easy to use and intuitive with a clean and intuitive platform. It organizes your media by making it searchable. 1. **Edit, manage, and collaborate on files in a feature-rich environment.** Storj integration with iconik allows multiple users from different locations to view and edit your files on Storj simultaneously. Even parties who do not use iconik can be invited to collaborate on documents in iconik. iconik also provides fine control of data sharing, allowing you to remove shares and add a time limit on shares. 2. **Aggregates files from multiple cloud storages.** If Storj is only one part of your storage solution, iconik makes it easy to aggregate your files from multiple storage providers. 3. **Cost Savings.** Adds editing and sharing features to your Storj data, creating feature-rich storage and while maintaining low costs for the storage itself. [Integration](https://storj.dev/dcs/third-party-tools/iconik#integration) -------------------------------------------------------------------------- To integrate Storj storage with iconik, you will mount your cloud storage in iconik's Admin section using S3 credentials. iconik integrates with any S3-compatible cloud storage platform. To complete the integration, you will need: * A Storj account - sign up here [https://storj.io/signup?partner=iconik](https://storj.io/signup?partner=iconik)  or go to [https://storj.io/login](https://storj.io/login) if you already have an account. * An iconik account. iconik is compatible with Windows, Mac, and Linux OS. To request a trial, visit [https://www.iconik.io/trial](https://www.iconik.io/trial) . * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/iconik#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup?partner=iconik](https://storj.io/signup?partner=iconik)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/iconik#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/iconik#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Integrating iconik with Storj](https://storj.dev/dcs/third-party-tools/iconik#integrating-iconik-with-storj) -------------------------------------------------------------------------------------------------------------- To complete the integration, you will need the S3 credentials created in the previous steps and access to an iconik account. ### [iconik Access](https://storj.dev/dcs/third-party-tools/iconik#iconik-access) To sign in to your iconik account, visit [https://iconik.io/](https://app.iconik.io/) and click Sign In. This takes you to [https://app.iconik.io/](https://app.iconik.io/) from where you can enter your credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W_L58KzUqW4fiZ9RTNCul_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W_L58KzUqW4fiZ9RTNCul_image.png) If you do not have an iconik account, you must request a trial by clicking Request Trial on the home page or filling out the contact form at [https://www.iconik.io/trial.](https://www.iconik.io/trial) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6fx_6jRseVAUIazaaTp9l_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6fx_6jRseVAUIazaaTp9l_image.png) ### [Add New Storage in iconik](https://storj.dev/dcs/third-party-tools/iconik#add-new-storage-in-iconik) 1\. From the iconik app landing page, click on ADMIN in the top navigation bar. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rhokM20s1IZ30eoBgNcRQ_admin1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rhokM20s1IZ30eoBgNcRQ_admin1.png) 2\. From the left-hand menu, select the brown Storages icon, which appears as a file storage unit. This will take you to the Storages section, where all connected storages are listed. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b8sCXzCaADRieY9JWLLrd_storage.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b8sCXzCaADRieY9JWLLrd_storage.png) 3\. From the Storages section, click + NEW STORAGE in the upper right corner. This brings up a pop-up screen. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8Bnk1Igu6MRrQkNTjifqu_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8Bnk1Igu6MRrQkNTjifqu_image.png) 4\. In the pop-up screen, you will enter all of the relevant information about your storage, including the S3 credentials you have saved from the previous section of this tutorial. Fill out the fields as directed below: 1. **Name**: What you will call this storage in the iconik app. For example, "storj-bucket". 2. **Description**: An optional brief description of your storage space. 3. **Storage Purpose**: Select the purpose of this storage space from the drop-down. For instance, if it is primarily an archive destination, select Archive. If it will contain working files, select Files. 4. **Storage Type**: Select **Amazon S3**. This is the option for all S3-compatible cloud storage. 5. **Access Key**: Enter the access key from the S3 credentials you generated in Storj. 6. **Secret Key**: Enter the secret key from the S3 credentials you generated in Storj. 7. **Bucket**: Enter the name of the bucket you want iconik to access in Storj. In this case, the bucket is the "iconik" bucket you created earlier. 8. **Path**: The root path of your cloud storage. Normally left empty. 9. **Region**: Your region. For example, "us-east-1". 10. **Endpoint**: iconik sets the default to the AWS endpoint, but any S3 compatible storage will work. Put the Storj corresponding http(s)-endpoint here, https://gateway.storjshare.io 11. **Use Acceleration**: This feature only applies to AWS storage and should be ignored. 12. **Enable any of the following file permissions to your files if desired**: 1. Add unique ID to the filenames 2. Read 3. Write 4. Delete 5. Enable Scan 6. **Scan Directories**: add directories to scan in this field. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DWaqqDnHgbuHdNElutGWI_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DWaqqDnHgbuHdNElutGWI_image.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Qhrfg0CwjPsUWgY3IyNyj_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Qhrfg0CwjPsUWgY3IyNyj_image.png) 5\. Click OK at the bottom of the pop-up screen. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/y1zwlwVrJ2KNYFnf4D405_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/y1zwlwVrJ2KNYFnf4D405_image.png) [Success!](https://storj.dev/dcs/third-party-tools/iconik#success) ------------------------------------------------------------------- ### [Confirmation of Success](https://storj.dev/dcs/third-party-tools/iconik#confirmation-of-success) A pop-up window confirms that your storage was created successfully with a green checkmark next to "Access credentials" and "Permissions on the storage". Click **Close** to exit, or **Edit** to make changes to your storage credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/L6UuZmhowWvbhmmezzb5F_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/L6UuZmhowWvbhmmezzb5F_image.png) ### [Editing Your Storage](https://storj.dev/dcs/third-party-tools/iconik#editing-your-storage) Clicking **Edit** takes you to the general settings page for the storage. From there, you can make any changes to the credentials and permissions you initially set. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/G9C1f9lpZDfLzCQUYVjja_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/G9C1f9lpZDfLzCQUYVjja_image.png) Returning to the **_Storages_** section, you will see the new storage listed. Clicking on the storage row also takes you to the general settings page of that storage. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/masloLmwj8xPFE5-K-eCV_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/masloLmwj8xPFE5-K-eCV_image.png) ### [Testing your Storj storage in iconik](https://storj.dev/dcs/third-party-tools/iconik#testing-your-storj-storage-in-iconik) All storage files are accessible from the main page of the iconik app. When you add files to your iconik bucket in Storj, they become available in iconik's web app. If using [iconik Agent](https://www.iconik.io/agent) or [iconik Storage Gateway](https://app.iconik.io/help/pages/isg/) , you may benefit from optimizing your configuration for Storj. * In iconik Storage Gateway, set `upload-chunk-size = 67108864`. Consider adjusting `file-upload-parallel-uploads-num` and `file-upload-parallel-uploads-threads-num` for optimal performance. See [ISG Advanced Options](https://app.iconik.io/help/pages/isg/advanced_options) for more information. * In iconik Agent, set `"chunkSize": 67108864`. Consider adjusting `numConcurrentChunks` and `numConcurrentUploads` for optimal performance. See [Configuring iconik Agent](https://app.iconik.io/help/pages/agent/configuration) for more information. Previous [Hugging Face](https://storj.dev/dcs/third-party-tools/hugging-face) Next [Kerberos Vault](https://storj.dev/dcs/third-party-tools/kerberos-vault) --- # Integration guide for connecting Storj to oCIS - Storj Docs [Integration guide for connecting Storj to oCIS](https://storj.dev/dcs/third-party-tools/ocis#integration-guide-for-connecting-storj-to-o-cis) ----------------------------------------------------------------------------------------------------------------------------------------------- oCIS, or ownCloud Infinite Scale, is a cutting-edge technology platform for building cloud-native file sync and share applications. oCIS is designed with modularity, scalability, and extensibility in mind, providing the foundation for reliable, enterprise-ready digital workspaces. For more information, visit [www.owncloud.com](http://www.owncloud.com/) [Advantages of oCIS with Storj](https://storj.dev/dcs/third-party-tools/ocis#advantages-of-o-cis-with-storj) ------------------------------------------------------------------------------------------------------------- The integration of oCIS and Storj brings an effective solution for handling cloud storage at a competitive cost. oCIS, being a highly extensible platform for file sharing and storage, integrates perfectly with the S3-compatible storage infrastructure of Storj. With Storj's advanced security features, users can be assured that their data managed on oCIS is safe and secure. oCIS also facilitates metadata archiving, making it effortless to handle and access large datasets. Moreover, the capabilities of manual and automatic archiving can further optimize storage costs. [Integration](https://storj.dev/dcs/third-party-tools/ocis#integration) ------------------------------------------------------------------------ The integration between Storj and oCIS is accomplished through the S3 protocol, enabling oCIS to read and write backup data directly to and from the Storj network. Users can configure oCIS to use Storj as the storage destination for their files. To integrate oCIS with Storj, you will need: * An active Storj account. * A bucket designated for oCIS in your Storj account. * Storj S3 compatible credentials. * An oCIS instance. * Access to the oCIS server for configuration and management. For more details, visit [https://owncloud.dev/](https://owncloud.dev/) * * * [Create a Storj Account](https://storj.dev/dcs/third-party-tools/ocis#create-a-storj-account) ---------------------------------------------------------------------------------------------- To begin, you will need to create a Storj account [https://storj.io/signup?partner=owncloud.](https://storj.io/signup?partner=owncloud) If you already have an account, go to [https://storj.io/login](https://storj.io/login) . ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/ocis#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/ocis#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) [Connecting to Storj via oCIS S3NG](https://storj.dev/dcs/third-party-tools/ocis#connecting-to-storj-via-o-cis-s3-ng) ---------------------------------------------------------------------------------------------------------------------- S3NG, or S3-Next Generation, is a storage driver for oCIS, the latest iteration of the ownCloud platform. This technology allows oCIS to interact seamlessly with S3-compatible storage services like Storj. To set up the environment variables required for oCIS to interact with S3-compatible storage through the S3NG driver, you would need to configure the following settings: 1. **STORAGE\_USERS\_DRIVER=s3ng**: This instructs oCIS to use the S3NG storage driver, enabling compatibility with S3-based storage systems like Storj. 2. **STORAGE\_SYSTEM\_DRIVER=ocis**: This retains system data on oCIS storage, as it's currently handling only small files. Then, you have to configure the S3NG specific settings: * **STORAGE\_USERS\_S3NG\_ENDPOINT**: This sets the endpoint that oCIS will connect to, in this case, the Storj gateway. * **STORAGE\_USERS\_S3NG\_REGION**: This specifies the Storj region, which in this instance is set as 'global'. * **STORAGE\_USERS\_S3NG\_ACCESS\_KEY**: This sets the access key for the Storj service created above. * **STORAGE\_USERS\_S3NG\_SECRET\_KEY**: This sets the secret key for the Storj service created above. This should be kept secure as it, along with the access key, allows access to your Storj account. * **STORAGE\_USERS\_S3NG\_BUCKET**: This sets the bucket in the Storj service where oCIS will store its data. # activate s3ng storage driverSTORAGE_USERS_DRIVER=s3ngSTORAGE_SYSTEM_DRIVER=ocis # keep system data on ocis storage since this are only small files atm# s3ng specific settingsSTORAGE_USERS_S3NG_ENDPOINT=https://gateway.storjshare.ioSTORAGE_USERS_S3NG_REGION=globalSTORAGE_USERS_S3NG_ACCESS_KEY=access_key # REPLACE MESTORAGE_USERS_S3NG_SECRET_KEY=secret_key # REPLACE MESTORAGE_USERS_S3NG_BUCKET=my-bucket # REPLACE ME # activate s3ng storage driverSTORAGE_USERS_DRIVER=s3ngSTORAGE_SYSTEM_DRIVER=ocis # keep system data on ocis storage since this are only small files atm# s3ng specific settingsSTORAGE_USERS_S3NG_ENDPOINT=https://gateway.storjshare.ioSTORAGE_USERS_S3NG_REGION=globalSTORAGE_USERS_S3NG_ACCESS_KEY=access_key # REPLACE MESTORAGE_USERS_S3NG_SECRET_KEY=secret_key # REPLACE MESTORAGE_USERS_S3NG_BUCKET=my-bucket # REPLACE ME CopyCopied! For more information visit [https://owncloud.dev/services/storage-users/configuration/](https://owncloud.dev/services/storage-users/configuration/) Previous [NFT storage for OpenSea](https://storj.dev/dcs/third-party-tools/opensea) Next [Photos+](https://storj.dev/dcs/third-party-tools/photos-plus) --- # Guide for MSP360 Integration - Storj Docs MSP360 Managed Backup and from Cloudberry Labs is a cross-platform storage backup and disaster recovery solution designed for internal IT departments and managed service providers. It integrates with any S3-compatible cloud storage. For more information, visit [msp360.com](https://storj.dev/dcs/third-party-tools/msp360) , or sign up for a [free trial](https://www.msp360.com/managed-backup/) . [Advantages of MSP360 with Storj](https://storj.dev/dcs/third-party-tools/msp360#advantages-of-msp-360-with-storj) ------------------------------------------------------------------------------------------------------------------- * Outstanding security features, including immutability, or object lock, encryption, and 2-factor authentication. * The ability to save on costs by optimizing storage using the GFS retention policy. * A centralized SaaS control allows for simple management of backups. [Integration](https://storj.dev/dcs/third-party-tools/msp360#integration) -------------------------------------------------------------------------- MSP360 integrates with Storj cloud storage through the S3 protocol. To integrate MSP360 with Storj, you will need to create S3 credentials for MSP360 in Storj and pass them to the MSP360 managed backup server through the MSP360 web interface or SaaS control. ### [Requirements](https://storj.dev/dcs/third-party-tools/msp360#requirements) * An active Storj account * Navigate to [https://storj.io/signup?partner=MSP360](https://storj.io/signup?partner=MSP360)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. * A bucket for MSP360 in your Storj instance. * An MSP360 Managed Backup account. * Access to the MSP360 Web UI. If you do not have an MSP360 account already, you can request a demo from their [website](https://www.msp360.com/managed-backup/) . * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/msp360#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup](https://storj.io/signup)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/msp360#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/msp360#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Connecting MSP360 to Storj](https://storj.dev/dcs/third-party-tools/msp360#connecting-msp-360-to-storj) --------------------------------------------------------------------------------------------------------- ### [MSP360 Configuration](https://storj.dev/dcs/third-party-tools/msp360#msp-360-configuration) 1\. Either request a demo of MSP360 managed storage, or log into your MSP360 managed storage account, if you have one. 2\. In the MSP360 web UI, select **Storage > Storage Accounts** in the upper left hand corner. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Dm7rMhpnZUnKLuwuEYeTo_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Dm7rMhpnZUnKLuwuEYeTo_image.png) 3\. Select **Add Account** in the upper right. 4\. Choose "S3 Compatible" from the account options. Then select **Next**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4xr0yOvraam1-sCM8v0Dp_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/4xr0yOvraam1-sCM8v0Dp_image.png) 5\. Complete the required fields in the S3 Compatible connection window: 1. Under **Display Name**, enter something recognizable, such as "Storj". 2. Under **Access Key**, enter the access key from the S3 credentials you generated for MSP360 in Storj. 3. Under **Secret Key**, enter the secret key from the S3 credentials you generated for MSP360 in Storj. 4. Leave **Signature Version** at 4, if desired. 5. Check **Use Native Multipart Upload**, if desired. 6. Enter the HTTP endpoint, HTTPS endpoint, or both. This endpoint appears with the generated S3 credentials. 7. If desired, check the **Ignore certificate** checkbox. 8. If desired, check the **Do not check credentials** box. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/D1BDJtWFNk4hXu9JTz-pD_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/D1BDJtWFNk4hXu9JTz-pD_image.png) 6\. Select **Next.** 7\. Under **Create Backup Destination**, choose something memorable for the display name, such as "MSP360-Backup - Storj". 8\. Select **Show Advanced Settings**, and next to **Bucket**, select the **Select Existing** bubble. This pulls up the existing buckets in your Storj instance that have access to the S3 credentials for MSP360. 9\. Select the bucket(s) you would like to sync with MSP360. In this case, choose the "msp360-backup" bucket you created in Storj earlier. Then select **Next**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/odKIAmD9QuSWSW3zhzDOH_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/odKIAmD9QuSWSW3zhzDOH_image.png) 8\. Under **Assign To Company**, select **New Company**. Then select **Next**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VCOjTTtbBKtTzZ5e1sYyJ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/VCOjTTtbBKtTzZ5e1sYyJ_image.png) 9\. Preview the information in the preview window, then select **Save**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xhDhK10Al5YGpX_41WDNj_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xhDhK10Al5YGpX_41WDNj_image.png) 10\. Once the account is saved, you will be able to see it in the list of all connected accounts under **Storage Accounts**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/7mKOWJXq4MTNlXKPEgcyW_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/7mKOWJXq4MTNlXKPEgcyW_image.png) [](https://storj.dev/dcs/third-party-tools/msp360#) ---------------------------------------------------- Previous [Mountain Duck](https://storj.dev/dcs/third-party-tools/mountainduck) Next [Nextcloud](https://storj.dev/dcs/third-party-tools/nextcloud) --- # Comprehensive Guide to Integrating Unitrends and Storj - Storj Docs Unitrends provides backup appliances, backup software, and cloud data protection that leverage cutting-edge technology to automate manual tasks, eliminate management complexity, and deliver tested hardware and software resilience. The Unitrends backup software identifies and resolves software issues that threaten backup and recovery before they happen. Unitrends backup appliances help IT administrators save more time on data backups. Its\*\* \*\*intuitive management console lets you quickly and easily search, filter, manage, and recover thousands of backups. Find more information on the [Unitrends website](https://www.unitrends.com/products) . Request a [free trial](https://www.unitrends.com/confirm/free-trial) of Unitrends, as well. [Advantages of Unitrends with Storj](https://storj.dev/dcs/third-party-tools/unitrends#advantages-of-unitrends-with-storj) --------------------------------------------------------------------------------------------------------------------------- * Unitrends provides ultra-low-cost secondary cloud storage and aligns storage costs with data value. * Unitrends backup provides a simple, centralized management hub that acts as a command center for data storage and recovery. * Unitrends utilizes AI-based ransomware detection and predictive analytics to monitor data characteristics and alert administrators of ransomware attacks in real-time. * Security features in Unitrends allow users to meet compliance requirements. [Integration](https://storj.dev/dcs/third-party-tools/unitrends#integration) ----------------------------------------------------------------------------- To integrate Storj with Unitrends, you will need to create S3 credentials in Storj to be used for Unitrends. Those credentials will need to be added within the Unitrends appliance through their web-based interface. ### [Requirements](https://storj.dev/dcs/third-party-tools/unitrends#requirements) * An active Storj account. Navigate to [https://storj.io/signup?partner=unitrends](https://storj.io/signup?partner=unitrends) to sign up, or log in to [https://storj.io/login](https://storj.io/login) if you already have an account. * A bucket for Unitrends in your Storj instance. * A Unitrends appliance Obtain a free trial of Unitrends from [their website](https://www.unitrends.com/confirm/free-trial) . * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/unitrends#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup](https://storj.io/signup)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/unitrends#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/unitrends#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Connecting Unitrends to Storj](https://storj.dev/dcs/third-party-tools/unitrends#connecting-unitrends-to-storj) ----------------------------------------------------------------------------------------------------------------- ### [Configuration the Unitrends Appliance](https://storj.dev/dcs/third-party-tools/unitrends#configuration-the-unitrends-appliance) Cloud storage must be added to the Unitrends by adding the cloud storage option through the Unitrends system manager. Manage the system using the web-based interface at one of the following: * http://192.168.4.251 * ens192 **Note**: a cloud storage bucket can only be connected to one Unitrends appliance. Follow the steps below to complete the integration: 1\. On the initial Unitrends setup screen, check the **Use an NTP Server** option. Then select **Next**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/n-F0m_YXQPgXXIy0xEwt2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/n-F0m_YXQPgXXIy0xEwt2_image.png) 2\. In the Unitrends dashboard, select **Configure > Backup Copy Targets > Add Target**. 3\. From the drop-down menu, select **Cloud**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gtHurd0Z9sOrBwVXq1x2D_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gtHurd0Z9sOrBwVXq1x2D_image.png) 4\. In the **Storage Details** window, fill out the appropriate connection data: * Select Wasabi as the cloud storage provider from the \*\*Cloud Storage \*\* drop-down menu. * In the **Storage Path** field, enter the name of your bucket for Unitrends in your Storj account. In this demo, we named the bucket "unitrends." * Enter the endpoint address in the **Wasabi Region** field. This will be: gateway.storjshare.io. * Enter the access key in the \*\*Access Key ID \*\*field. * Enter the secret key in the \*\*Secret Key \*\*field. * If desired, check the box next to the **Specify Purging Threshold** field. This sets a size limit for your cloud archive storage. Enter a number in gigabytes for the limit. If no purging threshold is specified, there is no limit to the amount of data the appliance can archive to the cloud storage. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/lU-Z1rBC4mfI_8xKxW-m__image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/lU-Z1rBC4mfI_8xKxW-m__image.png) 5\. Select **Confirm** to complete setting up your Storj account to Unitrends. ### [Success!](https://storj.dev/dcs/third-party-tools/unitrends#success) To view your Storj cloud storage, select **Archive > Media**. You can manually click the scan icon to scan your Storj bucket for new media if it doesn't appear to be happening automatically. Now you can archive backups to your cloud storage. See [Archiving backups to the cloud](https://guides.unitrends.com/documents/legacy-rs-ueb-admin-guide/content/lag/archiving_backups_to_the_cloud.htm) reference documentation on the Unitrends website for more information. [](https://storj.dev/dcs/third-party-tools/unitrends#) ------------------------------------------------------- Previous [TrueNAS](https://storj.dev/dcs/third-party-tools/truenas) Next [Veeam](https://storj.dev/dcs/third-party-tools/veeam) --- # Guide on Deploying MongoDB Ops Manager with Storj - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/mongodb#introduction) ----------------------------------------------------------------------------- MongoDB is a powerful, flexible, and scalable general purpose database. It combines the ability to scale out with features such as secondary indexes, range queries, sorting, aggregations, and geospatial indexes. Ops Manager is a management platform that makes it easy to deploy, monitor, back up, and scale MongoDB on your own infrastructure. MongoDB Enterprise supports a variety of cloud-native deployment options. This gives you and your apps access to locally deployed MongoDB clusters alongside direct access to MongoDB clusters running in the MongoDB Atlas cloud. For the complete documentation for the service, see: [https://github.com/jasonmimick/total-cluster](https://github.com/jasonmimick/total-cluster) [Before you begin](https://storj.dev/dcs/third-party-tools/mongodb#before-you-begin) ------------------------------------------------------------------------------------- If you haven't yet, create a [Storj account](https://www.storj.io/signup) before following the rest of the tutorial. Make sure to [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) and [Create buckets](https://storj.dev/dcs/buckets/create-buckets) . [Procure a Kubernetes cluster](https://storj.dev/dcs/third-party-tools/mongodb#procure-a-kubernetes-cluster) ------------------------------------------------------------------------------------------------------------- Your first step is to procure a Kubernetes cluster. This full example will require 5 to 7 worker nodes with 2 nodes having at least 8 gb of ram. Next, set up your S3-compatible Gateway (formerly known as Tardigrade gateway) for total-cluster, or you can use our [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . Check out the details for that over in the [gateway chart](https://github.com/jasonmimick/total-cluster/tree/master/addons/tardigade-gateway) in total-cluster. Installing the chart (Note: requires Helm V3), ➜ addons git:(master) ✗ helm install s3-gateway tardigade-gatewayNAME: s3-gatewayLAST DEPLOYED: Sat May 30 07:52:43 2020NAMESPACE: total-clusterSTATUS: deployedREVISION: 1TEST SUITE: None ➜ addons git:(master) ✗ helm install s3-gateway tardigade-gatewayNAME: s3-gatewayLAST DEPLOYED: Sat May 30 07:52:43 2020NAMESPACE: total-clusterSTATUS: deployedREVISION: 1TEST SUITE: None CopyCopied! Here, we can inspect the cluster and see our local gateway running. This service provides a local secure connection for MongoDB Ops Manager to write database backups. ➜ addons git:(master) ✗ kubectl get all --selector='app=s3-gateway-tardigrade-gateway'NAME READY STATUS RESTARTS AGEpod/s3-gateway-tardigrade-gateway-68fbf4b4d7-4qbvt 1/1 Running 0 104sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/s3-gateway-tardigrade-gateway-svc ClusterIP 10.43.65.192 7777/TCP 104sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/s3-gateway-tardigrade-gateway 1/1 1 1 104sNAME DESIRED CURRENT READY AGEreplicaset.apps/s3-gateway-tardigrade-gateway-68fbf4b4d7 1 1 1 104s ➜ addons git:(master) ✗ kubectl get all --selector='app=s3-gateway-tardigrade-gateway'NAME READY STATUS RESTARTS AGEpod/s3-gateway-tardigrade-gateway-68fbf4b4d7-4qbvt 1/1 Running 0 104sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/s3-gateway-tardigrade-gateway-svc ClusterIP 10.43.65.192 7777/TCP 104sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/s3-gateway-tardigrade-gateway 1/1 1 1 104sNAME DESIRED CURRENT READY AGEreplicaset.apps/s3-gateway-tardigrade-gateway-68fbf4b4d7 1 1 1 104s CopyCopied! Once your gateway is setup and running, install the entire MongoDB data platform with the total-cluster chart. git clone https://github.com/jasonmimick/total-clusterhelm install mongodb total-cluster git clone https://github.com/jasonmimick/total-clusterhelm install mongodb total-cluster CopyCopied! The entire chart takes between 5 to approx 10 mins to finish installing. This is because it’s installing quite a few [components](https://github.com/jasonmimick/total-cluster#what-is-total-cluster) . Ops Manager needs to be configured to use the gateway. You can connect to your Ops Manager with a basic port-forward command like this, kubectl port-forward mongodb-ops-manager-0 8080:8080 kubectl port-forward mongodb-ops-manager-0 8080:8080 CopyCopied! Connect your browser to [localhost:8080](http://localhost:8080/) and use [admin@mongodb.com](mailto:admin@mongodb.com) and MongoDB12345% to login. Note: These credentials are stored in a secret, called mongodb-ops-manager-secret. You can update this in the chart. Also note the “mongodb” in the secret name comes directly from the Helm release name You should see your MongoDB cluster once connected: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/FF9JYqaVtX4deZoaS8fmj_mongodb.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/FF9JYqaVtX4deZoaS8fmj_mongodb.png) [Setting up the S3 Blockstore pointing to local gateway](https://storj.dev/dcs/third-party-tools/mongodb#setting-up-the-s3-blockstore-pointing-to-local-gateway) ----------------------------------------------------------------------------------------------------------------------------------------------------------------- **You can configure backups for your app databases following this guide:** [**Backup Overview**](https://docs.opsmanager.mongodb.com/current/core/backup-overview/) **.** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kJgbgrQYMtvXwRk64uzND_mongodb2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/kJgbgrQYMtvXwRk64uzND_mongodb2.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5B3azwyWH9dHSdO9N-_qh_mongodb3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/5B3azwyWH9dHSdO9N-_qh_mongodb3.png) Finally, you can see the backup data blocks stored in the Storj bucket. You can even use the local tardigrade-gateway with command s3 command line tools: $ kubectl port-forward tardigrade-gateway-tardigrade-gateway-75cfdb889-nz2n4 7777:7777 &$ export AWS_ACCESS_KEY_ID=XXX$ export AWS_SECRET_ACCESS_KEY=XXX$ aws --endpoint-url http://localhost:7777 s3 ls test $ kubectl port-forward tardigrade-gateway-tardigrade-gateway-75cfdb889-nz2n4 7777:7777 &$ export AWS_ACCESS_KEY_ID=XXX$ export AWS_SECRET_ACCESS_KEY=XXX$ aws --endpoint-url http://localhost:7777 s3 ls test CopyCopied! [Conclusion](https://storj.dev/dcs/third-party-tools/mongodb#conclusion) ------------------------------------------------------------------------- We look forward to seeing what MongoDB users do with Storj (formerly known as Tardigrade). We regularly hear from users who would like cloud backup services that provide end-to-end encryption, multi-region redundancy, as well as lower and more predictable costs compared to centralized services. Storj delivers on all of these needs, while still offering the same enterprise service level agreements users absolutely require. **Learn more** * [**MongoDB Ops Manager**](https://www.mongodb.com/products/ops-manager) * [**Deploying MongoDB in Kubernetes**](https://www.mongodb.com/kubernetes) Previous [MASV](https://storj.dev/dcs/third-party-tools/MASV) Next [Mountain Duck](https://storj.dev/dcs/third-party-tools/mountainduck) --- # Using Storj with MASV - Storj Docs [Integration](https://storj.dev/dcs/third-party-tools/MASV#integration) ------------------------------------------------------------------------ To integrate Storj with MASV, you will need to create S3 credentials in Storj and add them within MASV. ### [Requirements](https://storj.dev/dcs/third-party-tools/MASV#requirements) * An active Storj account * A bucket for use with MASV in your Storj instance * An active account on MASV * * * ### [Create an Account](https://storj.dev/dcs/third-party-tools/MASV#create-an-account) To begin, you will need to create a Storj account. Navigate to [https://www.storj.io/signup?partner=MASV](https://www.storj.io/signup?partner=MASV)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/MASV#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1. Navigate to **Browse** on the left side menu. 2. Click on the **New Bucket** button. 3. Assign the bucket an easily identifiable name, such as "my-bucket". 4. Optional: Enable Object Lock (required for immutability in many applications). * If you enable Object Lock, you can also set a default retention period using either Governance or Compliance Mode 5. Optional: Enable Object Versioning (note that this will be enabled by default if Object Lock is enabled) 6. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/MASV#generate-s3-credentials) Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/third-party-tools/MASV#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | * * * [Connecting MASV to Storj](https://storj.dev/dcs/third-party-tools/MASV#connecting-masv-to-storj) -------------------------------------------------------------------------------------------------- ### [Creating a Storj Cloud Integration in MASV](https://storj.dev/dcs/third-party-tools/MASV#creating-a-storj-cloud-integration-in-masv) 1. Log into your MASV Account: 2. In the MASV web app, select **Integrations** from the left-hand menu. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.50.29%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.50.29%E2%80%AFPM.png) 3. If you are using Cloud Integrations for the first time, click **Storj** from the grid; or you can also select Storj from the **New Integration** > **Select Service** drop-down menu. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.50.56%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.50.56%E2%80%AFPM.png) 4. In the pop-up window, fill out **Connection Name**. Tip: enter a short description of what you use this integration for. Fill out **Bucket**, **Access Key ID**, and **Secret Access Key** with the S3 credentials you created above. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.54.16%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.54.16%E2%80%AFPM.png) 5. After clicking **Connect**, you should be greated with a message confirming the integration. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.55.05%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%202.55.05%E2%80%AFPM.png) ### [Creating a MASV Portal integrated with Storj](https://storj.dev/dcs/third-party-tools/MASV#creating-a-masv-portal-integrated-with-storj) 1. In the MASV web app, select **Request Files with Portals** from the left-hand menu. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.59.58%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.59.58%E2%80%AFPM.png) 2. Select **New Portal** from the top right-hand corner. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.58.14%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.58.14%E2%80%AFPM.png) 3. In the **Select New Portal** pop-up window, select **Custom Portal** by clicking **Create Portal**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.59.01%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%203.59.01%E2%80%AFPM.png) 4. On the **Integrations** tab, enable **Storj** by clicking its corresponding button in the **Status** column. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%204.01.41%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%204.01.41%E2%80%AFPM.png) 5. Continue to configure your portal as desired, finally clicking **Create** in the bottom right-hand corner. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%204.08.34%E2%80%AFPM.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MASV/Screenshot%202024-05-29%20at%204.08.34%E2%80%AFPM.png) 6. Shortly after users upload content to MASV, the files should be available in your Storj bucket. Previous [Mastodon](https://storj.dev/dcs/third-party-tools/mastodon) Next [MongoDB Ops Manager](https://storj.dev/dcs/third-party-tools/mongodb) --- # Guide for Signiant Integration - Storj Docs [Integration](https://storj.dev/dcs/third-party-tools/signiant#integration) ---------------------------------------------------------------------------- To integrate Storj with Signiant, you will need to create S3 credentials in Storj and add them within Signiant. ### [Requirements](https://storj.dev/dcs/third-party-tools/signiant#requirements) * An active Storj account * A bucket for use with Signiant in your Storj instance * An active Signiant Management Console account * * * ### [Create an Account](https://storj.dev/dcs/third-party-tools/signiant#create-an-account) To begin, you will need to create a Storj account. Navigate to [https://www.storj.io/signup?partner=Signiant](https://www.storj.io/signup?partner=Signiant)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/signiant#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1. Navigate to **Browse** on the left side menu. 2. Click on the **New Bucket** button. 3. Assign the bucket an easily identifiable name, such as "my-bucket". 4. Optional: Enable Object Lock (required for immutability in many applications). * If you enable Object Lock, you can also set a default retention period using either Governance or Compliance Mode 5. Optional: Enable Object Versioning (note that this will be enabled by default if Object Lock is enabled) 6. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/signiant#generate-s3-credentials) Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/third-party-tools/signiant#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | * * * [Connecting Signiant to Storj](https://storj.dev/dcs/third-party-tools/signiant#connecting-signiant-to-storj) -------------------------------------------------------------------------------------------------------------- ### [Cloud Credentials Configuration](https://storj.dev/dcs/third-party-tools/signiant#cloud-credentials-configuration) Important: From Signiant’s S3 Compatible documentation [source](https://help.signiant.com/media-shuttle/account-administration/storage/cloud-storage/s3-compatible-storage#adding-s3-compatible-storage) : “For best performance, ensure that SDCX Server software is installed on a server near your S3 compatible storage location.” The lower the latency between the SDCX server and Storj’s endpoint (gateway.storjshare.io) is, the better the throughput will be. The performance achieved in the [Storj + Signiant blog post](https://www.storj.io/blog/signiant-performance-testing-achieves-multi-gigabit-transfers-on-storj) was from a SDCX server installed on a [Vultr](https://www.vultr.com/) instance located in the same city where a Storj endpoint was running. Vultr’s [“Looking Glass”](https://lax-ca-us-ping.vultr.com/) ping test can be used to see which Vultr locations have single-digit-ms latency to gateway.storjshare.io. 1. Log into the Signiant Media Shuttle management console: [https://manage.mediashuttle.com/](https://manage.mediashuttle.com/) 2. Go to **Storage** - **Add** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image3.png) 3. Select **S3 Compatible** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image1.png) 4. Select a SDCX server, then enter in all of the S3 information: * **Service Endpoint**: gateway.storjshare.io * **Bucket**: your-bucket-name * **Subfolder**: your-prefix-name * **Access Key**: your-access-key * **Secret Key**: your-secret-key * **Access Parameters**: Check **Use SSL** and Bucket Access Style **Virtual Host** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image4.png) 5. Assign the newly created storage to the Media Shuttle Portal by clicking **Assign** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/signiant/signiant-image2.png) Previous [s3fs](https://storj.dev/dcs/third-party-tools/s3fs) Next [Splunk](https://storj.dev/dcs/third-party-tools/splunk) --- # How to Integrate Hammerspace with Storj - Storj Docs [**Hammerspace**](https://hammerspace.com/) is a software solution that creates a global data environment mimicking the experience of local access to globally distributed data. Data connected under Hammerspace can include different, typically incompatible storage types, such as data centers and cloud storage, as well as locations. Hammerspace provides a unified view and control over all connected data as a single, easily accessible dataset. For more information [contact Hammerspace](https://hammerspace.com/contact-us/) [Advantages of Hammerspace with Storj](https://storj.dev/dcs/third-party-tools/hammerspace#advantages-of-hammerspace-with-storj) --------------------------------------------------------------------------------------------------------------------------------- * **Universal data access layer**: read and write to data from anywhere worldwide. * **Unify your Storj data** with data residing in legacy DAS, NAS, SAN, object storage, and other cloud storage environments. * **Multiple mechanisms to protect data from disasters and attacks**: snapshots, undelete, WORM (write once read many), and file versioning. * **Unified view of files with a rich metadata layer**: only necessary data is replicated when a file is accessed and worked on. [Integration](https://storj.dev/dcs/third-party-tools/hammerspace#integration) ------------------------------------------------------------------------------- To integrate Storj with Hammerspace, you will need to create S3 credentials in Storj and add them within Hammerspace. Veeam uses a wizard to guide users in adding S3-compatible cloud storage. ### [Requirements](https://storj.dev/dcs/third-party-tools/hammerspace#requirements) * To begin, you will need to create a Storj account. * Navigate to [https://storj.io/signup?partner=hammerspace](https://storj.io/signup?partner=hammerspace)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. * A bucket for Hammerspace in your Storj instance. * A working Hammerspace environment. Schedule a Hammerspace [demo](https://hammerspace.com/hammerspace-software/) , or [contact](https://hammerspace.com/contact-us/) the Hammerspace team. * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/hammerspace#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup](https://storj.io/signup)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/hammerspace#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/hammerspace#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Integrating Hammerspace with Storj](https://storj.dev/dcs/third-party-tools/hammerspace#integrating-hammerspace-with-storj) ----------------------------------------------------------------------------------------------------------------------------- ### [Hammerspace Configuration](https://storj.dev/dcs/third-party-tools/hammerspace#hammerspace-configuration) This integration guide assumes that you have access to an active Hammerspace environment. To add Storj to your Hammerspace environment, follow the steps below: 1\. Log in to your Hammerspace environment. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zmk4BGsFbIoEgu4SZF6tN_image-0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zmk4BGsFbIoEgu4SZF6tN_image-0.png) 2\. Select the cloud and storage **Infrastructure** icon on the lefthand menu. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YYJS4M3teSdgzEZ-ynw1V_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YYJS4M3teSdgzEZ-ynw1V_image.png) 3\. Select the **Storage Systems** tab, then the **Add Storage System** button. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Y8gzE9G1KO63SNhXuvywJ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Y8gzE9G1KO63SNhXuvywJ_image.png) 4\. In the **Add Storage System** window, enter something recognizable, such as "Storj", in the **Name** field. Then, in the **Type** drop-down, select the "Generic S3" option. 5\. Enter the S3 credentials you generated earlier in the tutorial: 1. Add the access key in the **Access Key** field. 2. Add the secret key in the **Secret Key** field. 3. Add the endpoint, which should be "https://gateway.storjshare.io", in the **Endpoint** field. 4. Check the **Use V4 auth signing** box. 5. Select **Add Storage System**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Fgp7km_uISDze9D9Y2lnv_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Fgp7km_uISDze9D9Y2lnv_image.png) 6\. You will now see your Storj instance listed under **Storage Systems**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Bv_aNC9IbmCVf6WSWSnEP_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Bv_aNC9IbmCVf6WSWSnEP_image.png) 7\. It is necessary to create a volume for the new Storj instance. This volume corresponds to the bucket you created earlier within Storj. Next to the Storj row in **Storage Systems**, select the **\+ Volume** button. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/lBSumlSdgoFVJ8YvdrAC-_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/lBSumlSdgoFVJ8YvdrAC-_image.png) 8\. Choose the "hammerspace" bucket created earlier within Storj. Then select **Next Step**. * If you want to share this bucket with another site, check the box under the **Shared Volume** column. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-elgrNKidndu3mCmlA5i7_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/-elgrNKidndu3mCmlA5i7_image.png) * If desired, set a limit on the bucket's capacity. The default is "Auto (Unlimited)". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cTa1aLoz5dPw2eZvpL2J6_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/cTa1aLoz5dPw2eZvpL2J6_image.png) 9\. Review your bucket's information on the **Review & Add** page. Then select **Add Volumes** 10\. The bucket will now appear under the **Volumes** tab in the **Infrastructure** section of your Hammerspace environment. This signifies that Storj has been successfully added to Hammerspace. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DZjF3Zints0yM9UADH__I_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DZjF3Zints0yM9UADH__I_image.png) **Note**: for more information on accessing data in your Storj volume, refer to Hammerspace's [documentation](https://hammerspace.com/resources/) . Previous [Globus](https://storj.dev/dcs/third-party-tools/globus) Next [HashBackup](https://storj.dev/dcs/third-party-tools/hashbackup) --- # Integrating Kerberos Vault with Distributed Cloud Storage - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/kerberos-vault#introduction) ------------------------------------------------------------------------------------ The [Kerberos.io](https://kerberos.io/) project (not to be confused with the authentication protocol of the same name) offers an open-source platform for video analytics and monitoring. With a modular system design focused on minimal startup requirements and additional components available to add later, Kerberos.io is built to work for everything from small, personal systems to complex enterprise configurations. This makes it a useful solution that is relevant at all scales. The modularity of Kerberos.io includes optional components that help integrate it into any cloud architecture. One of these components is [Kerberos Vault](https://kerberos.io/product/vault/) , which provides a flexible and extensible storage solution for video files. Kerberos Vault is designed to work with several different cloud providers, including Storj, to allow for customized storage options where users can bring their own providers. [Storj and Kerberos](https://storj.dev/dcs/third-party-tools/kerberos-vault#storj-and-kerberos) ------------------------------------------------------------------------------------------------ Storj's decentralized cloud storage platform offers a great video storage backend for integration with Kerberos.io and Kerberos Vault. This is because the distributed storage design that Storj is built on offers both high availability access to video files (thanks to its network of nodes across multiple regions) and secure, reliable hosting with no single-point-of-failure. Conveniently, it is fairly simple to configure Storj to work with Kerberos Vault. This doc will show the steps necessary to do so. ### [Prerequisites](https://storj.dev/dcs/third-party-tools/kerberos-vault#prerequisites) Before starting the steps in this outline, ensure you have the following: * **A Storj account.** You can [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) for free at Storj.io/signup. * **A Kubernetes cluster.** Kerberos.io is best deployed as a container in Kubernetes. You can create a Kubernetes cluster locally or on any service provider that offers Kubernetes such as Google Cloud's GKE or Amazon EKS. * **Kerberos Vault installed in your Kubernetes cluster.** Kerberos.io provides documentation on [how to install Kerberos Vault in Kubernetes](https://doc.kerberos.io/vault/installation/) , both for public and private cloud options. With these prerequisites satisfied, we can begin configuring Kerberos Vault to use Storj in our Kubernetes cluster. ### [Creating a Storj Bucket and Access Credentials](https://storj.dev/dcs/third-party-tools/kerberos-vault#creating-a-storj-bucket-and-access-credentials) The first step in configuring Storj as the storage backend for Kerberos.io is to create a bucket in your Storj account and [Getting started](https://storj.dev/dcs/getting-started) for the bucket. Kerberos Vault will then use the bucket information and access grant to connect with Storj. For this, do the following steps: 1) Log in to your Storj account 2) On the main dashboard, click [Create buckets](https://storj.dev/dcs/buckets/create-buckets) and **"New Bucket"** 3) Give your bucket a descriptive name in the text box, for example "**kerberos-vault**" [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/37JTYTC20PveNiS6h-Kj2_kerberos1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/37JTYTC20PveNiS6h-Kj2_kerberos1.png) 4) Click **Continue**. You will be prompted to select your Encryption - either **Generate passphrase** or **Enter passphrase**. If this is your first time using the object browser, you **must create an encryption passphrase.** We strongly encourage you to use a mnemonic phrase. The GUI automatically generates one on the client side for you with the **Generate passphrase** option. You can also download it as a text file. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b8f25t3ezfVSntymkkreo_kerberos2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/b8f25t3ezfVSntymkkreo_kerberos2.png) 5) To continue, you need to mark the checkbox **_\[v\] I understand, and I have saved the passphrase._** This will enable the **Continue** button. When you click it - the bucket “**_kerberos-vault_**” will be created. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xM1VMoKpLAO2l8MUtdwUj_kerberos3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xM1VMoKpLAO2l8MUtdwUj_kerberos3.png) **This passphrase is important!** Encryption keys derived from it are used to encrypt your data at rest, and your data will have to be re-uploaded if you want it to change! Importantly, if you want two access grants to have access to the same data, **they must use the same passphrase**. You won’t be able to access your data if the passphrase in your access grant is different than the passphrase you uploaded the data with. Please note that **Storj does not know or store your encryption passphrase**, so if you lose it, you will not be able to recover your files. 6) Navigate to the **Access** page, then click on **Create S3 Credentials**. A modal window will pop up where you should enter a name for this access grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BDTw8G2G_UrYLCqigpIbD_kerberos4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/BDTw8G2G_UrYLCqigpIbD_kerberos4.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MBJgkjvxjquWt0BfC4i3D_kerberos5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MBJgkjvxjquWt0BfC4i3D_kerberos5.png) 7) In the new window, give your access grant a descriptive name, for example “**kerberosvault**” 8) Choose the appropriate permissions you wish to grant Kerberos Vault for this bucket: * **Download** / **Update** / **List** / **Delete** - these are the actions that Kerberos.io will be able to perform * **Duration** - this is the time until this access grant will expire * **Buckets** - this sets which bucket (or buckets) Kerberos.io will have access to. 9) Click **Encrypt My Access** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/44wvYuZEoZ-bffautbCxG_kerberos6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/44wvYuZEoZ-bffautbCxG_kerberos6.png) 10) Select **Create My Own Passphrase** and provide your Encryption Phrase used during creation of “**_kerberos-vault_**” bucket earlier. To continue click either **Copy to clipboard** or **Download .txt**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/XK4E4GALm02OiwRFTaaai_kerberos7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/XK4E4GALm02OiwRFTaaai_kerberos7.png) 11) To confirm creation mark the checkbox **\[v\] I understand that Storj does not know or store my encryption passphrase. If I lose it, I won’t be able to recover files.**, this will enable **Create my Access** button. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/P9pu642N2YNRLl1wn945a_kerberos8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/P9pu642N2YNRLl1wn945a_kerberos8.png) 12) When you click on **Create my Access** the window with S3 Credentials will be opened. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UBU80LbzKUOFcn6WCMt8S_kerberos9.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/UBU80LbzKUOFcn6WCMt8S_kerberos9.png) 13) Copy S3 Keys and S3 Endpoint or click **Download .txt** to use with Kerberos Vault in a safe place. After completing these steps, you are ready to configure Kerberos Vault with your new bucket’s access credentials. ### [Configuring Kerberos Vault to Use Storj](https://storj.dev/dcs/third-party-tools/kerberos-vault#configuring-kerberos-vault-to-use-storj) Now it is time to tell Kerberos where to store videos (your Storj bucket) and how to access that location (with the access grant created above). These steps can be completed from the Kerberos Vault web panel within your running instance of Kerberos inside a Kubernetes cluster. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1_U_rGF5rIVbd_OuNKwrW_kerberos-doc-graphic-6.gif)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1_U_rGF5rIVbd_OuNKwrW_kerberos-doc-graphic-6.gif) 1. From the main Kerberos Vault dashboard, select **Storage Providers** (on the left menu) 2. In the window that pops up, in the drop-down menu under **Select Storage Provider**, choose **Storj**. 3. Under **Provider Name**, enter a descriptive name for this provider to be referred to in your Kerberos instance (for example, **"storjdcs"**) 4. For **Bucket Name**, enter the same bucket name as the one created above (in this tutorial, that would be **"kerberos-vault"**) 5. **Region** this is not relevant for Storj or an edge deployment and can be left blank 6. **Hostname** is the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) for your Storj bucket's region (for example, **"gateway.storjshare.io"**) 7. Under **Storj Credentials**, enter the **Access Key** and **Secret Key** you saved earlier when creating your access credentials. 8. Finally, click **Validate** to ensure your access is correct and **Add Integration** to finish setup. ### [Summary](https://storj.dev/dcs/third-party-tools/kerberos-vault#summary) The flexibility of Kerberos.io and its components like Kerberos Vault are what make it a versatile platform for video monitoring and analytics. From single-camera setups to advanced cloud-based enterprise installations, the Kerberos.io video technology is adaptable to any configuration. This adaptability includes the option to customize your choice for video storage with the platform, which is where Storj makes an excellent choice. In this tutorial, we demonstrated the steps to set up a Storj bucket and create access credentials for that bucket. We then showed how to update a Kerberos Vault installation to use Storj as a storage provider. Doing all of this allows Kerberos.io to leverage the distributed storage network provided by Storj, taking advantage of all the benefits it provides. Your video monitoring and analytics solution is now enhanced with the power of decentralized media storage. Previous [iconik](https://storj.dev/dcs/third-party-tools/iconik) Next [Kubernetes Backup via Velero](https://storj.dev/dcs/third-party-tools/velero) --- # Rucio Integration Guide - Storj Docs [Overview](https://storj.dev/dcs/third-party-tools/rucio#overview) ------------------------------------------------------------------- Rucio is an open-source software framework that provides scientific collaborations with the functionality to organize, manage, and access their data at scale. This tutorial walks through the steps needed to configure a [Rucio Storage Element (RSE)](https://rucio.cern.ch/documentation/rucio_storage_element) with a [demo of Rucio](https://rucio.cern.ch/documentation/setting_up_demo/) . These configuration instructions were adapted from the draft instructions being developed in the Rucio GitHub project: [Create documentation page for S3-type storage](https://github.com/rucio/rucio/issues/5450) ### [Setup a demo environment](https://storj.dev/dcs/third-party-tools/rucio#setup-a-demo-environment) **Prerequisites:** * Docker is installed and running: [https://docs.docker.com/get-docker/](https://docs.docker.com/get-docker/) Already have a Rucio environment? Skip ahead to [Rucio](https://storj.dev/dcs/third-party-tools/rucio) ### [Clone Rucio and jump into the docker container](https://storj.dev/dcs/third-party-tools/rucio#clone-rucio-and-jump-into-the-docker-container) Note that if you get an error like `No such container: dev_rucio_1` run `docker ps` to identify the name of your rucio container (it may be something like "dev-rucio-1) git clone https://github.com/rucio/ruciocd ruciodocker-compose --file ./etc/docker/dev/docker-compose.yml up -ddocker exec -it dev_rucio_1 /bin/bash git clone https://github.com/rucio/ruciocd ruciodocker-compose --file ./etc/docker/dev/docker-compose.yml up -ddocker exec -it dev_rucio_1 /bin/bash CopyCopied! * * * The rest of the commands are to be executed within the Docker container ### [Initialize the database](https://storj.dev/dcs/third-party-tools/rucio#initialize-the-database) tools/run_tests_docker.sh -i tools/run_tests_docker.sh -i CopyCopied! ### [Update the ca-certificates package](https://storj.dev/dcs/third-party-tools/rucio#update-the-ca-certificates-package) The image has python3 linked in `/usr/bin/python` but yum requires python2 One workaround is to change the first line of `/usr/bin/yum` and `/usr/libexec/urlgrabber-ext-down` to use `/usr/bin/python2` . `vi /usr/bin/yum` < now change "python" to "python2" in the first line sdf `vi /usr/libexec/urlgrabber-ext-down` < now change "python" to "python2" in the first line yum update ca-certificates yum update ca-certificates CopyCopied! ### [Configure the Storj RSE](https://storj.dev/dcs/third-party-tools/rucio#configure-the-storj-rse) The [gfal protocol](https://github.com/rucio/rucio/blob/master/lib/rucio/rse/protocols/gfal.py) was chosen because s3boto was recently removed and the draft rucio doc (linked [here](https://github.com/rucio/rucio/issues/5450) ) suggested using it to support s3. gfal is used to send requests like get, put, delete, rename, and copy to the RSE. # replace YOUR_BUCKET_NAME with your storj bucketrucio-admin rse add STORJrucio-admin rse add-protocol --hostname gateway.storjshare.io --scheme https --port 443 --prefix YOUR_BUCKET_NAME --impl rucio.rse.protocols.gfal.NoRename --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' STORJrucio-admin rse set-attribute --rse STORJ --key sign_url --value s3rucio-admin rse set-attribute --rse STORJ --key skip_upload_stat --value Truerucio-admin rse set-attribute --rse STORJ --key verify_checksum --value Falserucio-admin rse set-attribute --rse STORJ --key strict_copy --value True # replace YOUR_BUCKET_NAME with your storj bucketrucio-admin rse add STORJrucio-admin rse add-protocol --hostname gateway.storjshare.io --scheme https --port 443 --prefix YOUR_BUCKET_NAME --impl rucio.rse.protocols.gfal.NoRename --domain-json '{"wan": {"read": 1, "write": 1, "delete": 1, "third_party_copy_read": 1, "third_party_copy_write": 1}, "lan": {"read": 1, "write": 1, "delete": 1}}' STORJrucio-admin rse set-attribute --rse STORJ --key sign_url --value s3rucio-admin rse set-attribute --rse STORJ --key skip_upload_stat --value Truerucio-admin rse set-attribute --rse STORJ --key verify_checksum --value Falserucio-admin rse set-attribute --rse STORJ --key strict_copy --value True CopyCopied! ### [Create rse-accounts.cfg](https://storj.dev/dcs/third-party-tools/rucio#create-rse-accounts-cfg) # get your rse_idrucio-admin rse info STORJ# use your rse_id and s3 credentials belowcat >> etc/rse-accounts.cfg <> etc/rse-accounts.cfg <:`, the `:` component will be directly passed to Rclone. When you configure a remote named `foo`, you can then call Restic as follows to initiate a new repository in the path `bar` in the repo: $ restic -r rclone:foo:bar init $ restic -r rclone:foo:bar init CopyCopied! Restic will take care of starting and stopping Rclone for your backup [Setup](https://storj.dev/dcs/third-party-tools/restic#setup) -------------------------------------------------------------- First, [install](https://restic.readthedocs.io/en/stable/020_installation.html) Restic for your operating system, then execute the init command: restic --repo rclone:storj:bucket/my-backup init restic --repo rclone:storj:bucket/my-backup init CopyCopied! Flag `--repo` defines that we will use `rclone` as a tool for backup with `storj` configuration. The last part `bucket/my-backup` specifies where our backup will be stored remotely. The label `storj` refers to the `rclone` configuration name which you chose during setup. Now, enter a password for your repository. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9Pwnr8Xm5xOZElCIB8OzE_restic.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9Pwnr8Xm5xOZElCIB8OzE_restic.png) Remembering your password is important! If you lose it, you won’t be able to access data stored in the repository. Repository data will be created directly at the specified bucket prefix e.g., `bucket/my-backup`. Now you are ready to do your first backup! [Backing Up](https://storj.dev/dcs/third-party-tools/restic#backing-up) ------------------------------------------------------------------------ Execute the backup command: restic --repo rclone:storj:bucket/my-backup backup ~/directory-to-backup --pack-size=60 restic --repo rclone:storj:bucket/my-backup backup ~/directory-to-backup --pack-size=60 CopyCopied! You will be able to see the progress of the backup and a summary at the end of the process. Passing `--pack-size=60` sets the Restic pack size to 60 MiB, which is the optimal value for Storj. Restic is not very precise, and the actual pack files may be a little larger. When backing up the root directory on Unix systems it is important to pass `--one-file-system` to prevent accidentally backing up virtual filesystems like`/proc`. Passing `-o rclone.connections=1` reduces the Rclone parallelism to a single upload. The Storj backend will still open multiple connections to storage nodes. Use this option to reduce the stress on your router in case of failing uploads with the default parallelism. [Cleanup](https://storj.dev/dcs/third-party-tools/restic#cleanup) ------------------------------------------------------------------ With every backup, Restic is creating a new snapshot with contents of a directory at the moment. To remove old and unused snapshots we need to execute the `forget` command: restic --repo rclone:storj:bucket/my-backup forget --keep-last 2 --prune restic --repo rclone:storj:bucket/my-backup forget --keep-last 2 --prune CopyCopied! The `--keep-last` flag is for keeping last `n` snapshots. This command offers multiple flags for defining deletion rules. See `restic help forget` for more options. The `--prune` flag is for removing unreferenced data. Without this option, the `forget` command will remove the snapshot but not the referenced data. [Check](https://storj.dev/dcs/third-party-tools/restic#check) -------------------------------------------------------------- If you want to verify the consistency of your backup, run the `check` command: restic --repo rclone:storj:bucket/my-backup check restic --repo rclone:storj:bucket/my-backup check CopyCopied! [Restore](https://storj.dev/dcs/third-party-tools/restic#restore) ------------------------------------------------------------------ To restore the latest snapshot of your backup: restic --repo rclone:storj:bucket/my-backup restore latest --target ~/restore restic --repo rclone:storj:bucket/my-backup restore latest --target ~/restore CopyCopied! The `latest` option means we want to restore the latest snapshot. The `--target` flag defines the directory where the backup will be restored. For more detailed information around Restic usage, please visit the [Restic documentation page](https://restic.readthedocs.io/) . Previous [Rclone Native Integration](https://storj.dev/dcs/third-party-tools/rclone/rclone-native) Next [Rubrik](https://storj.dev/dcs/third-party-tools/rubrik) --- # Integrating Starfish for Large-Scale File Management with Storj - Storj Docs [Integration guide for connecting Storj to Starfish](https://storj.dev/dcs/third-party-tools/starfish#integration-guide-for-connecting-storj-to-starfish) ---------------------------------------------------------------------------------------------------------------------------------------------------------- [Starfish Storage](https://starfishstorage.com/) is a versatile service designed for file and object management across a wide range of scales, suitable for everything from small departmental file shares to the largest supercomputing file systems. It stands out for its ability to handle vast quantities of data with efficiency and ease, making it a valuable tool for organizations dealing with large and complex data environments. [Advantages of Starfish with Storj](https://storj.dev/dcs/third-party-tools/starfish#advantages-of-starfish-with-storj) ------------------------------------------------------------------------------------------------------------------------ Integrating Starfish with Storj offers a comprehensive solution for large-scale file management at a competitive cost. Starfish, specializing in metadata-driven file organization and management, integrates smoothly with Storj's S3 compatible API, ensuring efficient storage and retrieval of vast data volumes. This combination leverages Storj's robust security features, giving users confidence in the safety and integrity of their data. [Integration](https://storj.dev/dcs/third-party-tools/starfish#integration) ---------------------------------------------------------------------------- The integration between Storj and Starfish is achieved through the S3 protocol, which allows Starfish to write and read backup data directly to and from the Storj network. Users can configure Starfish to use Storj as the storage target for their archive jobs. To integrate Starfish with Storj, you will need: * An active Storj account * A bucket for Starfish in your Storj account * Storj S3 compatible credentials * Starfish account (see [here](https://starfishstorage.com/contact-us/) ) For more details, see [https://starfishstorage.com/solutions/](https://starfishstorage.com/solutions/) * * * [Set up Storj](https://storj.dev/dcs/third-party-tools/starfish#set-up-storj) ------------------------------------------------------------------------------ ### [Create an Account](https://storj.dev/dcs/third-party-tools/starfish#create-an-account) To begin, you will need to create a Storj account. Navigate to [https://storj.io/signup?partner=starfish](https://storj.io/signup?partner=starfish)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/starfish#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1. Navigate to **Browse** on the left side menu. 2. Click on the **New Bucket** button. 3. Assign the bucket an easily identifiable name, such as "my-bucket". 4. Optional: Enable Object Lock (required for immutability in many applications). * If you enable Object Lock, you can also set a default retention period using either Governance or Compliance Mode 5. Optional: Enable Object Versioning (note that this will be enabled by default if Object Lock is enabled) 6. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/starfish#generate-s3-credentials) Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/third-party-tools/starfish#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | * * * [Connecting Starfish with Storj](https://storj.dev/dcs/third-party-tools/starfish#connecting-starfish-with-storj) ------------------------------------------------------------------------------------------------------------------ The workflow assumes a bucket called sf-test has previously been created within Storj. The following will add Storj as an target for archive jobs. 1. Select **Targets** button from the base UI to create a new target [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_2.png) 2. Select **Add target** and **S3** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_3.png) 3. Fill out the target specific details: * **Type**: s3 * **Endpoint URL**: [https://gateway.storjshare.io](https://gateway.storjshare.io/) * **Aws access key id**: Enter the access key from the S3 credentials you generated in Storj. * **Aws secret access Key**: Enter the secret key from the S3 credentials you generated in Storj. * **Bucket name**: Enter the name of the bucket created previously [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_6.png) 4. Select **Close** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/starfish_image_5.png) 5. Using the CLI, adjust the `max_part_size` and `default_part_size` to 64MiB These options are not available via UI but can also be configured via the REST API. Run the following command in a terminal: $sf archive-target update Storj default_part_size=64MiB max_part_size=64MiBArchive target updatedid: 44name: Storjtype: s3params:aws_access_key_id=jusgujwkr4wkoeijgfhbtn465araaws_secret_access_key=***bucket_name=sf-testdefault_part_size=64MiBdst_path=km-tstendpoint_url=https://gateway.storjshare.iomax_part_size=64MiBretries=8single_read_on_s3_upload=Falsetimeout=60 $sf archive-target update Storj default_part_size=64MiB max_part_size=64MiBArchive target updatedid: 44name: Storjtype: s3params:aws_access_key_id=jusgujwkr4wkoeijgfhbtn465araaws_secret_access_key=***bucket_name=sf-testdefault_part_size=64MiBdst_path=km-tstendpoint_url=https://gateway.storjshare.iomax_part_size=64MiBretries=8single_read_on_s3_upload=Falsetimeout=60 CopyCopied! Previous [Splunk](https://storj.dev/dcs/third-party-tools/splunk) Next [Tesla Sentry Mode Backup](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb) --- # TrueNAS Integration with Storj for Secure Data Storage - Storj Docs TrueNAS is a network attached storage (NAS) solution that allows for an off-site backup with cloud storage, such as Storj, to provide simplicity, speed, and durability in data storage. [Advantages of Storj with TrueNAS](https://storj.dev/dcs/third-party-tools/truenas#advantages-of-storj-with-true-nas) ---------------------------------------------------------------------------------------------------------------------- Using Storj with TrueNAS provides resilient cloud object storage with blazing performance and zero-trust security. This integration ensures: 1. **Data durability**: Use Storj as an offsite backup for your TrueNAS storage for multi-region durability. 2. **Speed and simplicity** of on-site storage with the added protection of a back-up in the cloud. 3. It is also configurable in a variety of ways. [Integration](https://storj.dev/dcs/third-party-tools/truenas#integration) --------------------------------------------------------------------------- This integration uses S3 credentials passed from Storj to TrueNAS. You will need to set up a Storj account, create a Storj bucket for TrueNAS, and generate S3 credentials for TrueNAS. Then, you will need to create a Cloud Credential on TrueNAS that will grant it access to the bucket in Storj. ### [Software Requirements](https://storj.dev/dcs/third-party-tools/truenas#software-requirements) Storj is fully integrated with TrueNAS. To integrate TrueNAS with Storj, you will need: * A Storj account * A TrueNAS storage device connected to your network. For more information about the TrueNAS Storj integration, visit [https://www.truenas.com/ix-storj](https://www.truenas.com/ix-storj) . * * * [Setting up Storj](https://storj.dev/dcs/third-party-tools/truenas#setting-up-storj) ------------------------------------------------------------------------------------- ### [Sign up for an account](https://storj.dev/dcs/third-party-tools/truenas#sign-up-for-an-account) Navigate to [https://storj.io/signup?partner=ix-storj-1](https://storj.io/signup?partner=ix-storj-1) to sign up for TrueNAS Storj account. Enter your full name, email address, and a password, as shown below: If you have an existing Storj account, you will need to contact support to have it linked to the TrueNAS Storj integration. See [here](https://forum.storj.io/t/truenas-backups-and-differences-between-storj-and-storj-ix/20044/7) for more information [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PnQ7D7Z6fU0RPKZpOCRXJ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PnQ7D7Z6fU0RPKZpOCRXJ_image.png) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/truenas#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/truenas#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Connecting TrueNAS to Storj](https://storj.dev/dcs/third-party-tools/truenas#connecting-true-nas-to-storj) ------------------------------------------------------------------------------------------------------------ To complete the integration, you will need the S3 credentials created in the previous steps and a TrueNAS login. If you use TrueNAS 24.10 (Electric Eel) or later, you would be able to setup a [TrueCloud Backup Task](https://storj.dev/dcs/third-party-tools/truenas#create-a-truecloud-backup-task) , it's a preferred method, because it has several advantages above the [Cloud Sync Task](https://storj.dev/dcs/third-party-tools/truenas#create-a-cloud-sync-task) : [https://www.truenas.com/docs/scale/24.10/scaletutorials/dataprotection/truecloudtasks/](https://www.truenas.com/docs/scale/24.10/scaletutorials/dataprotection/truecloudtasks/) ### [Create a Cloud Credential in TrueNAS](https://storj.dev/dcs/third-party-tools/truenas#create-a-cloud-credential-in-true-nas) 1\. Log into TrueNAS on your network. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9caiWgOrlUL5dtj7e7JFv_login.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9caiWgOrlUL5dtj7e7JFv_login.png) 2\. On the left-hand menu, navigate to **Credentials** and select **Backup credentials**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/amTXglEqJexuCScBmO2Fm_bc.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/amTXglEqJexuCScBmO2Fm_bc.png) 3\. Click **Add** under the **_Cloud Credentials_** section. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ryjNzCggsxIy5HSOitxyu_cc.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ryjNzCggsxIy5HSOitxyu_cc.png) 4\. On the right-hand pop-up menu, complete the fields as follows: * **Name**: the name of your credential, e.g. Storj. * **Provider**: select Storj iX from the drop-down. * **Access Key ID**: the access key from your S3 credentials created in Storj. * **Secret Access Key**: the secret key from your S3 credentials created in Storj. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JZeL9b5DOtKTZirlwxr7S_cloudc1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JZeL9b5DOtKTZirlwxr7S_cloudc1.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/o3G3DY3n4yCw9lq1eBiH8_cloudc2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/o3G3DY3n4yCw9lq1eBiH8_cloudc2.png) 5\. Click **Verify** to very the credentials if you wish. 6\. Click **Save**. ### [Create a TrueCloud Backup Task](https://storj.dev/dcs/third-party-tools/truenas#create-a-true-cloud-backup-task) This is a cost-efficient solution in comparison with a Cloud Sync Task. It's available starting with TrueNAS 24.10 (Electric Eel). The TrueCloud Backup Task allows to create [restic](https://storj.dev/dcs/third-party-tools/restic) snapshots and upload them to the Storj bucket. Each snapshot contains only a difference, it also packs smaller objects to a bigger chunks, which effectively reduce your [storage](https://storj.dev/dcs/pricing#object-storage) and [segments usage](https://storj.dev/dcs/pricing#per-segment-fee) in the bucket. The restic snapshots allows you to restore a specific version of any object or the entire dataset. Please follow the [TrueNAS documentation to setup a TrueCloud Backup Task](https://www.truenas.com/docs/scale/24.10/scaletutorials/dataprotection/truecloudtasks/) ### [Create a Cloud Sync Task](https://storj.dev/dcs/third-party-tools/truenas#create-a-cloud-sync-task) 1\. On the left-hand menu, click **Data Protection**, navigate to **_Cloud Sync Tasks_**, and click **Add**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/q5Dqcs72_i-JdGQ16NOG3_screen-shot-2022-11-10-at-111126-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/q5Dqcs72_i-JdGQ16NOG3_screen-shot-2022-11-10-at-111126-am.png) 2\. In the **_Add Cloud Sync Task_** window, fill out the fields as follows: * **Description**: your preferred description, e.g., "**Daily**". * **Direction**: PUSH. This transfers data from TrueNAS to the cloud. * **Transfer Mode**: Copy * **Credential**: Choose the Storj credential from the drop-down. * **Bucket**: choose the truenas bucket you created within Storj. * **Folder (optional)**: The path where the data should be stored within the bucket. * **Directory/Files**: the folder in your directory to push from. 3\. Click **Save**. Under **_Cloud Sync Tasks_** you should see an entry for the **Daily** task, along with a green SUCCESS tag. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sl2BBBB8ji5l6HXCA1da7_success.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/sl2BBBB8ji5l6HXCA1da7_success.png) 4\. To test whether the sync has been successful, click the **Run Now** arrow in the task entry. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/FAbFNiNGpHfycYMgE_1ZJ_run.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/FAbFNiNGpHfycYMgE_1ZJ_run.png) You may consider to enable [Object versioning](https://storj.dev/dcs/api/s3/object-versioning) for the bucket and you may also [generate S3 credentials with TTL](https://storj.dev/dcs/buckets/object-lifecycles#setting-object-ttl-in-the-access-grant--s3-credentials) to automatically delete expired versions. **Please note, the automatic deletion of expired objects can delete the last version too, so be careful with that feature** **If you want to have a normal backup tool, consider to use a [TrueCloud Backup Task](https://storj.dev/dcs/third-party-tools/truenas#create-a-truecloud-backup-task) instead.** [Success!](https://storj.dev/dcs/third-party-tools/truenas#success) -------------------------------------------------------------------- While the tasks are running, an orange "RUNNING" label will appear in the task entry. Once the task completes, it will return to a green "SUCCESS" tag. You can now check on the file sync. The TrueNAS bucket in Storj should contain the contents of the folder you had uploaded. Previous [Tesla Sentry Mode Backup](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb) Next [Unitrends](https://storj.dev/dcs/third-party-tools/unitrends) --- # Guide to Veeam and Storj Integration - Storj Docs **Veeam Backup & Replication** is an all-in-one backup, recovery, and data security solution that serves both on-premises and cloud storage. It is the foundation of the Veeam Platform and delivers simple, flexible, reliable, and powerful data protection. For more information, visit [veeam.com](https://www.veeam.com/) . You can also [download a free trial](https://www.veeam.com/vm-backup-recovery-replication-software.html) for 30 days. [Advantages of Veeam with Storj](https://storj.dev/dcs/third-party-tools/veeam#advantages-of-veeam-with-storj) --------------------------------------------------------------------------------------------------------------- * **Eliminate downtime**: instant recovery and protection from cyber threats. * **Fast and secure backup for your data**: automate workload backup and discovery across cloud, virtual, physical, and NAS. Fast image-based backups take advantage of VMs, hardware, and OS snapshots. * **Lightning-fast data recovery for any scenario**: instant recovery of OSes, applications, databases, VMs, files, folders, objects, and shares. Recovery works across multiple clouds and platforms. * **Flexibility**: a software-defined and hardware–agnostic solution for ultimate flexibility. [Integration](https://storj.dev/dcs/third-party-tools/veeam#integration) ------------------------------------------------------------------------- To integrate Storj with Veeam, you will need to create S3 credentials in Storj and add them within Veeam. Veeam uses a wizard to guide users in adding S3-compatible cloud storage. ### [Requirements](https://storj.dev/dcs/third-party-tools/veeam#requirements) * An active Storj account * A bucket for Veeam in your Storj instance. * An installation of Veeam. Important Note: Please be sure to use at least **4MB** as demonstrated in the Job Creation Wizard below. Download a [free trial](https://www.veeam.com/vm-backup-recovery-replication-software.html) of Veeam or [create a Veeam account](https://www.veeam.com/signin.html?client_id=my-veeam-com) . * * * ### [Create an Account](https://storj.dev/dcs/third-party-tools/veeam#create-an-account) To begin, you will need to create a Storj account. Navigate to [https://www.storj.io/signup?partner=veeam](https://www.storj.io/signup?partner=veeam)  to sign up, or log in [https://storj.io/login](https://storj.io/login) if you already have an account. ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/veeam#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1. Navigate to **Browse** on the left side menu. 2. Click on the **New Bucket** button. 3. Assign the bucket an easily identifiable name, such as "my-bucket". 4. Optional: Enable Object Lock (required for immutability in many applications). * If you enable Object Lock, you can also set a default retention period using either Governance or Compliance Mode 5. Optional: Enable Object Versioning (note that this will be enabled by default if Object Lock is enabled) 6. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/veeam#generate-s3-credentials) Storj has an Amazon [S3 compatible API](https://storj.dev/dcs/api/s3/s3-compatibility) and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj console: 1. Navigate to **Access Keys** on the left side menu. 2. Click the **New Access Key** button. 3. When the New Access dialog comes up, set specifications according to the following guidelines: * **Name:** The name of the credentials (e.g. my-access) * **Type:** S3 Credentials 4. Choose **Full Access** or **Advanced** * In most cases, you DO NOT want to choose full access. 5. Provide Access encryption Information If you have opted out of [Storj-managed passphrases](https://storj.dev/learn/concepts/encryption-key/storj-vs-user-managed-encryption) for the project you must unlock the bucket with your passphrase. In order to see the data uploaded to your bucket in the Storj console, you must unlock the bucket with the same encryption passphrase as the credentials. * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase 6. Select the permissions you want to allow: * Read * Write * List * Delete 7. Select the object lock permissions you want to allow * PutObjectRetention * GetObjectRetention * BypassGovernanceRetention * PutObjectLegalHold * GetObjectLegalHold * PutObjectLockConfiguration * GetObjectLockConfiguration 8. Choose the buckets you want the access to include: * All Buckets * Select Buckets 9. Set an expiration 10. Click **Create Access** to finish creation of your S3 credentials 11. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. ### [Object Lock Permission Details](https://storj.dev/dcs/third-party-tools/veeam#object-lock-permission-details) | Permission Name | Description | | --- | --- | | PutObjectRetention | Allows you to set retention policies, protecting objects from deletion or modification until the retention period expires. | | GetObjectRetention | Allows you to view the retention settings of objects, helping ensure compliance with retention policies. | | BypassGovernanceRetention | Allows you to bypass governance-mode retention, enabling deletion of objects before the retention period ends. | | PutObjectLegalHold | Allows you to place a legal hold on objects, preventing deletion or modification regardless of retention policies. | | GetObjectLegalHold | Allows you to view the legal hold status of objects, which is useful for auditing and compliance purposes. | | PutObjectLockConfiguration | Allows you to set retention policies on the specified bucket, automatically applying them to every new object added to that bucket. | | GetObjectLockConfiguration | Allows you to view the default retention policies configured for the specified bucket. | * * * [Connecting Veeam to Storj](https://storj.dev/dcs/third-party-tools/veeam#connecting-veeam-to-storj) ----------------------------------------------------------------------------------------------------- ### [Repository Configuration](https://storj.dev/dcs/third-party-tools/veeam#repository-configuration) Storj backup is integrated with Veeam using Veeam's **New Object Repository** wizard. Follow the steps below to complete the integration: #### [Launch the **New Object Repository** wizard](https://storj.dev/dcs/third-party-tools/veeam#launch-the-wizard) 1. Open the **Backup Infrastructure** view. 2. In the inventory pane select the **Backup Repositories** node and click **Add Repository** on the ribbon. 3. In the **Add Backup Repository** dialog, select **Object Storage > S3 Compatible**. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MMbsPEmATTdZ81_JyAe92_news3storagesplash.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/MMbsPEmATTdZ81_JyAe92_news3storagesplash.png) #### [Name Object Storage Repository](https://storj.dev/dcs/third-party-tools/veeam#name-object-storage-repository) 1. At the **Name** step of the wizard, specify a name and description for the object storage repository. In the **Name** field, specify a name for the new object storage repository, such as **Storj.** 2. In the **Description** field, enter an optional description. 3. To change the maximum number of tasks that can be processed at once, select the **Limit concurrent tasks to N** check box. In some instances, there may be a benefit to creating a **S3ConcurrentTaskLimit** (DWORD) registry value under the `HKLM\SOFTWARE\Veeam\Veeam Backup and Replication` key on the backup server. This changes the maximum number of TCP connections used by each Veeam task to upload data to any S3 compatible storage. Without this registry value present, the default number of TCP connections used by Veeam is 64. Setting a value higher than 64 can increase throughput backing up (offloading) to Storj. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/XLfq1ljqWaRGqlyKujk7K_s3repository.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/XLfq1ljqWaRGqlyKujk7K_s3repository.png) 1. Select **Next**. #### [Manage Cloud Credentials](https://storj.dev/dcs/third-party-tools/veeam#manage-cloud-credentials) 1. At the **Account** step of the wizard, add the object storage account created in the previous section. Here you will need the S3 credentials created in Storj to specify the connection settings: 2. In the **Service point** field, specify an endpoint address of your S3 Compatible object storage. This will be the endpoint from the S3 credentials that you downloaded, and should be the following or similar: **https://gateway.storjshare.io** 3. In the **Region** field, enter **storj**. 4. To add the Storj credentials, selecy the **Add...** button next to the **Credentials** drop-down list. Enter the access key and session key in their corresponding fields. Add an optional description in the **Description** field, if desired. You can also click the **Manage cloud accounts** link to add, edit, or remove a credentials record. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PSB-9XpGQgOYkyM-rMD4l_awsaccount.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PSB-9XpGQgOYkyM-rMD4l_awsaccount.png) 5. Note the **Use the following gateway server** check box. If selected without a server specified, by default the role of a gateway server is assigned to the machine where Veeam is installed. For more information on considerations and limitations for using a gateway server, see [Considerations and Limitations](https://helpcenter.veeam.com/docs/backup/vsphere/object_storage_repository_cal.html) on the Veeam website. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Nm_ozkSpgKbrppfRK5G_v_archiverepositorys3c.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Nm_ozkSpgKbrppfRK5G_v_archiverepositorys3c.png) 6. Select **Next**. #### [Specify the bucket settings](https://storj.dev/dcs/third-party-tools/veeam#specify-the-bucket-settings) 1. From the **Bucket** drop-down list, select the bucket name created earlier. 2. In the **Select Folder** field, select **Browse** and find the cloud folder in your bucket to map your object storage repository, if it already exists. If not, you can select **New Folder** to make a new one. 3. If desired, select the **Limit object storage consumption to** check box to define a soft limit that can be exceeded temporarily for your object storage consumption. Enter a limit value in terabytes or petabytes. 4. If desired, select the **Make recent backups immutable for** check box to define a retention period. Enter a retention period in days. **Immutability Requirements** Veeam's immutability setting uses S3-Compatible Object Lock. For more information and instructions on setting up your bucket with Object Lock, please refer to our documentation here: [Object Lock](https://storj.dev/dcs/buckets/object-lock) . [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YOE-le-vX4D0wfn7tnrey_archiverepositorys3cbucket.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/YOE-le-vX4D0wfn7tnrey_archiverepositorys3cbucket.png) 5. Select **Next**. #### [Review the credentials and selections](https://storj.dev/dcs/third-party-tools/veeam#review-the-credentials-and-selections) 1. Review the information in the **Summary** window. Go back and make any necessary edits using the **Previous** button. 2. Select **Finish** and exit the wizard. ### [Job Configuration](https://storj.dev/dcs/third-party-tools/veeam#job-configuration) Use the New **Backup Job wizard** to configure the backup job. Follow the steps below to complete the integration. This is an important step to optimize cost and performance of your backups. For more detail please see the following [Object Storage Considerations Veeam.](https://community.veeam.com/blogs-and-podcasts-57/sobr-veeam-capacity-tier-calculations-and-considerations-in-v11-2548) 1. Launch the New Object Repository wizard: 2. Work your way though the configuration and open **Advanced** on the [Storage Selection Step](https://helpcenter.veeam.com/docs/backup/vsphere/backup_job_storage_vm.html) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/veeam1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/veeam1.png) 3. Upon opening Advanced - Storage, you will be presented with the option of selecting Storage Optimization. Veeam recommends the default of 1MB because increasing the block size can result in larger incremental backups. However, Storj's recommended setting for object storage is **4MB**. Using larger block sizes provides better backup and restore times. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/veeam_advanced_settings.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/veeam_advanced_settings.png) Previous [Unitrends](https://storj.dev/dcs/third-party-tools/unitrends) Next [WordPress backup with UpdraftPlus](https://storj.dev/dcs/third-party-tools/wordpress-site-with-updraftplus) --- # Connecting s3fs to Storj - Storj Docs [Prerequisites](https://storj.dev/dcs/third-party-tools/s3fs#prerequisites) ---------------------------------------------------------------------------- * S3 compatible credentials (see [Getting started](https://storj.dev/dcs/getting-started) ). [Install s3fs](https://storj.dev/dcs/third-party-tools/s3fs#install-s3fs) -------------------------------------------------------------------------- See [https://github.com/s3fs-fuse/s3fs-fuse](https://github.com/s3fs-fuse/s3fs-fuse#installation) for installation instructions for your OS. [Configure s3fs to use Storj S3 Gateway](https://storj.dev/dcs/third-party-tools/s3fs#configure-s3fs-to-use-storj-s3-gateway) ------------------------------------------------------------------------------------------------------------------------------ You can use either [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) or [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . You only need S3 compatible credentials and endpoint. [Create the credentials file](https://storj.dev/dcs/third-party-tools/s3fs#create-the-credentials-file) -------------------------------------------------------------------------------------------------------- Please substitute your own **Access Key ID** instead of `ACCESS_KEY_ID` and your own **Secret Access Key** instead of `SECRET_ACCESS_KEY` in the example below: echo ACCESS_KEY_ID:SECRET_ACCESS_KEY > ${HOME}/.passwd-s3fschmod 600 ${HOME}/.passwd-s3fs echo ACCESS_KEY_ID:SECRET_ACCESS_KEY > ${HOME}/.passwd-s3fschmod 600 ${HOME}/.passwd-s3fs CopyCopied! ### [Create a bucket](https://storj.dev/dcs/third-party-tools/s3fs#create-a-bucket) First you will want to [create a bucket](https://storj.dev/dcs/buckets/create-buckets) . [Mount a bucket to the folder](https://storj.dev/dcs/third-party-tools/s3fs#mount-a-bucket-to-the-folder) ---------------------------------------------------------------------------------------------------------- Create a folder: sudo mkdir /mnt/my-bucketsudo chown myuser /mnt/my-bucket sudo mkdir /mnt/my-bucketsudo chown myuser /mnt/my-bucket CopyCopied! Mount a bucket to the folder. We will assume that you created a bucket `my-bucket` earlier. We will use the endpoint `https://gateway.storjshare.io` here, as this will [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) automatically. If you use the [Self-hosted S3 Compatible Gateway](https://storj.dev/learn/self-host/gateway-st) , then the endpoint could be `http://localhost:7777` (depends on your configuration and infrastructure). s3fs my-bucket /mnt/my-bucket -o passwd_file=${HOME}/.passwd-s3fs -o url=https://gateway.storjshare.io -o use_path_request_style s3fs my-bucket /mnt/my-bucket -o passwd_file=${HOME}/.passwd-s3fs -o url=https://gateway.storjshare.io -o use_path_request_style CopyCopied! [Mount a bucket to the folder on boot](https://storj.dev/dcs/third-party-tools/s3fs#mount-a-bucket-to-the-folder-on-boot) -------------------------------------------------------------------------------------------------------------------------- You should make sure that the credentials file is available for the root on boot time. You can create it in the `/etc/` folder: echo ACCESS_KEY_ID:SECRET_ACCESS_KEY | sudo tee /etc/passwd-s3fssudo chmod 0640 /etc/passwd-s3fs echo ACCESS_KEY_ID:SECRET_ACCESS_KEY | sudo tee /etc/passwd-s3fssudo chmod 0640 /etc/passwd-s3fs CopyCopied! Then add the following to `/etc/fstab`: my-bucket /mnt/my-bucket fuse.s3fs _netdev,allow_other,use_path_request_style,url=https://gateway.storjshare.io 0 0 my-bucket /mnt/my-bucket fuse.s3fs _netdev,allow_other,use_path_request_style,url=https://gateway.storjshare.io 0 0 CopyCopied! Check that it is working - The command: sudo mount -a sudo mount -a CopyCopied! should not return any error. Next, check that your Storj bucket is mounted: df -HT df -HT CopyCopied! Now you can use the mounted bucket almost as any folder. [See also](https://storj.dev/dcs/third-party-tools/s3fs#see-also) ------------------------------------------------------------------ We recommend having a look at [Rclone](https://storj.dev/dcs/third-party-tools/rclone) and its [`rclone mount` command](https://rclone.org/commands/rclone_mount/) as well. Please note - you can configure a native connector in rclone, (see: [Rclone Native Integration](https://storj.dev/dcs/third-party-tools/rclone/rclone-native) ) and use [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) , unlike [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) which uses[Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) to provide an S3-compatible protocol (the S3 protocol does not use client side encryption by design). Previous [S3 Browser](https://storj.dev/dcs/third-party-tools/s3-browser) Next [Signiant](https://storj.dev/dcs/third-party-tools/signiant) --- # Integrating Storj with Splunk Analytics - Storj Docs [Splunk](https://www.splunk.com/)  is a data analytics platform that provides data-driven insights across all aspects of a company. Visit [https://www.splunk.com/](https://www.splunk.com/) for more information. [Advantages of Splunk with Storj](https://storj.dev/dcs/third-party-tools/splunk#advantages-of-splunk-with-storj) ------------------------------------------------------------------------------------------------------------------ 1. Adds powerful features to your data storage. Monitor, analyze, and visualize data. 2. Access your data from anywhere thanks to Splunk's unified hybrid experience. [Integration](https://storj.dev/dcs/third-party-tools/splunk#integration) -------------------------------------------------------------------------- Integrating Splunk with Storj requires S3 credentials from Storj that will be added to the [indexes.conf](https://storj.dev/dcs/third-party-tools/splunk) in Splunk. Splunk Enterprise integrates with any S3-compatible cloud storage platform. To complete the integration, you will need: * A Storj account * An on-premises instance of Splunk Splunk is compatible with Windows, Mac, and Linux OS. To complete the integration, follow the steps below. * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/splunk#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://www.storj.io/signup?partner=splunk](https://www.storj.io/signup?partner=splunk)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/splunk#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/splunk#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Connecting Splunk to Storj](https://storj.dev/dcs/third-party-tools/splunk#connecting-splunk-to-storj) -------------------------------------------------------------------------------------------------------- To complete the integration, you will need the S3 credentials created in the previous steps and an instance of Splunk Enterprise on your local machine. ### [Splunk Access](https://storj.dev/dcs/third-party-tools/splunk#splunk-access) To get started with Splunk Enterprise, visit [https://www.splunk.com/en\_us/products/splunk-enterprise.html](https://www.splunk.com/en_us/products/splunk-enterprise.html) . Either request a free trial or contact the Splunk sales team. ### [Connect Storj remote storage](https://storj.dev/dcs/third-party-tools/splunk#connect-storj-remote-storage) 1\. To connect Storj remote storage to Splunk, add Storj volume information to indexes.conf. This is usually added at the top of the file. See Splunk's [indexes.conf](https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf#indexes.conf.spec) documentation for more details. Name this volume Storj and specify credentials underneath. * The access key, secret key, and endpoint are those generated in Storj in the previous steps of this tutorial. * For the `path` , use `s3://splunk/` . [volume:Storj]storageType = remotepath = s3://splunk/remote.s3.access_key = ACCESS_KEYremote.s3.secret_key = SECRET_KEYremote.s3.endpoint = https://gateway.storjshare.ioremote.s3.auth_region = global# If versioning is not being utilized add:# remote.s3.supports_versioning = false [volume:Storj]storageType = remotepath = s3://splunk/remote.s3.access_key = ACCESS_KEYremote.s3.secret_key = SECRET_KEYremote.s3.endpoint = https://gateway.storjshare.ioremote.s3.auth_region = global# If versioning is not being utilized add:# remote.s3.supports_versioning = false CopyCopied! 2\. Restart Splunk ### [Verify Connectivity](https://storj.dev/dcs/third-party-tools/splunk#verify-connectivity) 1\. Create a test file using the following command: echo "test" > test01.txt echo "test" > test01.txt CopyCopied! 2\. Use Splunk to attempt to push the test file into Storj using the Storj volume just created in Splunk: ./opt/splunk/bin/splunk cmd splunkd rfs -- ls --starts-with volume:Storj ./opt/splunk/bin/splunk cmd splunkd rfs -- ls --starts-with volume:Storj CopyCopied! 3\. You should see the file listed in the shell and in your Storj web UI. Size Name12B test01.txt Size Name12B test01.txt CopyCopied! ### [Add the remote storage to a provisioned index](https://storj.dev/dcs/third-party-tools/splunk#add-the-remote-storage-to-a-provisioned-index) 1\. In Splunk, create an index and name it something memorable such as "Storj". This is the index you will add the Storj volume to. 2\. Mount the Storj volume under the Storj index stanza in indexes.conf: [Storj] coldPath = $SPLUNK_DB/Storj/colddb enableDataIntegrityControl = 0 enableTsidxReduction = 0 homePath = $SPLUNK_DB/Storj/db maxTotalDataSizeMB = 512000 thawedPath = $SPLUNK_DB/Storj/thaweddb remotePath = volume:Storj/Storj hotlist_bloom_filter_recency_hours = 48 hotlist_recency_secs = 86400 [Storj] coldPath = $SPLUNK_DB/Storj/colddb enableDataIntegrityControl = 0 enableTsidxReduction = 0 homePath = $SPLUNK_DB/Storj/db maxTotalDataSizeMB = 512000 thawedPath = $SPLUNK_DB/Storj/thaweddb remotePath = volume:Storj/Storj hotlist_bloom_filter_recency_hours = 48 hotlist_recency_secs = 86400 CopyCopied! 3\. Restart Splunk ./opt/splunk/bin/splunk restart ./opt/splunk/bin/splunk restart CopyCopied! 4\. Force a data roll from hot to warm for testing purposes by performing an internal rest call. You will need to authenticate with your Splunk username and password. ./splunk _internal call /data/indexes/Storj/roll-hot-buckets –auth (admin_username):(admin_password) ./splunk _internal call /data/indexes/Storj/roll-hot-buckets –auth (admin_username):(admin_password) CopyCopied! Alternate call without credentials. You will still be prompted for credentials: ./opt/splunk/bin/splunk _internal call /data/indexes/Storj/roll-hot-buckets ./opt/splunk/bin/splunk _internal call /data/indexes/Storj/roll-hot-buckets CopyCopied! ### [Success!](https://storj.dev/dcs/third-party-tools/splunk#success) Once the bucket is rolled to warm, it will populate in its own folder within the Storj bucket. Smart Store has been fully enabled for the index. Smartstore allows many other items to be configured, please reference the following documentation for additional configuration options: * Indexes.conf [https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf](https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Indexesconf) * Smart Store [https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/ConfigureSmartStore](https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/ConfigureSmartStore) Previous [Signiant](https://storj.dev/dcs/third-party-tools/signiant) Next [Starfish](https://storj.dev/dcs/third-party-tools/starfish) --- # Guide for Integrating LucidLink Filespaces with Storj - Storj Docs [LucidLink](https://www.lucidlink.com/) Filespaces is a distributed global file system for object storage that performs like a local disk and provides seamless access to data stored in distant locations. LucidLink's cloud-native distributed file system allows many users to access it concurrently via a folder placed on the local client. The LucidLink cloud NAS provides access to large datasets through direct streaming, eliminating the need for downloading and synchronizing. [Advantages of Storj with Lucidlink](https://storj.dev/dcs/third-party-tools/lucidlink#advantages-of-storj-with-lucidlink) --------------------------------------------------------------------------------------------------------------------------- Using Storj with LucidLink provides resilient cloud object storage with blazing performance and zero-trust security. This integration ensures: 1. **Fast performance that simulates disk storage**: LucidLink enables unparalleled performance with object storage where only the data bits required at the current time are streamed to and from the client and storage. 2. **Combined security features**: LucidLink provides a “Zero-Knowledge” [security model](https://www.lucidlink.com/wp-content/uploads/LucidLink-Security_Model.pdf)  that encrypts all the data starting in the local cache on the client, in-flight, and in the object storage itself—and only the customer has the encryption key. Storj encrypts your data as well. 3. **Access**: Allows multiple globally distributed users simultaneous access to data. [Integration](https://storj.dev/dcs/third-party-tools/lucidlink#integration) ----------------------------------------------------------------------------- This integration uses S3 credentials passed from Storj to LucidLink. You will need to set up a Storj account, create a Storj bucket for LucidLink, and generate S3 credentials for LucidLink. Then, you will need to create a Filespace on LucidLink using and initialize it with credentials created in Storj. ### [Software Requirements](https://storj.dev/dcs/third-party-tools/lucidlink#software-requirements) LucidLink integrates with any S3-compatible cloud storage platform, including Storj. To integrate LucidLink with Storj, you will need: * A Storj account. * [Login](https://storj.io/login) , if you already have an account, or sign up here [https://storj.io/signup?partner=lucidlink](https://storj.io/signup?partner=lucidlink) * A LucidLink account * The LucidLink desktop app LucidLink is available for Windows, MacOS, and Linux. Download LucidLink here: [https://www.lucidlink.com/download](https://www.lucidlink.com/download) Or sign up for a free trial of LucidLink here: [https://www.lucidlink.com/trial](https://www.lucidlink.com/trial) * * * ### [Create a Storj Account](https://storj.dev/dcs/third-party-tools/lucidlink#create-a-storj-account) To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup](https://storj.io/signup)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Create a Bucket](https://storj.dev/dcs/third-party-tools/lucidlink#create-a-bucket) Once you have your Storj account you can create a bucket for your data to be stored in. 1\. Navigate to “Buckets” on the left side menu. 2\. Click “New Bucket” on the top right. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/jbnQ38ynnrWl0jnO_j-E5_comet-backup-storj-2.png) 3\. Assign the bucket an easily identifiable name, such as "my-bucket". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/K65vHcrJtRq4S87jICtYx_screenshot-2023-03-09-at-110429-am.png) 4\. Click **Create bucket** ### [Generate S3 credentials](https://storj.dev/dcs/third-party-tools/lucidlink#generate-s3-credentials) Storj has an Amazon S3 compatible API and you'll need generate S3 credentials to use it. S3 credentials consist of an **access key**, **secret key**, and **endpoint**. Create S3 credentials in the Storj web console: 1\. Navigate to **Access** on the left side menu. 2\. Click **Create S3 Credentials** under the S3 Credentials block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/EZyAl8Wux2GOlyPd70HnI_screenshot-2023-03-09-at-110900-am.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** S3 Credentials * **Name:** The name of the credentials (e.g. my-access) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cv1Lirp-3-OueRk-YAR8u_image.png) 4\. Click **Continue** to provide permissions * **Permissions:** All * **Buckets:** Feel free to specify the bucket you created above (e.g. my-bucket), or leave as “All” * **End date**: provide an expiration date for these credentials (optional) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/gQ8jBHtvd5sFZFuAqth_h_image.png) 5\. Click **Continue** to provide Access encryption Information * **Use the current passphrase**: this is default option * **Advanced**: you may provide a different encryption phrase either your own or generate a new one. * **Enter a new passphrase**: use this option, if you would like to provide your own new encryption phrase * **Generate 12-word passphrase**: use this option, if you would like to generate a new encryption phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Uxn8zBqXQVmQvsswV3pJ2_image.png) In order to see the data uploaded to your bucket in the web console, you must unlock the bucket with the same encryption passphrase as the credentials. 6\. Click **Create Access** to finish creation of your S3 credentials [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zk2JE9Z6f3vk_R2cjpdqc_image.png) 7\. Click **Confirm** the Confirm details pop-up message 8\. Your S3 credentials are created. Write them down and store them, or click the **Download all** button. You will need these credentials for the following steps. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/xH5tgzVKXn-uK2hVfSo8e_image.png) * * * [Connect LucidLink to Storj](https://storj.dev/dcs/third-party-tools/lucidlink#connect-lucid-link-to-storj) ------------------------------------------------------------------------------------------------------------ To complete the integration, you will need the S3 credentials created in the previous steps, a LucidLink Filespace for Storj, and the LucidApp on your local machine. ### [LucidLink Access](https://storj.dev/dcs/third-party-tools/lucidlink#lucid-link-access) To sign in to your LucidLink account, visit [https://www.lucidlink.com/webportal/login](https://www.lucidlink.com/webportal/login) or visit [https://www.lucidlink.com/](https://www.lucidlink.com/) and click "Sign in". Otherwise, create an account. Signing in takes you to the LucidLink web portal, where you will create your domain and Filespace. ### [Create a Domain](https://storj.dev/dcs/third-party-tools/lucidlink#create-a-domain) When you initially log in to LucidLink, you will be prompted to name your domain. Your domain is where you will create Filespaces. In this case, we have named our domain "storjdemo". ### [Create a LucidLink Filespace](https://storj.dev/dcs/third-party-tools/lucidlink#create-a-lucid-link-filespace) 1\. From the webportal, click on the "Create New Filespace" card. 2\. Choose the "Custom Filespace" plan to add your own cloud storage. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/aX7UqSXK4j8ASD-LM67yW_01home.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/aX7UqSXK4j8ASD-LM67yW_01home.png) 3\. Choose the "Custom Filespace" option to use your own cloud storage. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/diNf1NhPIcuGyLYlF6gq1_001filespace.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/diNf1NhPIcuGyLYlF6gq1_001filespace.png) 4\. Choose a Filespace name. In this case, we will use "storj". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/a7OoUv56oD2pMUOptcVIl_03filespacename.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/a7OoUv56oD2pMUOptcVIl_03filespacename.png) 5\. On the "Choose Your Provider" screen, scroll down to "Other Cloud" and select that option. 6\. Enter the endpoint URL that you saved from your S3 credentials in the "Endpoint URL" field. In this case, our endpoint is **https://gateway.storjshare.io**. 7\. If desired, set your region under the "Region name" field. This is not required. 8\. If desired, check "Configure advanced settings" at the bottom of the page before clicking "Continue". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JvZmx8eldEen7okLe2Py8_endpoint.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/JvZmx8eldEen7okLe2Py8_endpoint.png) 9\. On the Advanced Settings page, enter the bucket name that you created in Storj. In this instance, the bucket is "lucidlink-bucket". 10\. It is recommended to set the block size to **at least 2MB** for optimal data stream quality. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/_UNPS7Kq_nfEidJ3xFVU5_00026bucket.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/_UNPS7Kq_nfEidJ3xFVU5_00026bucket.png) 12\. Review and confirm the details of your Filespace before clicking "Create" at the bottom of the page. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hpfpo2p9zlbmR5WqcF0P4_00027review.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/hpfpo2p9zlbmR5WqcF0P4_00027review.png) 13\. LucidLink will redirect you to your dashboard while it sets up your Filespace. Once the Filespace is set up, you will have to initialize it. Follow the steps below to initialize your Filespace. ### [Initialize your Filespace](https://storj.dev/dcs/third-party-tools/lucidlink#initialize-your-filespace) Initializing your Filespace must be completed through the LucidLink client, which you can download from the Lucidlink website. You will be prompted for your S3 credentials and required to set a root password during initialization. 1\. Click "Initialize" on your new Filespace. 2\. Read through the pop-up window detailing the instructions for initializing your Filespace. 1. At the top is a link to download the LucidLink client. If you have not already downloaded it, click on the link, or visit [https://www.lucidlink.com/download](https://www.lucidlink.com/download) . 2. If you have already downloaded the LucidLink client (LucidApp), click "Launch the desktop client" at the bottom of the window. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9n306OD79T4a77FeLPhzF_00035instructions.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/9n306OD79T4a77FeLPhzF_00035instructions.png) 3\. Once the LucidApp has launched, add your saved **access key** and \*\*secret key \*\*created in Storj into the "Access Key" and "Secret Key" fields, respectively. Click "Next". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8O3vgxGkeWFux51kKXmrT_00036pass.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8O3vgxGkeWFux51kKXmrT_00036pass.png) 4\. Create a root password. Make sure to save this password because it cannot be recovered. Check the "Remember password" box at the bottom of the screen if you wish to store your password. Then click "Initialize". [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/vWdcZ6p9gNEyfCTcmrRJX_00037password.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/vWdcZ6p9gNEyfCTcmrRJX_00037password.png) ### [Initializing a Filespace From the Command Line](https://storj.dev/dcs/third-party-tools/lucidlink#initializing-a-filespace-from-the-command-line) Initializing the Filespace from the command line allows you more options in configuring the initialization. The command takes the following general format: lucid init-s3 --fs --password --https --endpoint storage.googleapis.com --region --access-key --secret-key --bucket-name --provider lucid init-s3 --fs --password --https --endpoint storage.googleapis.com --region --access-key --secret-key --bucket-name --provider CopyCopied! With our credentails in this example, we would have the following command: lucid init-s3 --fs --password --https --endpoint us1.storj.io/ --region --access-key --secret-key --bucket-name --provider Storj lucid init-s3 --fs --password --https --endpoint us1.storj.io/ --region --access-key --secret-key --bucket-name --provider Storj CopyCopied! For more information on using the command line with LucidLink, see the following guide: [https://support.lucidlink.com/hc/en-us/articles/5778797132557](https://support.lucidlink.com/hc/en-us/articles/5778797132557) [Success!](https://storj.dev/dcs/third-party-tools/lucidlink#success) ---------------------------------------------------------------------- [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8Snm14NljluKExsW2ZFZ__0004folder.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/8Snm14NljluKExsW2ZFZ__0004folder.png) Previous [Livepeer](https://storj.dev/dcs/third-party-tools/livepeer) Next [Mastodon](https://storj.dev/dcs/third-party-tools/mastodon) --- # Workshop - Global Video Content Delivery with Storj and Livepeer - Storj Docs Learn to build a completely decentralized, **fast** video content delivery service. With over tens of thousands of Storj nodes around the world, see how simple it can be to remove your reliance on centralized providers. Gain a solid understanding of the steps required to host video files from Storj (an object storage provider) and transcode them with the Livepeer API. First we'll set up a Storj and Livepeer account, then we'll transcode and view videos completely with decentralized technology! [Storj Account](https://storj.dev/dcs/third-party-tools/livepeer#storj-account) -------------------------------------------------------------------------------- [Create a Storj Account](https://storj.dev/dcs/third-party-tools/livepeer#create-a-storj-account) -------------------------------------------------------------------------------------------------- To begin, you will need to create a Storj account. If you already an account, go to [https://storj.io/login](https://storj.io/login) . Navigate to [https://storj.io/signup](https://storj.io/signup)  to sign up. Enter your full name, email address, and a password, as shown below: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/x1VMINrRdadrVk5vLXIBT_capture.PNG) ### [Install uplink](https://storj.dev/dcs/third-party-tools/livepeer#install-uplink) Storj has [S3 compatibility](https://storj.dev/dcs/getting-started) that can be used familiar tools such aws-cli, but it has some limitations such that it uses a gateway to communicate to the global network. In order to communicate directly with Storage Nodes we'll be using Storj's `uplink` tool. Run the following to install uplink: Linux AMD64 curl -L https://github.com/storj/storj/releases/latest/download/uplink_linux_amd64.zip -o uplink_linux_amd64.zipunzip -o uplink_linux_amd64.zipsudo install uplink /usr/local/bin/uplink curl -L https://github.com/storj/storj/releases/latest/download/uplink_linux_amd64.zip -o uplink_linux_amd64.zipunzip -o uplink_linux_amd64.zipsudo install uplink /usr/local/bin/uplink CopyCopied! For different uplink binaries see [Download and Installation](https://storj.dev/dcs/api/uplink-cli/installation) ### [Create Access Grant](https://storj.dev/dcs/third-party-tools/livepeer#create-access-grant) Next you'll need to generate an access grant to be able to use uplink. Create an Access Grant in the Storj web console: 1. Navigate to “Access” on the left side menu 2. Click “Create Access Grant” under the Access Grant block. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zSzwufHPzUnaoHThKccBx_screenshot-2023-02-28-at-20538-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/zSzwufHPzUnaoHThKccBx_screenshot-2023-02-28-at-20538-pm.png) 3\. When the Create Access screen comes up, set specifications according to the following guidelines: * **Type:** Access Grant * **Name:** The name of the credentials (e.g. My Access Grant) * **Permissions:** All * **Buckets:** Feel free to limit the grant to a specific bucket or leave as “All” [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/d49yH5Krbqdh6Sd-vA8k1_screenshot-2023-02-28-at-20757-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/d49yH5Krbqdh6Sd-vA8k1_screenshot-2023-02-28-at-20757-pm.png) 4\. Select "Encrypt My Access" 5\. Set an encryption passphrase and agree to the prompt Use the same encryption passphrase for the access grant as the one you used for the web console in order to view your files in both places 6\. Run the setup command uplink setup uplink setup CopyCopied! 7\. Copy the access grant from the web console and paste it into the uplink prompt [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DprSGo1J0M5JVqqTqkLnK_screenshot-2023-02-28-at-21135-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/DprSGo1J0M5JVqqTqkLnK_screenshot-2023-02-28-at-21135-pm.png) ### [Create a bucket](https://storj.dev/dcs/third-party-tools/livepeer#create-a-bucket) Once you have your Storj account and uplink configured, you create a Storj bucket which will hold the input and output files for the Livepeer transcoder. Use `uplink mb` to create a bucket called `livepeer` uplink mb sj://livepeer uplink mb sj://livepeer CopyCopied! Download a video file to upload to your newly created bucket. You can use [this one](https://link.storjshare.io/s/jxztgqgoyipublszkwo4e2gg5n4a/livepeer/global-upload.mp4) . wget https://link.storjshare.io/raw/jxztgqgoyipublszkwo4e2gg5n4a/livepeer/global-upload.mp4 wget https://link.storjshare.io/raw/jxztgqgoyipublszkwo4e2gg5n4a/livepeer/global-upload.mp4 CopyCopied! Upload the video to be used as a source file in the transcoder later. uplink cp global-upload.mp4 sj://livepeer/ uplink cp global-upload.mp4 sj://livepeer/ CopyCopied! Finally, create S3 compatible credentials. uplink share --register --readonly=false --not-after=none sj://livepeer uplink share --register --readonly=false --not-after=none sj://livepeer CopyCopied! The output will print the `Access Key ID` and Secret Key that will be used in the `livepeer-req` script below. [Livepeer Account](https://storj.dev/dcs/third-party-tools/livepeer#livepeer-account) -------------------------------------------------------------------------------------- Complete the [Livepeer quickstart guide](https://docs.livepeer.org/guides/developing/quickstart) to get a Livepeer API key to use in the `livepeer-req` script below. [Transcode video files to a desired format and resolution](https://storj.dev/dcs/third-party-tools/livepeer#transcode-video-files-to-a-desired-format-and-resolution) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Copy the shell script below into a file called `livepeer-req`. #!/bin/bashLIVEPEER_API_KEY=""STORJ_ACCESS_KEY_ID=""STORJ_SECRET_ACCESS_KEY=""curl --location --request POST 'https://livepeer.studio/api/transcode' \--header "Authorization: Bearer $LIVEPEER_API_KEY" \--header 'Content-Type: application/json' \--data-raw '{ "input": { "type": "s3", "endpoint": "https://gateway.storjshare.io", "credentials": { "accessKeyId": "'"$STORJ_ACCESS_KEY_ID"'", "secretAccessKey": "'"$STORJ_SECRET_ACCESS_KEY"'" }, "bucket": "livepeer", "path": "/global-upload.mp4" }, "storage": { "type": "s3", "endpoint": "https://gateway.storjshare.io", "credentials": { "accessKeyId": "'"$STORJ_ACCESS_KEY_ID"'", "secretAccessKey": "'"$STORJ_SECRET_ACCESS_KEY"'" }, "bucket": "livepeer" }, "outputs": { "hls": { "path": "/resized/hls" } }, "profiles": [ { "name": "480p0", "fps": 24000, "fpsDen": 1001, "bitrate": 1600000, "width": 854, "height": 480, "gop": "2.0", "profile": "H264High" }, { "name": "720p0", "fps": 0, "bitrate": 3000000, "width": 1280, "height": 720, "gop": "2.0", "profile": "H264ConstrainedHigh" }]}' #!/bin/bashLIVEPEER_API_KEY=""STORJ_ACCESS_KEY_ID=""STORJ_SECRET_ACCESS_KEY=""curl --location --request POST 'https://livepeer.studio/api/transcode' \--header "Authorization: Bearer $LIVEPEER_API_KEY" \--header 'Content-Type: application/json' \--data-raw '{ "input": { "type": "s3", "endpoint": "https://gateway.storjshare.io", "credentials": { "accessKeyId": "'"$STORJ_ACCESS_KEY_ID"'", "secretAccessKey": "'"$STORJ_SECRET_ACCESS_KEY"'" }, "bucket": "livepeer", "path": "/global-upload.mp4" }, "storage": { "type": "s3", "endpoint": "https://gateway.storjshare.io", "credentials": { "accessKeyId": "'"$STORJ_ACCESS_KEY_ID"'", "secretAccessKey": "'"$STORJ_SECRET_ACCESS_KEY"'" }, "bucket": "livepeer" }, "outputs": { "hls": { "path": "/resized/hls" } }, "profiles": [ { "name": "480p0", "fps": 24000, "fpsDen": 1001, "bitrate": 1600000, "width": 854, "height": 480, "gop": "2.0", "profile": "H264High" }, { "name": "720p0", "fps": 0, "bitrate": 3000000, "width": 1280, "height": 720, "gop": "2.0", "profile": "H264ConstrainedHigh" }]}' CopyCopied! In the `livepeer-req`, populate `LIVEPEER_API_KEY`, `STORJ_ACCESS_KEY_ID`, and `STORJ_SECRET_ACCESS_KEY` with the access credentials from each platform. Notice the livepeer API takes a json object with the following keys: `input` has been set to read the `global-upload.mp4` video file and `livepeer` bucket created earlier. `storage` is where the transcoded file will be uploaded to `outputs` specifies the output path of `resized/hls` `profiles` are options for the transcoded which is set to make a 480p and 720p video Next you'll want to run your `livepeer-req` script to start the transcoding process. chmod +x livepeer-req./livepeer-req chmod +x livepeer-req./livepeer-req CopyCopied! It usually takes 1 to 3 minutes before your transcoded videos show output directory of `/resized/hls` Livepeer will upload transcoded files as it goes. You can check on the progress by running `uplink ls` uplink ls sj://livepeer/resized/hls uplink ls sj://livepeer/resized/hls CopyCopied! [View video files](https://storj.dev/dcs/third-party-tools/livepeer#view-video-files) -------------------------------------------------------------------------------------- Storj doesn’t have the same sort of concept of public buckets that S3 has. We support public access, but it’s able to be more fine-grained than at the bucket level with link sharing. Generating a `LINKSHARINGKEY` will make a certain path of the bucket public (anyone with the link can see the file). Let's make the `resized` directory public so we can easily see the videos by running the following: uplink share --url --public --readonly=true --disallow-lists --not-after=none sj://livepeer/resized uplink share --url --public --readonly=true --disallow-lists --not-after=none sj://livepeer/resized CopyCopied! You’ll get a Browser URL, but the URL is not quite right. It will be of the form `https://link.storjshare.io/s/LINKSHARINGKEY/livepeer/`. To make the content embeddable, swap the `/s/` for `/raw/`. Livepeer transcoded the source video file to `hls` video files which means that in order to play the video, we'll need to find the `index.m3u8` and pass it to a compatible video player. We'll use the Livepeer player (`lvpr.tv`) to view the `index480p0.m3u8` video. Replace the `LINKSHARINGKEY` in the url below, and you'll be able to see your transcoded video! `lvpr.tv/?url=https://link.storjshare.io/raw/LINKSHARINGKEY/livepeer/resized/hls/index480p0.m3u8` Previous [LINSTOR](https://storj.dev/dcs/third-party-tools/linstor) Next [LucidLink Filespace](https://storj.dev/dcs/third-party-tools/lucidlink) --- # Can Storj use a different blockchain for payments? - Storj Docs Currently, none of the blockchains really solve the issue of high transaction costs. While there is a small user base, transaction fees on any blockchain may be low, but once they become more popular, they will face the same issue of scaling. There is a lot of discussion about how to address high fees for Layer 1 transactions on the Ethereum blockchain, which is currently one used by many popular projects. And for good reason. No other developer community can match ETH, which comes with a lot of upsides. Storj is committed to the Ethereum platform to take advantage of its many opportunities and great developer community. Switching blockchains would either mean you end up on a less popular blockchain which makes it less secure, and harder for customers and node operators to use as it would most likely be relying on a less active developer community. Or you may get lucky and pick the blockchain of the future, which will then be overloaded and most likely, eventually run into the exact same scaling issues. The Ethereum roadmap actually has a lot of promising developments to alleviate the scaling issues it’s facing now, zk-rollups being one of them. Right now the best approach is to use a Layer 2 solution like zkSync instead of taking a gamble on a less proven blockchain. Our project already experienced moving blockchains in the past, where we migrated the Counterparty based SJCX token (running on the Bitcoin blockchain) to the STORJ ERC-20 token on the Ethereum blockchain at the time when Bitcoin had run into scaling issues making Counterparty token transactions very expensive to send. While initially the move alleviated the issue with transaction fees, now the Ethereum blockchain is experiencing the same scaling issues and high fees. So, the best approach is to use a Layer 2 solution like Rollups ([zkSync](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) in particular), until Ethereum releases version 2.0 to further address scaling issues. Thanks to René Smeekes (@BrightSilence) for summarizing all reasons in one [post](https://forum.storj.io/t/move-storj-to-the-xrpl-for-faster-payouts/13404/8?u=alexey) . Previous [Audits by satellite](https://storj.dev/node/faq/audits-by-satellite) Next [Can we use an exchange as a wallet for STORJ tokens?](https://storj.dev/node/faq/can-we-use-an-exchange-as-a-wallet-for-storj-tokens) --- # Configure Rclone Natively - Storj Docs [Selecting an Integration Pattern](https://storj.dev/dcs/third-party-tools/rclone/rclone-native#selecting-an-integration-pattern) ---------------------------------------------------------------------------------------------------------------------------------- Use our native Rclone integration to take advantage of client-side encryption, and to achieve the best possible download performance. Note that uploads will be erasure-coded locally [Design Decision - End-to-end Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-end-to-end-encryption) ; thus, uploading a 1GB file will result in 2.68GB uploaded data out of your network (to storage nodes across the network). Use this pattern (native integration) for: * The strongest security * The best download speeds Alternatively, you can use the [S3 compatible integration](https://storj.dev/dcs/api/s3/s3-compatibility) with Rclone to increase upload performance and reduce the load on your systems and network. [Setup](https://storj.dev/dcs/third-party-tools/rclone/rclone-native#setup) ---------------------------------------------------------------------------- First, [download rclone](https://rclone.org/downloads/) and extract the rclone binary onto your system. Execute the config command to setup a new Storj "remote" configuration: rclone config rclone config CopyCopied! A text-based menu will prompt. Type `n` and hit `Enter` to create a new remote configuration. e) Edit existing remoten) New remoted) Delete remoter) Rename remotec) Copy remotes) Set configuration passwordq) Quit confige/n/d/r/c/s/q> n e) Edit existing remoten) New remoted) Delete remoter) Rename remotec) Copy remotes) Set configuration passwordq) Quit confige/n/d/r/c/s/q> n CopyCopied! Enter a name for the new remote configuration, e.g., `waterbear`. name> waterbearOption Storage.Type of storage to configure.Choose a number from below, or type in your own value. name> waterbearOption Storage.Type of storage to configure.Choose a number from below, or type in your own value. CopyCopied! A long list of supported storage backends will prompt. Enter `storj` and hit `Enter`. Option Storage.Type of storage to configure.Choose a number from below, or type in your own value....41 / Storj Decentralized Cloud Storage \ (storj)...Storage> storj Option Storage.Type of storage to configure.Choose a number from below, or type in your own value....41 / Storj Decentralized Cloud Storage \ (storj)...Storage> storj CopyCopied! Choose your authentication method: existing access grant or new access grant from [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) (access token). Storage> storjOption provider.Choose an authentication method.Choose a number from below, or type in your own string value.Press Enter for the default (existing). 1 / Use an existing access grant. \ (existing) 2 / Create a new access grant from satellite address, API key, and passphrase. \ (new)provider> Storage> storjOption provider.Choose an authentication method.Choose a number from below, or type in your own string value.Press Enter for the default (existing). 1 / Use an existing access grant. \ (existing) 2 / Create a new access grant from satellite address, API key, and passphrase. \ (new)provider> CopyCopied! If you selected to authenticate with an existing access grant, enter the serialized access grant you have received by someone else. provider> 1Option access_grant.Access grant.Enter a value. Press Enter to leave empty.access_grant> 1cC...--------------------[waterbear]type = storjaccess_grant = 1cC...--------------------y) Yes this is OK (default)e) Edit this remoted) Delete this remotey/e/d> provider> 1Option access_grant.Access grant.Enter a value. Press Enter to leave empty.access_grant> 1cC...--------------------[waterbear]type = storjaccess_grant = 1cC...--------------------y) Yes this is OK (default)e) Edit this remoted) Delete this remotey/e/d> CopyCopied! If you selected to authenticate with a new access grant, first enter the satellite address by selecting one from the list or enter the address of a 3rd-party satellite. provider> 2Option satellite_address.Satellite address.Custom satellite address should match the format: `@
:`.Choose a number from below, or type in your own string value.Press Enter for the default (us-central-1.storj.io). 1 / US Central 1 \ (us-central-1.storj.io) 2 / Europe West 1 \ (europe-west-1.storj.io) 3 / Asia East 1 \ (asia-east-1.storj.io)satellite_address> provider> 2Option satellite_address.Satellite address.Custom satellite address should match the format: `@
:`.Choose a number from below, or type in your own string value.Press Enter for the default (us-central-1.storj.io). 1 / US Central 1 \ (us-central-1.storj.io) 2 / Europe West 1 \ (europe-west-1.storj.io) 3 / Asia East 1 \ (asia-east-1.storj.io)satellite_address> CopyCopied! If you enter a 3rd-party satellite, the address must also include the node ID of the satellite. This is required to establish a secure connection with the satellite. The second step of creating a new access grant is to enter your generated [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) . Option api_key.API key.Enter a value. Press Enter to leave empty.api_key> 1Cjfjf... Option api_key.API key.Enter a value. Press Enter to leave empty.api_key> 1Cjfjf... CopyCopied! The final step of creating a new access grant is to enter your encryption passphrase. Option passphrase.Encryption passphrase.To access existing objects enter passphrase used for uploading.Enter a value. Press Enter to leave empty.passphrase> your-secret-encryption-phrase Option passphrase.Encryption passphrase.To access existing objects enter passphrase used for uploading.Enter a value. Press Enter to leave empty.passphrase> your-secret-encryption-phrase CopyCopied! The passphrase is used for encrypting and decrypting the data stored on Storj (formerly known as Tardigrade). If you have any data previously uploaded to this project, you must enter the same passphrase in order to download it successfully. A summary of the remote configuration will prompt. Type `y`and hit `Enter` to confirm it. [waterbear]type = storjsatellite_address = 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6@asia-east-1.tardigrade.io:7777api_key = 1Cjfjf...passphrase = your-secret-encryption-phraseaccess_grant = 1E1F...--------------------y) Yes this is OK (default)e) Edit this remoted) Delete this remotey/e/d> y [waterbear]type = storjsatellite_address = 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6@asia-east-1.tardigrade.io:7777api_key = 1Cjfjf...passphrase = your-secret-encryption-phraseaccess_grant = 1E1F...--------------------y) Yes this is OK (default)e) Edit this remoted) Delete this remotey/e/d> y CopyCopied! Now you should see one remote configuration available. Enter `q` and hit `Enter` to quit the configuration wizard. Current remotes:Name Type==== ====waterbear storje) Edit existing remoten) New remoted) Delete remoter) Rename remotec) Copy remotes) Set configuration passwordq) Quit confige/n/d/r/c/s/q> q Current remotes:Name Type==== ====waterbear storje) Edit existing remoten) New remoted) Delete remoter) Rename remotec) Copy remotes) Set configuration passwordq) Quit confige/n/d/r/c/s/q> q CopyCopied! For a listing of Rclone commands for general use, see [Rclone Commands](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3) . Previous [Rclone Commands](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3) Next [Restic](https://storj.dev/dcs/third-party-tools/restic) --- # Audits by satellite - Storj Docs [Docker version (bash)](https://storj.dev/node/faq/audits-by-satellite#docker-version-bash) -------------------------------------------------------------------------------------------- for sat in `docker exec -i storagenode wget -qO - localhost:14002/api/sno | jq .satellites[].id -r`; do docker exec -i storagenode wget -qO - localhost:14002/api/sno/satellite/$sat | jq .id,.audits; done for sat in `docker exec -i storagenode wget -qO - localhost:14002/api/sno | jq .satellites[].id -r`; do docker exec -i storagenode wget -qO - localhost:14002/api/sno/satellite/$sat | jq .id,.audits; done CopyCopied! [Docker version (Powershell)](https://storj.dev/node/faq/audits-by-satellite#docker-version-powershell) -------------------------------------------------------------------------------------------------------- (docker exec -i storagenode wget -qO - localhost:14002/api/sno | ConvertFrom-Json).satellites.id | %{"$_"; (docker exec -i storagenode wget -qO - localhost:14002/api/sno/satellite/$_ | ConvertFrom-Json).audits} (docker exec -i storagenode wget -qO - localhost:14002/api/sno | ConvertFrom-Json).satellites.id | %{"$_"; (docker exec -i storagenode wget -qO - localhost:14002/api/sno/satellite/$_ | ConvertFrom-Json).audits} CopyCopied! [Dashboard is port mapped (bash)](https://storj.dev/node/faq/audits-by-satellite#dashboard-is-port-mapped-bash) ---------------------------------------------------------------------------------------------------------------- for sat in `wget -qO - localhost:14002/api/sno | jq .satellites[].id -r`; do wget -qO - localhost:14002/api/sno/satellite/$sat | jq .id,.audits; done for sat in `wget -qO - localhost:14002/api/sno | jq .satellites[].id -r`; do wget -qO - localhost:14002/api/sno/satellite/$sat | jq .id,.audits; done CopyCopied! [Dashboard is port mapped or Windows GUI (Powershell)](https://storj.dev/node/faq/audits-by-satellite#dashboard-is-port-mapped-or-windows-gui-powershell) ---------------------------------------------------------------------------------------------------------------------------------------------------------- ((curl http://127.0.0.1:14002/api/sno).Content | ConvertFrom-Json).satellites.id | %{"$_"; ((curl http://127.0.0.1:14002/api/sno/satellite/$_).Content | ConvertFrom-Json).audits} ((curl http://127.0.0.1:14002/api/sno).Content | ConvertFrom-Json).satellites.id | %{"$_"; ((curl http://127.0.0.1:14002/api/sno/satellite/$_).Content | ConvertFrom-Json).audits} CopyCopied! Previous [FAQs](https://storj.dev/node/faq) Next [Can Storj use a different blockchain for payments?](https://storj.dev/node/faq/can-storj-use-other-blockchain) --- # Using LINSTOR with Storj for Disaster Recovery - Storj Docs LINSTOR® is an open source configuration management system, developed by LINBIT®, for storage on Linux systems. It manages LVM logical volumes, ZFS volumes, or both, on a cluster of nodes. It uses DRBD® (also open source software) for replication between different nodes and to provide block storage devices to users and applications, for high availability and disaster recovery use cases. Because DRBD is a live replication software and not a backup solution, you might want a complimentary solution to create immutable backups. LINSTOR allows you to make such backups and then store them, for example, in S3 compatible storage, such as a Storj bucket. Storj provides enterprise-grade, globally distributed cloud object storage and can be a drop-in replacement for any S3-compatible object storage. [Overview of integrating LINSTOR with Storj](https://storj.dev/dcs/third-party-tools/linstor#overview-of-integrating-linstor-with-storj) ----------------------------------------------------------------------------------------------------------------------------------------- To integrate LINSTOR with Storj, for disaster recovery, you can configure a Storj storage bucket as an S3 remote in LINSTOR. An S3 remote in LINSTOR can be a destination for shipping storage volume snapshots. These snapshots are called backups on the remote S3 storage. You can create snapshots and [ship them to a LINSTOR S3 remote](https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-linstor-snapshots-shipping) either manually, or automatically on a schedule. When disaster strikes, you can restore data from a Storj backup into your existing LINSTOR cluster, or into another LINSTOR cluster at an off-site DR location. [Prerequisites](https://storj.dev/dcs/third-party-tools/linstor#prerequisites) ------------------------------------------------------------------------------- To configure LINSTOR to use Storj storage as a LINSTOR S3 remote, you need to meet the following prerequisites: 1. Have a Storj account, and a storage bucket with configured access to the bucket through [S3 credentials](https://storj.dev/dcs/access#create-s3-credentials) 2. Have a local LINSTOR cluster with a LINSTOR resource backed by thin-provisioned LVM or ZFS storage [Setting up LINSTOR encryption for Storj access and secret keys](https://storj.dev/dcs/third-party-tools/linstor#setting-up-linstor-encryption-for-storj-access-and-secret-keys) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- To access a Storj storage bucket through LINSTOR, you need to record the Storj access and secret keys associated with the S3 credentials for your bucket in the LINSTOR database. LINSTOR will store these keys encrypted, so you need to have an encryption passphrase with LINSTOR. If you have not already created a [LINSTOR encryption passphrase](https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-encrypt_commands) , you can create one by entering the following command: linstor encryption create-passphrase linstor encryption create-passphrase CopyCopied! If the LINSTOR controller service restarts, for example, after an upgrade or if the LINSTOR controller node reboots, you will need to enter the passphrase before you can access Storj storage through LINSTOR. To do this, enter the command: linstor encryption enter-passphrase linstor encryption enter-passphrase CopyCopied! LINSTOR allows for automating the encryption passphrase entry. This is not without security risk implications. Refer to details in the [LINSTOR User Guide](https://linbit.com/drbd-user-guide/linstor-guide-1_0-en/#s-automatic_passphrase) . [Creating a LINSTOR remote for your Storj S3 storage](https://storj.dev/dcs/third-party-tools/linstor#creating-a-linstor-remote-for-your-storj-s3-storage) ----------------------------------------------------------------------------------------------------------------------------------------------------------- Enter the following commands to create a LINSTOR Storj S3 remote, in all LINSTOR clusters that might need to access your Storj bucket. Change the values stored in the variables to match your environment. linstor_s3remotename=storj-remotestorj_bucketname=linstor-storjstorj_region=globalstorj_endpoint=storj_accesskey=storj_secretkey=linstor remote create s3 $linstor_s3remotename $storj_endpoint \ $storj_bucketname $storj_region $storj_accesskey $storj_secretkey linstor_s3remotename=storj-remotestorj_bucketname=linstor-storjstorj_region=globalstorj_endpoint=storj_accesskey=storj_secretkey=linstor remote create s3 $linstor_s3remotename $storj_endpoint \ $storj_bucketname $storj_region $storj_accesskey $storj_secretkey CopyCopied! The `linstor_s3remotename` is a user-defined name for the LINSTOR S3 remote object that you are creating. The `storj_bucketname` is the name of an existing Storj bucket that you want to use for holding LINSTOR storage backups and `storj_region` is the associated location of the bucket. You can verify the bucket name and region from the Storj dashboard by navigating to the Browse Buckets screen, by clicking on Browse from the left-side menu, or by clicking Buckets from the Project Dashboard. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images%2FLinstor/linstor-storj-remote-s3-storage-backup-guide_01-storj-dashboard.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images%2FLinstor/linstor-storj-remote-s3-storage-backup-guide_01-storj-dashboard.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images%2FLinstor/linstor-storj-remote-s3-storage-backup-guide_02-browse-buckets-screen.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images%2FLinstor/linstor-storj-remote-s3-storage-backup-guide_02-browse-buckets-screen.png) You will also need to know the Storj access and secret keys, and the associated Storj endpoint for the Storj S3 credentials applicable to the Storj bucket that you are using as a LINSTOR remote. You can show, copy, or download these when you create your Storj S3 credentials. You can omit the `$storj_secretkey` argument from the `linstor remote create` command to enter the secret key manually. Clear any sensitive variables after using them and remove any commands used to set them from your shell command history. [Verifying your LINSTOR S3 remote](https://storj.dev/dcs/third-party-tools/linstor#verifying-your-linstor-s3-remote) --------------------------------------------------------------------------------------------------------------------- After creating an S3 LINSTOR remote object, you can verify it exists by entering the following command: linstor remote list --pastable linstor remote list --pastable CopyCopied! Output will be similar to the following: +------------------------------------------------------------------+| Name | Type | Info ||==================================================================|| storj-remote | S3 | global.gateway.storjshare.io/linstor-storj |+------------------------------------------------------------------+ +------------------------------------------------------------------+| Name | Type | Info ||==================================================================|| storj-remote | S3 | global.gateway.storjshare.io/linstor-storj |+------------------------------------------------------------------+ CopyCopied! [Creating a backup of a LINSTOR storage resource](https://storj.dev/dcs/third-party-tools/linstor#creating-a-backup-of-a-linstor-storage-resource) --------------------------------------------------------------------------------------------------------------------------------------------------- To back up a LINSTOR storage resource to your Storj storage, enter the following commands, where myres is the name of the LINSTOR resource that you want to back up. linstor backup create $linstor_s3remotename myres linstor backup create $linstor_s3remotename myres CopyCopied! [Verifying LINSTOR storage resource backups](https://storj.dev/dcs/third-party-tools/linstor#verifying-linstor-storage-resource-backups) ----------------------------------------------------------------------------------------------------------------------------------------- You can verify that a backup of your LINSTOR resource exists at your LINSTOR S3 remote, by entering the following command: linstor backup list $linstor_s3remotename --pastable linstor backup list $linstor_s3remotename --pastable CopyCopied! Output from the command will be similar to the following: +----------------------------------------------------------------------------+| Resource | Snapshot | Finished at | Based On | Status ||============================================================================|| myres | back_20250328_150859 | 2025-03-28 15:09:01 | | Success |+----------------------------------------------------------------------------+ +----------------------------------------------------------------------------+| Resource | Snapshot | Finished at | Based On | Status ||============================================================================|| myres | back_20250328_150859 | 2025-03-28 15:09:01 | | Success |+----------------------------------------------------------------------------+ CopyCopied! You can also verify the backup by using a utility such as `rclone`, independent of LINSTOR, to list the contents of your Storj bucket. For example, output from an `rclone lsf storj:linstor-storj/` command might show something similar to this: myres_00000_back_20250328_150859myres_back_20250328_150859.meta myres_00000_back_20250328_150859myres_back_20250328_150859.meta CopyCopied! [Restoring from a remote backup to a new resource](https://storj.dev/dcs/third-party-tools/linstor#restoring-from-a-remote-backup-to-a-new-resource) ----------------------------------------------------------------------------------------------------------------------------------------------------- To restore a remote S3 backup to a new LINSTOR resource on a LINSTOR satellite node named `linstor-sat-0`, in either your existing LINSTOR cluster or another off-site LINSTOR cluster, enter the following commands: newresourcename=myrestoredreslinstor backup restore \ --resource myres $linstor_s3remotename \ --target-resource-group myresgroup \ linstor-sat-0 $newresourcename newresourcename=myrestoredreslinstor backup restore \ --resource myres $linstor_s3remotename \ --target-resource-group myresgroup \ linstor-sat-0 $newresourcename CopyCopied! After restoring the resource backup to a new resource on a single LINSTOR satellite node, `linstor-sat-0` in this example, you can then enter the following command to replicate the resource to other LINSTOR satellite nodes in your cluster: linstor resource-definition auto-place $newresourcename linstor resource-definition auto-place $newresourcename CopyCopied! This command will create new resources on other LINSTOR satellite nodes, based on the LINSTOR auto-placement count value associated with the resource definition that you specify. Because this is a new resource definition, the resource definition will inherit auto-placement properties from the resource group it belongs to. After creating the resource replicas on other satellite nodes to meet auto-placement constraints, LINSTOR will use DRBD to synchronize these new resources with the resource on the satellite node that you restored to earlier. [Restoring an existing resource from a remote backup](https://storj.dev/dcs/third-party-tools/linstor#restoring-an-existing-resource-from-a-remote-backup) ----------------------------------------------------------------------------------------------------------------------------------------------------------- Besides restoring a backup to a new resource, you can also restore an existing resource to a state stored in a remote S3 backup. This might be a recovery method of last resort, because it involves downtime while LINSTOR downloads the backup from S3 storage. Generally, it is better to restore or roll back an existing LINSTOR resource from local snapshots. Restoring an existing resource to a previous snapshot is a multiple-step process. First verify whether a local snapshot exists for the resource you want to roll back, by entering the following command: linstor snapshot list --resources myres --pastable linstor snapshot list --resources myres --pastable CopyCopied! If there are no local snapshots for the resource in your local LINSTOR cluster that you want to roll back to, then your only option might be to restore the resource from a remote backup. Before you can restore the resource from a remote backup, you first need to delete the local resource on all LINSTOR satellite nodes, after confirming that the resource is not in use in your cluster. An example command might be as follows: linstor resource delete linstor-sat-0 linstor-sat-1 linstor-sat-2 myres linstor resource delete linstor-sat-0 linstor-sat-1 linstor-sat-2 myres CopyCopied! Deleting a LINSTOR resource will also delete the data stored in the resource in a way that will require snapshot restoration or data forensics recovery to get back. However, LINSTOR will not delete a resource that is in an InUse state on a satellite node, for example, if the storage resource is mounted within a file system. Next, restore the resource from the S3 remote to a single LINSTOR satellite node (`linstor-sat-0` in this example) in your local LINSTOR cluster by entering the following commands. Change the remote, satellite, resource group, and resource names to match your environment. linstor backup restore \ $linstor_s3remotename \ linstor-sat-0 myres \ --target-resource-group myresgroup \ --resource myres linstor backup restore \ $linstor_s3remotename \ linstor-sat-0 myres \ --target-resource-group myresgroup \ --resource myres CopyCopied! Enter a linstor resource list command to verify that the LINSTOR resource is in an up-to-date state. While not highly available, because it is only on one node, you can now put the resource back into use for any applications and services that depend upon it. Next, enter the following command to replicate the resource to other LINSTOR satellite nodes to match LINSTOR automatic placement constraints, as described earlier: linstor resource-definition auto-place $newresourcename linstor resource-definition auto-place $newresourcename CopyCopied! Wait for the resource to synchronize and reach an up-to-date state on your LINSTOR satellite nodes. You can use a `watch linstor resource list --resources myres --pastable` command if you need to monitor the synchronization in real time. Previous [Kubernetes Backup via Velero](https://storj.dev/dcs/third-party-tools/velero) Next [Livepeer](https://storj.dev/dcs/third-party-tools/livepeer) --- # How do I change values like wallet address or storage capacity? - Storj Docs 1\. Stop and remove the running Storage Node Docker container (CLI) or stop the service (GUI Windows): CLI InstallGUI Windows Install docker stop -t 300 storagenodedocker rm storagenode docker stop -t 300 storagenodedocker rm storagenode CopyCopied! 2\. Run your Storage Node again after editing needed parameters: CLI InstallGUI Windows Install Parameters are described in [Concepts](https://storj.dev/node/concepts) section. If you need to specify some parameters like a wallet options (i.e. [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) ) you can provide them in the [config.yaml](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) file as well. How to run your Storage Node with modified parameters from the CLI: [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) Previous [How can I exchange STORJ tokens to currencies like € or $?](https://storj.dev/node/faq/how-can-i-exchange-storj-tokens-to-currencies-like-or) Next [How do I check my L2 zkSync payouts?](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts) --- # How do I estimate my potential earnings for a given amount of space and bandwidth? - Storj Docs We have a great [Community Earnings Estimator](https://forum.storj.io/t/realistic-earnings-estimator/6693) to give you an idea how much time it may take to fill your provided free disk space and how much you may earn. Please be aware - this is only an estimator, not a calculator. Unlike for mining cryptocurrencies, the estimated potential earnings are not guaranteed because the space and bandwidth are used by real people, not machines. Previous [How do I estimate my payouts per Satellite?](https://storj.dev/node/faq/estimate-payouts) Next [How do I hold STORJ? What is a valid address or compatible wallet?](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) --- # Graceful Exit Guide - Storj Docs _(This guide was originally published by Jens Heimbürge in [this forum thread](https://forum.storj.io/t/graceful-exit-guide/3618) and updated with a new version of the Graceful Exit implementation [later](https://forum.storj.io/t/graceful-exit-guide-new-procedure-as-of-2023-10/23882) . Please read the thread in order to find the most recent updates and changes)._ Warning: Read this carefully before you start Please read the following information carefully and ask any questions your might have on this forum thread and this one before executing graceful exit. [Requirements](https://storj.dev/node/faq/graceful-exit-guide#requirements) ============================================================================ 1. Storage node has joined the network more than **15 months** ago (requirement **temporarily reduced to 6 months**). 2. Storage node is **healthy** and **hasn’t lost any significant amount of data**. Disqualification during graceful exit is possible. 3. Storage node will have **no huge downtime** during the graceful exit period (30 days). The uptime score requirement is higher during graceful exit (0.8) than it is normally (0.6). If your node has too much downtime during the graceful exit period, the graceful exit will fail and you will not get back your held amount. [Start Graceful Exit](https://storj.dev/node/faq/graceful-exit-guide#start-graceful-exit) ========================================================================================== Are you sure you want to start graceful exit? Did you read the information above? Do you understand that graceful exit can’t be canceled once initiated? Here is an example how you call graceful exit from the command prompt (Linux): docker exec -it storagenode /app/bin/storagenode exit-satellite --config-dir /app/configPlease be aware that by starting a graceful exit from a satellite, you will no longer be allowed to participate in repairs or uploads from that satellite. This action can not be undone. Are you sure you want to continue? y/n : yDomain Name Node ID Space Usedap1.storj.io:7777 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6 37.9 GBus1.storj.io:7777 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S 38.7 GBeu1.storj.io:7777 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs 0.8 TBPlease enter a space delimited list of satellite domain names you would like to gracefully exit. Press enter to continue: ap1.storj.io:7777 us1.storj.io:7777 eu1.storj.io:7777 docker exec -it storagenode /app/bin/storagenode exit-satellite --config-dir /app/configPlease be aware that by starting a graceful exit from a satellite, you will no longer be allowed to participate in repairs or uploads from that satellite. This action can not be undone. Are you sure you want to continue? y/n : yDomain Name Node ID Space Usedap1.storj.io:7777 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6 37.9 GBus1.storj.io:7777 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S 38.7 GBeu1.storj.io:7777 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs 0.8 TBPlease enter a space delimited list of satellite domain names you would like to gracefully exit. Press enter to continue: ap1.storj.io:7777 us1.storj.io:7777 eu1.storj.io:7777 CopyCopied! For Windows GUI users, the exit command should look as follows, but be sure to point to your own identity and config directories (in cmd.exe): "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-satellite --config-dir "C:\Program Files\Storj\Storage Node\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderrPlease be aware that by starting a graceful exit from a satellite, you will no longer be allowed to participate in repairs or uploads from that satellite. This action can not be undone. Are you sure you want to continue? y/n : yDomain Name Node ID Space Usedap1.storj.io:7777 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6 37.9 GBus1.storj.io:7777 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S 38.7 GBeu1.storj.io:7777 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs 0.8 TBPlease enter a space delimited list of satellite domain names you would like to gracefully exit. Press enter to continue: ap1.storj.io:7777 us1.storj.io:7777 eu1.storj.io:7777 "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-satellite --config-dir "C:\Program Files\Storj\Storage Node\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderrPlease be aware that by starting a graceful exit from a satellite, you will no longer be allowed to participate in repairs or uploads from that satellite. This action can not be undone. Are you sure you want to continue? y/n : yDomain Name Node ID Space Usedap1.storj.io:7777 121RTSDpyNZVcEU84Ticf2L1ntiuUimbWgfATz21tuvgk3vzoA6 37.9 GBus1.storj.io:7777 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S 38.7 GBeu1.storj.io:7777 12L9ZFwhzVpuEKMUNUqkaTLGzwY9G24tbiigLiXpmZWKwmcNDDs 0.8 TBPlease enter a space delimited list of satellite domain names you would like to gracefully exit. Press enter to continue: ap1.storj.io:7777 us1.storj.io:7777 eu1.storj.io:7777 CopyCopied! You can exit the satellites one by one or all at the same time. [For multiple nodes owners](https://storj.dev/node/faq/graceful-exit-guide#for-multiple-nodes-owners) ------------------------------------------------------------------------------------------------------ If you used multiple nodes on the same host, you have changed the `server.private-address` option in your config file. You must use this option in the exit-satellite and exit-status commands. For example, if you changed it to `server.private-address: 127.0.0.1:7779` and your other identity is located in `"C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2"`, and the `config.yaml` file is located in `"C:\Program Files\Storj\Storage Node2\"` then the exit-satellite command will look like: "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-satellite --config-dir "C:\Program Files\Storj\Storage Node2\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderr --server.private-address 127.0.0.1:7779 "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-satellite --config-dir "C:\Program Files\Storj\Storage Node2\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderr --server.private-address 127.0.0.1:7779 CopyCopied! [During Graceful Exit](https://storj.dev/node/faq/graceful-exit-guide#during-graceful-exit) ============================================================================================ You can watch the status of graceful exit as follows (example output from a test satellite): docker exec -it storagenode /app/bin/storagenode exit-status --config-dir /app/config --identity-dir /app/identityDomain Name Node ID Percent Complete Successful Completion Receipt 127.0.0.1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 0.00% N N/A docker exec -it storagenode /app/bin/storagenode exit-status --config-dir /app/config --identity-dir /app/identityDomain Name Node ID Percent Complete Successful Completion Receipt 127.0.0.1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 0.00% N N/A CopyCopied! From the `cmd.exe` (Windows) "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-status --config-dir "C:\Program Files\Storj\Storage Node\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode" --log.output stderrDomain Name Node ID Percent Complete Successful Completion Receipt 127.0.0.1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 0.00% N N/A "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-status --config-dir "C:\Program Files\Storj\Storage Node\\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode" --log.output stderrDomain Name Node ID Percent Complete Successful Completion Receipt 127.0.0.1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 0.00% N N/A CopyCopied! For the second node with identity `"C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2"` and `server.private-address: 127.0.0.1:7779`, and the `config.yaml` file is located in `"C:\Program Files\Storj\Storage Node2\"`: "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-status --config-dir "C:\Program Files\Storj\Storage Node2\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderr --server.private-address 127.0.0.1:7779 "C:\Program Files\Storj\Storage Node\storagenode.exe" exit-status --config-dir "C:\Program Files\Storj\Storage Node2\" --identity-dir "C:\Users\USER\AppData\Roaming\Storj\Identity\storagenode2" --log.output stderr --server.private-address 127.0.0.1:7779 CopyCopied! The “Percent Complete” field is a relic of the old graceful exit and is no longer meaningful. It will likely be removed at some point. If you get the output `No graceful exit in progress.` this means graceful exit didn’t start because of the minimum node age requirement. In the storage node logs you will find additional information such as: `node is not yet eligible for graceful exit: will be eligible after 2020-04-02 01:18:23.910919 +0000 UTC.` In case of a crash, power failure or other outage during graceful exit, please get your storage node back online. Graceful exit will continue. [Finish Graceful Exit](https://storj.dev/node/faq/graceful-exit-guide#finish-graceful-exit) ============================================================================================ After the graceful exit period (currently 30 days) is complete, your node will no longer be in the graceful exit stage. Either it will have succeeded (if your uptime was high enough) or it will have failed. At the end you will get this output: (sample output from a test satellite) root@kali:~# storagenode exit-statusDomain Name Node ID Percent Complete Successful Completion Receipt 127.0 0 1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 100.00% Y 0a473045022100da86329cfb4f5bb16f0702c1d073c3a8b54787311b54855bcf01a8e245250040022003ef911b3b2b2bea86ba34cd4927223f2718cd35c3b7de7cc030cd3a8ce4959a1220db55bd9fa76e8938be5a7a25c970d48bde19936e269dcf69a3ab9fa41b5486001a207508f9a6138cdc4089ea075f1553736d472cb1d3afa4397496a8eb948d121200220c08abe5dcf0051086e6fefe01Your node should automatically delete any remaining data for the satellite(s) it exited from when graceful exit is completed. root@kali:~# storagenode exit-statusDomain Name Node ID Percent Complete Successful Completion Receipt 127.0 0 1:10000 12fbck97kqEGbWPu673CpeyrXavtqgVriyv9pCfL3mpw3yz2zN9 100.00% Y 0a473045022100da86329cfb4f5bb16f0702c1d073c3a8b54787311b54855bcf01a8e245250040022003ef911b3b2b2bea86ba34cd4927223f2718cd35c3b7de7cc030cd3a8ce4959a1220db55bd9fa76e8938be5a7a25c970d48bde19936e269dcf69a3ab9fa41b5486001a207508f9a6138cdc4089ea075f1553736d472cb1d3afa4397496a8eb948d121200220c08abe5dcf0051086e6fefe01Your node should automatically delete any remaining data for the satellite(s) it exited from when graceful exit is completed. CopyCopied! As long as graceful exit was successful, you will get back your held amount with the next regular payout. The “Completion Receipt” contains a signature from the satellite and is your ticket to get the payback. In some situations, the storage node doesn’t need to transfer 100% of the data and might finish graceful exit with a lower percentage. As long as graceful exit was successful, you should get your held back amount along with the next regular SNO payout on Layer 1, if the owed amount is above the minimum payout threshold, or if the node is opted in to zkSync Era, on Layer 2. The “Completion Receipt” contains a signature from the satellite you exited and is your ticket to get the held back amount. Please keep your nodeID, each satelliteID and each completion receipt in a safe place. With this information your can open a [support ticket](https://support.storj.io/hc/en-us/requests/new) if needed. Previous [Can we use an exchange as a wallet for STORJ tokens?](https://storj.dev/node/faq/can-we-use-an-exchange-as-a-wallet-for-storj-tokens) Next [How can I exchange STORJ tokens to currencies like € or $?](https://storj.dev/node/faq/how-can-i-exchange-storj-tokens-to-currencies-like-or) --- # Storing and Accessing NFTs with OpenSea on Decentralized Cloud - Storj Docs Storj makes it easy for NFT (Non-Fungible Token) creators and developers to store their digital art, music, and videos on the decentralized cloud via Storj. [Getting Started with NFT Storage on Storj](https://storj.dev/dcs/third-party-tools/opensea#getting-started-with-nft-storage-on-storj) --------------------------------------------------------------------------------------------------------------------------------------- In this tutorial, we’re going to cover three main steps: 1. Upload your Digital Asset to Storj 2. Create a public LinkShare link to your digital asset 3. Register your NFT with the link to the asset Before we get started, here’s some background information on NFTs for context. Or skip the background and[NFT storage for OpenSea](https://storj.dev/dcs/third-party-tools/opensea) [Background](https://storj.dev/dcs/third-party-tools/opensea#background) ------------------------------------------------------------------------- This tutorial covers a couple of approaches for developers and creators minting Non-Fungible Tokens (NFTs) for digital assets, to store and serve those digital assets from Storj, the leading decentralized cloud storage provider. In this example, we’re going to use OpenSea for the NFT registration. In principle, the same method could also be applied to storing NFTs issued on any of the other available NFT minting platforms. Right now, any OpenSea developer can use the coupon code **OPENSEA100** for $100 in STORJ Credit. This would be useful to any developer who signs up to use Storj with the OpenSea SDK and wants to grow beyond our free 50GB tier. This promotion is available to the first 100 developers to register the coupon code on any Storj Satellite account, and is good for two billing cycles. The coupon code is redeemable until December 31st, 2021. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Atka2Z1N3Y1sHsSK3i1A3_screen-shot-2021-09-02-at-30557-pm.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Atka2Z1N3Y1sHsSK3i1A3_screen-shot-2021-09-02-at-30557-pm.png) NFTs enable developers and creators to register ownership of a unique digital asset on the blockchain. NFTs are best understood as providing digitally native ownership of images, videos, or PFPs (Profile Pictures), or can be digital representations of asset ownership for real estate etc. An NFT is just a registration of ownership - for digital objects, owners need a secure, decentralized method to store the associated jpg, mp4, or other files the NFT is to be associated with. Storj provides secure, private storage on the decentralized cloud that is ideal for NFTs: * Fully encrypted data and metadata for digital assets * Multiple options for developing web or mobile apps for storing and sharing digital assets * Ultra-secure and private file sharing options * Simple public sharing URLs with revocable access * Native support for media streaming [What is OpenSea?](https://storj.dev/dcs/third-party-tools/opensea#what-is-open-sea) ------------------------------------------------------------------------------------- OpenSea is an open marketplace and developer toolkit for NFTs. NFTs are blockchain tokens associated with a cryptographic keypair to represent ownership of unique items. ### [What are NFTs?](https://storj.dev/dcs/third-party-tools/opensea#what-are-nfts) NFT contracts such as ERC721 and ERC1155, let us tokenize things like art, collectibles, and even real estate. They can only have one official owner at a time and, in case of ERC721 and ERC1155, are secured by the Ethereum blockchain – no one can modify the record of ownership or copy/paste a new NFT into existence. ### [What does the OpenSea SDK do?](https://storj.dev/dcs/third-party-tools/opensea#what-does-the-open-sea-sdk-do) The OpenSea SDK enables developers to easily access the OpenSea orderbook, filter it, create buy orders (offers), sell orders (auctions) or collections of assets to sell at once (bundles), and to complete trades programmatically. ### [Why would I store my NFT on the decentralized cloud?](https://storj.dev/dcs/third-party-tools/opensea#why-would-i-store-my-nft-on-the-decentralized-cloud) * It’s more available than centralized alternatives like AWS (data stored on Storj is broken into redundant erasure codes across the globe) * Storj is faster than Kademlia-based networks (like BitTorrent or IPFS) * It’s 80% less expensive than Amazon S3 ### [Tutorial](https://storj.dev/dcs/third-party-tools/opensea#tutorial) If you haven’t already registered for a Storj account, you're going to need to take care of that upfront. [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) . Now that you’ve got your account squared away, let’s upload your digital asset and create a linkshare link. For this tutorial, we’re just going to use the web interface in the Satellite admin console, but you can also use our [share](https://storj.dev/dcs/api/uplink-cli/share-command) , one of the [SDKs](https://storj.dev/dcs/api/sdk) , our [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) , or an app like [FileZilla Native Integration](https://storj.dev/dcs/third-party-tools/filezilla/filezilla-native) or [Rclone](https://storj.dev/dcs/third-party-tools/rclone) If you want a little more context about the different components and constructs in Storj, you can read [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) . ### [Okay, let’s do this.](https://storj.dev/dcs/third-party-tools/opensea#okay-let-s-do-this) 1. Create a [Storj account](http://storj.io/signup) 2. Create a [Dashboard](https://storj.dev/support/dashboard) 3. Navigate to [Object Browser](https://storj.dev/support/object-browser) 4. Create a Bucket 5. Upload a file by dragging and dropping your digital asset into the bucket via the browser 6. Generate a Linkshare for URL hosting using Storj Object Browser or CLI share command 1. Click the 3 dot button to the right of your object and choose _Share_ 2. Click _Generate Share Link_ 3. Copy the Share Link and click _Done_ 7. You can interact with your digital asset across the Decentralized Cloud in a number of ways 1. ​​To download content directly, use /raw/ in the Linkshare URL ex: [https://link.us1.storjshare.io](https://link.us1.storjshare.io/raw/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) [**/raw/**](https://link.us1.storjshare.io/raw/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) [ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4](https://link.us1.storjshare.io/raw/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) 2. To view the digital asset in the object map that shows the location of the storage nodes storing the encrypted and erasure-coded pieces, use /s/ in the Linkshare URL ex: [https://link.us1.storjshare.io](https://link.us1.storjshare.io/s/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) [**/s/**](https://link.us1.storjshare.io/s/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) [ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4](https://link.us1.storjshare.io/s/ju34skavohcqezr6vlfgshg5nmjq/dwebdemo/isthataquestion.mp4) 8. Create the NFT on OpenSea and use the raw content link as external link for NFT Metadata 1. Use the OpenSea GUI: [OpenSea Collections](https://opensea.io/collections) 9. Or developer SDK here: [OpenSea Docs: Adding Metadata](https://docs.opensea.io/docs/2-adding-metadata) Previous [Nextcloud](https://storj.dev/dcs/third-party-tools/nextcloud) Next [oCIS - ownCloud Infinite Scale](https://storj.dev/dcs/third-party-tools/ocis) --- # How do I know the exchange rate for my payout? - Storj Docs If you want to know the amount of USD a particular storage node payment transaction was considered denominated in, please check out our cost basis tool. You’ll need to enter your payment transaction: [https://costbasis.storj.tools/](https://costbasis.storj.tools/) Previous [How do I hold STORJ? What is a valid address or compatible wallet?](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) Next [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) --- # How do I check my logs? - Storj Docs You can look at your logs to see if you have some errors indicating that something is not functioning properly: CLI InstallGUI Windows Install docker logs storagenode docker logs storagenode CopyCopied! Use this command if you just want to see the last 20 lines of the log: docker logs --tail 20 storagenode docker logs --tail 20 storagenode CopyCopied! For CLI Docker install on Windows, if you would like to copy your logs to a file you can follow this link [How do I redirect my logs to a file?](https://storj.dev/node/faq/redirect-logs) or you can execute the following command in PowerShell, inserting your actual path to your log file instead of “pathtologfile” Get-Content "pathtologfile" -Tail 20 -Wait Get-Content "pathtologfile" -Tail 20 -Wait CopyCopied! For CLI Linux and macOS install, if you have redirected your logs to a file, please use your preferred editor to view the contents of the log file, or in your terminal (replace the path `/path/to/the/log/file.log` with the correct path): cat /path/to/the/log/file.log cat /path/to/the/log/file.log CopyCopied! Previous [How do I check my L2 zkSync payouts?](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts) Next [How do I check my node when I'm away from my machine?](https://storj.dev/node/faq/check-my-node) --- # Rclone Command Guide - Storj Docs Follow the [Getting Started guide](https://storj.dev/dcs/getting-started) to setup Rclone. The follow are additional commands and options you can consider when using Rclone. [Configuration Password](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#configuration-password) ---------------------------------------------------------------------------------------------------------- For additional security, you should consider using the `s) Set configuration password` option. It will encrypt the `rclone.conf` configuration file. This way, secrets like the [Create Access Grant in CLI](https://storj.dev/learn/tutorials/quickstart-uplink-cli/generate-access-grants-and-tokens/generate-a-token) , the encryption passphrase, and the access grant can't be easily stolen. [Create a Bucket](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#create-a-bucket) -------------------------------------------------------------------------------------------- Use the `mkdir` command to create new bucket, e.g., `mybucket`. rclone mkdir waterbear:mybucket rclone mkdir waterbear:mybucket CopyCopied! [List All Buckets](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#list-all-buckets) ---------------------------------------------------------------------------------------------- Use the `lsf` command to list all buckets. Note the colon (`:`) character at the end of the command line. rclone lsf waterbear: rclone lsf waterbear: CopyCopied! [Delete a Bucket](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#delete-a-bucket) -------------------------------------------------------------------------------------------- Use the `rmdir` command to delete an empty bucket. rclone rmdir waterbear:mybucket rclone rmdir waterbear:mybucket CopyCopied! Use the `purge` command to delete a non-empty bucket with all its content. rclone purge waterbear:mybucket rclone purge waterbear:mybucket CopyCopied! [Upload Objects](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#upload-objects) ------------------------------------------------------------------------------------------ Use the `copy` command to upload an object. rclone copy --progress ~/Videos/myvideo.mp4 waterbear:mybucket/videos/ rclone copy --progress ~/Videos/myvideo.mp4 waterbear:mybucket/videos/ CopyCopied! The `--progress` flag is for displaying progress information. Remove it if you don't need this information. Use a folder in the local path to upload all its objects. rclone copy --progress ~/Videos/ waterbear:mybucket/videos/ rclone copy --progress ~/Videos/ waterbear:mybucket/videos/ CopyCopied! Only modified files will be copied. [List Objects](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#list-objects) -------------------------------------------------------------------------------------- Use the `ls` command to list recursively all objects in a bucket. rclone ls waterbear:mybucket rclone ls waterbear:mybucket CopyCopied! Add the folder to the remote path to list recursively all objects in this folder. rclone ls waterbear:mybucket/videos/ rclone ls waterbear:mybucket/videos/ CopyCopied! Use the `lsf` command to list non-recursively all objects in a bucket or a folder. rclone lsf waterbear:mybucket/videos/ rclone lsf waterbear:mybucket/videos/ CopyCopied! [Download Objects](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#download-objects) ---------------------------------------------------------------------------------------------- Use the `copy` command to download an object. The `--progress` flag is for displaying progress information. Using `--disable-http2` with rclone for Storj is recommended for increased transfer speeds by avoiding HTTP/2 specific issues. rclone copy --disable-http2 --progress waterbear:mybucket/videos/myvideo.mp4 ~/Downloads/ rclone copy --disable-http2 --progress waterbear:mybucket/videos/myvideo.mp4 ~/Downloads/ CopyCopied! Use a folder in the remote path to download all its objects. rclone copy --progress waterbear:mybucket/videos/ ~/Downloads/ rclone copy --progress waterbear:mybucket/videos/ ~/Downloads/ CopyCopied! [Delete Objects](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#delete-objects) ------------------------------------------------------------------------------------------ Use the `deletefile` command to delete a single object. rclone deletefile waterbear:mybucket/videos/myvideo.mp4 rclone deletefile waterbear:mybucket/videos/myvideo.mp4 CopyCopied! Use the `delete` command to delete all object in a folder. rclone delete waterbear:mybucket/videos/ rclone delete waterbear:mybucket/videos/ CopyCopied! [Print the Total Size of Objects](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#print-the-total-size-of-objects) ---------------------------------------------------------------------------------------------------------------------------- Use the `size` command to print the total size of objects in a bucket or a folder. rclone size waterbear:mybucket/videos/ rclone size waterbear:mybucket/videos/ CopyCopied! [Sync Two Locations](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#sync-two-locations) -------------------------------------------------------------------------------------------------- Use the `sync` command to sync the source to the destination, changing the destination only. Doesn’t transfer unchanged files, testing by size and modification time or MD5SUM. Destination is updated to match source, including deleting files if necessary. Since this can cause data loss, test first with the `--dry-run` flag to see exactly what would be copied and deleted. rclone sync --progress ~/Videos/ waterbear:mybucket/videos/ rclone sync --progress ~/Videos/ waterbear:mybucket/videos/ CopyCopied! The sync can also be done from Storj to the local file system. rclone sync --progress waterbear:mybucket/videos/ ~/Videos/ rclone sync --progress waterbear:mybucket/videos/ ~/Videos/ CopyCopied! Or between two Storj buckets. rclone sync --progress waterbear-us:mybucket/videos/ waterbear-europe:mybucket/videos/ rclone sync --progress waterbear-us:mybucket/videos/ waterbear-europe:mybucket/videos/ CopyCopied! Or even between another cloud storage (e.g., an AWS S3 connection names `s3`) and Storj. rclone sync --progress s3:mybucket/videos/ waterbear:mybucket/videos/ rclone sync --progress s3:mybucket/videos/ waterbear:mybucket/videos/ CopyCopied! [Mounting a Bucket](https://storj.dev/dcs/third-party-tools/rclone/rclone-s3#mounting-a-bucket) ------------------------------------------------------------------------------------------------ Use the `mount` command to mount a bucket to a folder (Mac, Windows and Linux) or as a disk drive (Windows). When mounted, you can use the bucket as a local folder (drive). WindowsLinuxmacOS mkdir ~/mybucketrclone mount waterbear:mybucket ~/mybucket --vfs-cache-mode full mkdir ~/mybucketrclone mount waterbear:mybucket ~/mybucket --vfs-cache-mode full CopyCopied! The `--vfs-cache-mode full` flag means that all reads and writes are cached to disk. Without it, reads and writes are done directly to the Storj bucket. To unmount the bucket, use the `Ctrl-C` keystroke to stop rclone. Previous [Rclone](https://storj.dev/dcs/third-party-tools/rclone) Next [Rclone Native Integration](https://storj.dev/dcs/third-party-tools/rclone/rclone-native) --- # How do I check my L2 zkSync payouts? - Storj Docs If you opted-in [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) , you can check your payout in three ways: [Payout section on the Dashboard](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts#payout-section-on-the-dashboard) --------------------------------------------------------------------------------------------------------------------------- You can click the **View on zkScan** button on the main page of your web-dashboard (see [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) and [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) ), as shown in the screenshot of the dashboard _Payout section_ below. This will send you to your zkSync wallet page where you can review the latest L2 payout transactions received. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/A9Wtk342aTte-ic4IKik6_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/A9Wtk342aTte-ic4IKik6_image.png) If you do not see the notification "zkSync is opted-in", then you did not enable zkSync in the configuration of the node. See [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) how to opt in. [Payout Information](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts#payout-information) ------------------------------------------------------------------------------------------------- Open your web-dashboard (see [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) and [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) ), navigate to the _Payout_ section and click the _Payout Information_ link. Scroll down to the _Payout History_ section and expand any of the satellites. You should see a _Transaction_ link. If you click on it - it will open the corresponding transaction on [zkSscan](https://zkscan.io/) if you opted-in for zkSync and received payout on L2. If you did not opt in to zkSync, the _Transaction_ link will show your L1 payout on [Etherscan](https://etherscan.io/) . If you do not see the _Transaction_ link, then your node has not received payout receipts from the satellites yet. You need to wait at least 24 hours after the payout for the previous month has been completed to see it. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fFTMlWDQj-XdaeKqH0lmk_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/fFTMlWDQj-XdaeKqH0lmk_image.png) [Check your wallet on zkscan.io](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts#check-your-wallet-on-zkscan-io) ------------------------------------------------------------------------------------------------------------------------- And finally, you can open [zkSscan](https://zkscan.io/) , put your wallet address in the search field and click the **Search** button. Previous [How do I change values like wallet address or storage capacity?](https://storj.dev/node/faq/how-do-i-change-my-parameters-such-as-payout-address-allotted-storage-space-and-bandwidth) Next [How do I check my logs?](https://storj.dev/node/faq/check-logs) --- # Automatically Backing Up Tesla Sentry Mode and Dashcam videos - Storj Docs [Introduction](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#introduction) ------------------------------------------------------------------------------------------------ In this How To, we'll demonstrate how to automatically transfer Tesla Sentry Mode and Dashcam video clips over WiFi to Storj and make room for more videos the next day. We'll use a Raspberry Pi (a small, low cost, low power computer) plugged into the USB port in the dashboard to store the video files. When the Tesla pulls into your garage at night, the Raspberry Pi will connect via WiFi and upload all the videos to Storj, then clear off the drive for use the next day. This will also work for videos recorded in Track Mode if you have one of the performance models, and you can easily share any of the videos with your friends. [What you'll need](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#what-you-ll-need) -------------------------------------------------------------------------------------------------------- You'll need some hardware, some software and a Storj account for this project. [Hardware required](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#hardware-required) ---------------------------------------------------------------------------------------------------------- All in, you’re looking at right around $60 of hardware to get going (prices as of April 2021). Here’s the hardware you’ll need: * [Raspberry Pi Zero W : ID 3400 : $10.00](https://www.adafruit.com/product/3400) (We used a different model, but this is better) * [Adafruit Raspberry Pi Zero Case : ID 3252 : $4.75](https://www.adafruit.com/product/3252) (It should look good - you can 3d print your own for extra credit) * [SanDisk 256GB High Endurance Video microSDXC Card $37](https://www.amazon.com/SanDisk-Endurance-microSDXC-Adapter-Monitoring/dp/B07P4HBRMV) (Very important to have high quality storage with high write endurance. This gives you room for a few days in case you don’t connect to WiFi and won't wear out too quickly) * [USB Cable to plug into the car](https://www.adafruit.com/product/592) USB A to Micro-B - 3 foot long * [Storj cloud storage](https://www.storj.io/) - Secure, private and decentralized. Optional hardware for easier setup: * [Mini HDMI to HDMI Cable - 5 feet : ID 2775: $5.95](https://www.adafruit.com/product/2775) Makes it easier to set everything up by connecting the Pi to a monitor ### [Software required](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#software-required) The code used in this tutorial is open source and uses, among other things, [Rlcone](https://github.com/rclone/rclone) which includes native support for Storj. The GitHub Repository for the code is available at: [https://github.com/marcone/teslausb](https://github.com/marcone/teslausb) and the project was originally described on the [/r/teslamotors](https://www.reddit.com/r/teslamotors/comments/9m9gyk/build_a_smart_usb_drive_for_your_tesla_dash_cam/) subreddit. ### [Storj Account](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#storj-account) If you have not yet signed up, please [do so now](https://storj.io/signup) . [Step-by-step guide](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#step-by-step-guide) ------------------------------------------------------------------------------------------------------------ Using the software in the [teslausb](https://github.com/marcone/teslausb) project with Storj is a multipart process, we will accomplish the following: * Generate Credentials for Storj * This occurs through the [storj.io](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb) website * Configure your Raspberry Pi with the teslausb kit * Part 1 - One-step setup * This is done by flashing a preconfigured Raspbian image and then filling out a config file. * Part 2 - Rclone Configuration with Storj via hosted Gateway MT * This is done by accessing the Pi via SSH and installing/configuring Rclone ### [Sign Up for a Storj Account](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#sign-up-for-a-storj-account) If you have not yet signed up, please head here to [sign up for the free tier.](https://www.storj.io/signup) Please consult [Storj Console](https://storj.dev/support/storj-console) for details on setting up an account and using the Satellite Admin Console. ### [Generate Credentials to the Gateway MT](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#generate-credentials-to-the-gateway-mt) **Navigate to the Access** page within your project and then click on **Create S3 Credentials**. A modal window will pop up where you should enter a name for this access grant. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/02Sc23bYY6ck4tjYrzlIV_tesla.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/02Sc23bYY6ck4tjYrzlIV_tesla.png) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LpyTBi_2N18mWja2fJ5m9_tesla2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/LpyTBi_2N18mWja2fJ5m9_tesla2.png) **Assign the permissions** you want this access grant to have, then click on **Encrypt My Access**: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/66eO3SJy71s90en2nLrxC_tesla5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/66eO3SJy71s90en2nLrxC_tesla5.png) **Enter the Encryption Passphrase** you used for your other access grants. If this is your first access grant, we strongly encourage you to use a mnemonic phrase as your encryption passphrase (The GUI automatically generates one on the client-side for you.) [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/HXh6bgiEar2FhwMCuVMg8_tesla6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/HXh6bgiEar2FhwMCuVMg8_tesla6.png) Click either on the **Copy to clipboard** link or **Download .txt** and then confirm that you copied your Encryption Phrase to a safe place. Please **_save_** this **Encryption Passphrase** in a safe place as it will be required to decrypt and view your sentry mode videos from the web. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ElpzbwDB96FCM8TqKXQte_tesla7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/ElpzbwDB96FCM8TqKXQte_tesla7.png) Click the **Create my Access** link to finish generating of S3 credentials. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cpk1IzKHX4r9A7Kh0Jw8C_tesla8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Cpk1IzKHX4r9A7Kh0Jw8C_tesla8.png) **Copy** your **Access Key, Secret Key,** and **Endpoint** to a safe location. We will use this information later to configure Rclone with the hosted Gateway MT. Now we have our **credentials** and can move on to configuring teslausb. ### [Overview of credentials collected](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#overview-of-credentials-collected) * **Encryption Passphrase** * We will need this to view and/or retrieve clips in the browser later * **Access Grant** * Not used for this lab but please record it anyway for your reference * Gateway MT (S3) Credentials * Used to connect to the hosted gateway via Rclone * **Access Key** * **Secret Key** * **Endpoint** Learn more about [Access Management](https://storj.dev/learn/concepts/access) on Storj and using [Access Grants](https://storj.dev/learn/concepts/access/access-grants) . ### [Configure teslausb](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#configure-teslausb) Teslausb is the open source software that will run on the Raspberry Pi to send your videos to Storj. Now that you have your gateway credentials for Storj, you need to set up teslausb on the Raspberry Pi and configure it for use with those Storj credentials. ### [Part 1 - One-step setup](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#part-1-one-step-setup) You'll find the one-step setup guide for testlausb in this GitHub repo: [https://github.com/marcone/teslausb/blob/v2.5/doc/OneStepSetup.md](https://github.com/marcone/teslausb/blob/v2.5/doc/OneStepSetup.md) **Quick Instructions** 1. Download the latest release of the pre-built image from the repository’s releases page: [https://github.com/marcone/teslausb/releases/latest](https://github.com/marcone/teslausb/releases/latest) 2. Flash the image to the SD card you plan on using in your Raspberry Pi. For this we can use belena Etcher ([https://www.balena.io/etcher/](https://www.balena.io/etcher/) ) or any similar image flashing software, you can find some examples [here](https://www.raspberrypi.org/documentation/installation/installing-images/README.md) . 3. Mount the SD card to edit the initial configuration file located in the `boot` directory. Create a `teslausb_setup_variables.conf`A sample config file is located in the `boot` folder on the SD card. The latest sample is also available from GitHub via [pi-gen-sources/00-teslausb-tweaks/files/teslausb\_setup\_variables.conf.sample](https://github.com/marcone/teslausb/blob/main-dev/pi-gen-sources/00-teslausb-tweaks/files/teslausb_setup_variables.conf.sample) . 4. Specifically, set the \`ARCHIVE\_SYSTEM\` to \`none\`. This is because we need to boot the Pi to install some additional software to push our sentry clips in Storj. Please also set your Wifi settings. Save the file when you are done editing. Below is a small portion of the config file showing 'export ARCHIVE\_SYSTEM=none' as well as the wifi settings. # Variables for CIFS (Windows/Mac file sharing) archivingexport ARCHIVE_SYSTEM=noneexport ARCHIVE_SERVER=your_archive_name_or_ipexport SHARE_NAME=your_archive_share_nameexport SHARE_USER=usernameexport SHARE_PASSWORD=password# the cifs options below usually don't need to be specified# export SHARE_DOMAIN=domain# export CIFS_VERSION="3.0"# export CIFS_SEC="ntlm"# Wifi setup information. Note that Raspberry Pi Zero W only supports 2.4 GHz wifi.# If you are you are trying to connect to a network with a _hidden_ SSID,# edit /boot/wpa_supplicant.conf.sample and un-comment the indicated line.export SSID='your_ssid'export WIFIPASS='your_pass' # Variables for CIFS (Windows/Mac file sharing) archivingexport ARCHIVE_SYSTEM=noneexport ARCHIVE_SERVER=your_archive_name_or_ipexport SHARE_NAME=your_archive_share_nameexport SHARE_USER=usernameexport SHARE_PASSWORD=password# the cifs options below usually don't need to be specified# export SHARE_DOMAIN=domain# export CIFS_VERSION="3.0"# export CIFS_SEC="ntlm"# Wifi setup information. Note that Raspberry Pi Zero W only supports 2.4 GHz wifi.# If you are you are trying to connect to a network with a _hidden_ SSID,# edit /boot/wpa_supplicant.conf.sample and un-comment the indicated line.export SSID='your_ssid'export WIFIPASS='your_pass' CopyCopied! ### [Part 2 - Rclone Configuration](https://storj.dev/dcs/third-party-tools/tesla-sentry-mode-teslausb#part-2-rclone-configuration) Now that Raspbian is installed and configured, it's time to set up Rclone, the software that will actually transfer the files from the Raspberry Pi to Storj. (If you're not familiar with [Rclone](https://github.com/rclone) , it's Rsync for cloud storage.) Boot up that Pi and let' s keep it moving. The Rclone Setup Guide for teslausb is available at: [https://github.com/marcone/teslausb/blob/v2.5/doc/SetupRClone.md](https://github.com/marcone/teslausb/blob/v2.5/doc/SetupRClone.md) The steps you need to follow are also provided below: **SSH** into the Pi, become root and remount the file system's read-write: sudo -i/root/bin/remountfs_rw sudo -i/root/bin/remountfs_rw CopyCopied! **Install** Rclone: curl https://rclone.org/install.sh | sudo bash curl https://rclone.org/install.sh | sudo bash CopyCopied! **Configure** Rclone with the settings and Storj gateway credentials created above: # setup rclonerclone config# select n (New Remote)# namestorj-dcs-us1-gateway# select 4 (4 / Amazon S3 Compliant Storage Provider)4# select 13 (13 / Any other S3 compatible provider)13# select 1 (1 / Enter AWS credentials in the next step \ "false")1# enter access key# enter secret key# select 1 ( 1 / Use this if unsure. Will use v4 signatures and an empty region.\ "")1# enter endpoint (use your own endpoint, the example shows the Americas region gateway)https://gateway.us1.storjshare.io# use default location_constraint# use default ACL# edit advanced confign# review config and select default# quit configq # setup rclonerclone config# select n (New Remote)# namestorj-dcs-us1-gateway# select 4 (4 / Amazon S3 Compliant Storage Provider)4# select 13 (13 / Any other S3 compatible provider)13# select 1 (1 / Enter AWS credentials in the next step \ "false")1# enter access key# enter secret key# select 1 ( 1 / Use this if unsure. Will use v4 signatures and an empty region.\ "")1# enter endpoint (use your own endpoint, the example shows the Americas region gateway)https://gateway.us1.storjshare.io# use default location_constraint# use default ACL# edit advanced confign# review config and select default# quit configq CopyCopied! **Create** a bucket tesla-m3-cam for saving clips: # make bucketrclone mkdir storj-dcs-us1-gateway:tesla-m3-cam # make bucketrclone mkdir storj-dcs-us1-gateway:tesla-m3-cam CopyCopied! Update your `teslausb_setup_variables.conf`file in the boot directory with the following information. Ensure your Wifi variables are also set. If your variables have any spaces, please put your variables in quotes like this: "variable" # Variables for rclone archivingexport ARCHIVE_SYSTEM=rcloneexport RCLONE_DRIVE=storj-dcs-us1-gatewayexport RCLONE_PATH=tesla-m3-cam# The following is optional#export RCLONE_FLAGS=() # Variables for rclone archivingexport ARCHIVE_SYSTEM=rcloneexport RCLONE_DRIVE=storj-dcs-us1-gatewayexport RCLONE_PATH=tesla-m3-cam# The following is optional#export RCLONE_FLAGS=() CopyCopied! Shut down your Pi and plug it into your Tesla: If you are using a RPi4, you only need to plug the Pi via its USB-C cable into one of the Tesla's USB-C ports, this will provide power and data transfer. If using a RPi Zero W, you will need to use the usb/data USB port on the Pi. To test that everything is set up correctly, you can navigate to the Pi’s web interface at :80. Enable **_Honk to Save Clips_** on your Tesla, and then under the Tools page of your Raspberry Pi’s web interface, click the **_Trigger archive/sync_** button. Follow along on the **Archive log** page to see your clips being acknowledged and pushed to Storj. Finally, log in to your Storj account and take advantage of the [Object Browser](https://storj.dev/support/object-browser) to manage and share your clips! Previous [Starfish](https://storj.dev/dcs/third-party-tools/starfish) Next [TrueNAS](https://storj.dev/dcs/third-party-tools/truenas) --- # How do I hold STORJ tokens? What is a valid address or compatible wallet? - Storj Docs STORJ is an ERC-20 token running on the Ethereum platform. In order to receive and hold your STORJ token payouts, you should use an ERC-20 compatible wallet to which you hold the private key yourself. Several options are available: * [mycrypto](https://mycrypto.com/) * [MyEtherWallet](https://www.myetherwallet.com/) * [MetaMask](https://metamask.io/) You may also access a hardware wallet such as Trezor or Ledger Nano S from mycrypto or MyEtherWallet. This is the preferred and safest way to store your STORJ tokens. There are many more wallets available for ERC20 tokens - we only listed a few above that have proven to be most reliable/popular and offer good setup instructions and help sites. It is very important to note that an exchange address is not a valid address unless it is of the type that enables you to hold the private key yourself (decentralized exchange). Furthermore, please be sure that the ethereum address you use when you configure your storage node is one created by the wallet you choose. **Do not use the STORJ Token smart contract** address 0xB64ef51C888972c908CFacf59B47C1AfBC0Ab8aC as payout address! If you accidentally have specified that address in your storage node configuration as payout address, you will not be able to withdraw your funds as you are not controlling the private keys of this address yourself. If you discover that you have accidentally used the wrong payout address, please follow [these instructions](https://storj.dev/node/faq/how-do-i-change-my-parameters-such-as-payout-address-allotted-storage-space-and-bandwidth) to change the payout address to your own wallet address. Storj Labs will not be able to help you recover your funds if you have used any payout address that you do not hold the private keys of yourself. Previous [How do I estimate my potential earnings for a given amount of space and bandwidth?](https://storj.dev/node/faq/how-do-i-estimate-my-potential-earnings-for-given-amount-of-space-and-bandwidth) Next [How do I know the exchange rate for my payout?](https://storj.dev/node/faq/how-do-i-know-the-exchange-rate-for-my-payout) --- # How is the online score calculated? - Storj Docs The implementation matches the design doc here: [Storage Node Downtime Tracking with Audits](https://github.com/storj/storj/blob/c2a97aeb143791dd7edd8bea5bb43558a95b57de/docs/blueprints/storage-node-downtime-tracking-with-audits.md) . In production, we have 12-hour windows and a 30-day tracking period, which translates to 60 windows per tracking period and two windows a day. Every single audit the storage node gets will affect its online score to some extent. For example, if a node got audited during 30 seconds of downtime, that offline audit will have a negative effect on the `online_score` of the storage node. But other audits that happened inside the same 12 hour window will be equally weighted. So in one 12-hour window, if a storage node gets 1 offline audit and 10 total audits, the `online_score` _for that window_ will be 0.9. Then, the score for that window will be averaged with all the other windows in the 30-day tracking period to calculate the storage node's overall `online_score`. So if this storage node had perfect uptime outside of the 12-hour window mentioned above, the online score would be approximately (59 \* 1.0 + 1 \* 0.9)/60 = 0.99833 The `online_score` is reported back to nodes not immediately but with some delay (up to 12 hours), so it may not drop until long after the downtime happened. You may see a [graphical explanation](https://forum.storj.io/t/online-score-not-updating-2-weeks/26444/9?u=alexey) on the forum: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/34de4ae4675ad987b387f29be4342033e9b606bf.jpeg)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/34de4ae4675ad987b387f29be4342033e9b606bf.jpeg) You may use [these scripts](https://forum.storj.io/t/my-uptime-should-be-100-on-all-satellites-i-have-not-gotten-any-uptime-robot-notifications-of-downtime-in-months/14694/2?u=alexey) to find out when your node was offline. For a more detailed description of the downtime tracking calculations, please refer to this [blueprint](https://github.com/storj/storj/blob/c2a97aeb143791dd7edd8bea5bb43558a95b57de/docs/blueprints/storage-node-downtime-tracking-with-audits.md) . Previous [How does held back amount work?](https://storj.dev/node/faq/held-back-amount) Next [How to add an additional drive?](https://storj.dev/node/faq/how-to-add-an-additional-drive) --- # How do I check my node when I'm away from my machine? - Storj Docs We send e-mail notifications when your Node goes offline. In addition, a great way to stay updated with your Node's status is to use [UptimeRobot](https://uptimerobot.com/) . UptimeRobot will check to see if your port is listening every x minutes. When your port is not listening, you will receive an e-mail alerting you that your port is closed, which can indicate there is something wrong with your node. To get started, [sign up for an account](https://uptimerobot.com/signUp) . Once signed up, head over to your UptimeRobot [dashboard](https://uptimerobot.com/dashboard#mainDashboard) , and on the top left of the screen, select **Add New Monitor** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W1_AB1djeo-A-Ev4Q_XI6_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/W1_AB1djeo-A-Ev4Q_XI6_image.png) Next, select **port** in the **Monitor Type** dropdown, then enter your Node information. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/vf2KTNCSr0h5UgmuK_mGb_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/vf2KTNCSr0h5UgmuK_mGb_image.png) Select the e-mail you want the alerts to be sent to, then click **Create Monitor:** [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/00URcSr1Nij1prS_hJtDT_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/00URcSr1Nij1prS_hJtDT_image.png) You will now receive e-mail alerts when the port closes or opens. You can view more information and your node's history of downtime in the [dashboard](https://uptimerobot.com/dashboard#mainDashboard) . [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/GEXUX8KNxPBnex51dtO2n_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/GEXUX8KNxPBnex51dtO2n_image.png) Previous [How do I check my logs?](https://storj.dev/node/faq/check-logs) Next [How do I estimate my payouts per Satellite?](https://storj.dev/node/faq/estimate-payouts) --- # How to change the payment address for storagenode (v3 network) - Storj Docs To change the payment address for the storagenode (v3 network), please follow the instructions in our Storage Node Installation [FAQ](https://storj.dev/node/faq) section about [changing parameters](https://storj.dev/node/faq/how-do-i-change-my-parameters-such-as-payout-address-allotted-storage-space-and-bandwidth) . Previous [How to add an additional drive?](https://storj.dev/node/faq/how-to-add-an-additional-drive) Next [How to fix a "database disk image is malformed"](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed) --- # How do I estimate my payouts per Satellite? - Storj Docs If you would like to estimate how much you can expect to get paid for running your Node during a given month, please follow the instructions [here](https://forum.storj.io/t/earnings-calculator-update-2024-07-28-v14-1-0-now-shows-garbage-collection-progress-detailed-earnings-info-and-health-status-of-your-node-including-vetting-progress-and-garbage-collection-status/1794) . This information is also available on the [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) (docker) or [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) The script above can be used to check the estimations displayed on the dashboard and correctness of payout. If your node is working properly, the values for both sources should almost be the same. If you find significant discrepancies - please ask on the [forum](https://forum.storj.io/) . Please note that this script won't give you values as exact as what is shown on the dashboard until the payout is finished for the month in question; your actual payout may be slightly different from what you calculated for each Satellite. Also note that the script will estimate what payout you'll receive depending on how long you already have been running the Node on a Satellite. This also takes into account the amount withheld during the initial months which is not immediately paid out. Please see more details about held amounts in this blog post: [Sharing Storage Space for Fun and Profit](https://www.storj.io/blog/sharing-storage-space-for-fun-and-profit) . See also [Payout](https://storj.dev/node/payouts) regarding the [Payout](https://storj.dev/node/payouts) and [Payout](https://storj.dev/node/payouts) Previous [How do I check my node when I'm away from my machine?](https://storj.dev/node/faq/check-my-node) Next [How do I estimate my potential earnings for a given amount of space and bandwidth?](https://storj.dev/node/faq/how-do-i-estimate-my-potential-earnings-for-given-amount-of-space-and-bandwidth) --- # How does held back amount work? - Storj Docs The **held back amount (staked)** component provides a preferred way for Node Operators to exit the network. This model optimizes liveliness by deterring Nodes to exit the network without transferring their pieces (thus limiting repair costs). Importantly, this strikes an equilibrium between a very low cost of entry for Nodes while also way to insulate against the cost of data repair. Nodes don't need to provide any up-front stake to start earning STORJ tokens as a Storage Node Operator. Rather, during the first nine months of Storage Node Operation, a percentage of earnings are placed in a holding account. These funds are held until a Storage Node Operator chooses to leave the network. After the 15th month, a portion of the balance is returned to the Storage Node Operator, while the remainder is held indefinitely. If the Storage Node Operator uses the Graceful Exit function when leaving one or more satellites, the funds corresponding to the satellite(s) they exited will be returned in full after the exit is complete. If the Storage Node Operator exits the network abruptly without completing the Graceful Exit, the held back funds for all the satellites their node was operating on at the time of abrupt exit will be forfeited to offset the cost of data repair. The withholding function is structured with a tiered reduction in withholdings as the amount of time the Node is active on the network increases. Note that the node age used to calculate the applicable held amount percentage will be calculated separately for each satellite, so if a satellite is added to the network after the node first started operating, the node age for that new satellite will start counting from zero at the time the new satellite was added. The withholding model is as follows: * **Months 1-3**: 75% of Storage Node revenue is withheld, 25% is paid to the Storage Node Operator * **Months 4-6**: 50% of Storage Node revenue is withheld, 50% is paid to the Storage Node Operator * **Months 7-9**: 25% of Storage Node revenue is withheld, 75% is paid to the Storage Node Operator * **Months 10-15**: 100% of Storage Node revenue is paid to the storage node operator * **Month 16**: 50% of total withholdings are returned to Storage Node Operator, with the remaining 50% held until the node gracefully exits the network The withholding model is designed to incentivize and reward both-long term reliable Storage Nodes as well as Nodes that, when they do choose to leave the network, exit in a way that is least damaging to the network. Previous [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) Next [How is the online score calculated?](https://storj.dev/node/faq/how-the-online-score-is-calculated) --- # How do I shutdown my node for system maintenance? - Storj Docs If you need to shutdown the Storage Node for maintenance on your system, run: CLI InstallGUI Windows Install docker stop -t 300 storagenode docker stop -t 300 storagenode CopyCopied! After you finished your maintenance, restart the Node with: CLI InstallGUI Windows Install docker start storagenode docker start storagenode CopyCopied! Previous [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) Next [How does held back amount work?](https://storj.dev/node/faq/held-back-amount) --- # Node offline troubleshooting - Storj Docs If you have received a notification or email indicating that your node is offline, please do the following troubleshooting to bring it back online: 1. Check your port forwarding rule on your router, it should forward TCP+UDP ports (`28967` by default) to your PC/NAS with storagenode. Make sure that the IP in the port forwarding rule is the same as the IP of your PC/NAS. 2. Check that your external address on [https://www.yougetsignal.com/tools/open-ports/](https://www.yougetsignal.com/tools/open-ports/) matches the WAN IP on your router, otherwise your port forwarding rule will not work. 3. Check your external IP/address in the node config: * If you are running a node with Docker, please make sure that your `ADDRESS` option in the docker run command includes the port, for example: `-e ADDRESS=external.address.tld:28967` * In case of Windows GUI node, it's `contact.external-address:` (or deprecated `kademlia.external-address:`) parameter in the `"%ProgramFiles%\Storj\Storage Node\config.yaml"` config file. To edit the configuration file please use the **Notepad++** text editor, do not use the usual Notepad. contact.external-address: external.address.tld:28967 contact.external-address: external.address.tld:28967 CopyCopied! 4. If your public IP is not static, then you should register your own DDNS domain, for example on [NoIP](https://www.noip.com/) , and then use this domain as your external address. You also need to configure the updating of this domain with the current public IP on your router (it's usually configured in the DDNS section of your router settings) or with a special application from the DDNS provider. If you use NoIP, this application is called DUC. Make sure to use only one of those methods - either directly in the router configuration, or with the DUC application (or equivalent application if you use a different DDNS service than NoIP). 5. If you have a firewall, make an inbound rule to allow any traffic from any source and TCP+UDP node's listening ports (`28967` by default) and your PC/NAS as a destination. If you have any outbound restricted rule, then make an outbound rule for any traffic from any port of your PC/NAS as a source and any host with any port as a destination Previous [Is an account required to rent out drive space ?](https://storj.dev/node/faq/is-account-required) Next [Running a V3 Storage Node with PIA (VPN)](https://storj.dev/node/faq/running-node-via-pia) --- # How to fix database: file is not a database error - Storj Docs If your node was abruptly terminated due to power failure, the database file could be irreversible corrupted, you can see an error `Error starting master database on storagenode: database: file is not a database` in [your logs](https://storj.dev/node/faq/check-logs) . [Find out which database is corrupted](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error#find-out-which-database-is-corrupted) ========================================================================================================================================================= The Storage Node software might not mention which database is corrupted or errors displayed are not immediately understandable to the node operator. In this case we recommend to check all databases, as described in the article [How to fix a "database disk image is malformed"](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed) . Please note - the linked article will not help to recover database in state "file is not a database." Once you discovered which database is irreversibly corrupted, you can continue with fixing. [Recreate corrupted database(s)](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error#recreate-corrupted-database-s) ============================================================================================================================================ 1. [Stop the storagenode](https://storj.dev/node/faq/system-maintenance) 2. Delete the corrupted database(s), include file(s) with `.db-shm` and `.db-wal` extensions. 3. Move all remaining databases (`*.db`) to the backup folder (_the database files are placed in the storage location by default [unless you have changed that](https://forum.storj.io/search?q=move%20databases%20%23database%20%23sno-category%3Asno-faq%20) _). Please note, no databases should remain in the current database location, otherwise they will not be recreated in the next steps. The node will recreate all databases only if there wouldn't be any. 4. [Start the storagenode](https://storj.dev/node/faq/system-maintenance) _it will re-create all databases, but they will be empty. Wait until all migrations are applied_. 5. Stop the storagenode 6. Move backed up databases back with replace 7. Start the storagenode 8. [Check your logs](https://storj.dev/node/faq/check-logs) Please note - since we recreated the database(s) from scratch, some statistics such as bandwidth or disk usage and payout information for shutdown satellites (like the now deprecated Stefan, Europe-North-1 and US2 satellites) could be lost, however it will not prevent the storage node from working. [Still have issues?](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error#still-have-issues) ==================================================================================================================== Ask on the [forum](https://forum.storj.io/) ! Previous [How to fix a "database disk image is malformed"](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed) Next [How to remote access the web dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard) --- # Set up a storagenode on Odroid HC2 (video tutorial) - Storj Docs This is a video tutorial that explains how to set up `storagenode` on the Odroid HC2 board We thank our fellow community member Will Topping for sharing this contribution. Previous [Running a V3 Storage Node with PIA (VPN)](https://storj.dev/node/faq/running-node-via-pia) Next [Single and multi-node Port forwarding setup](https://storj.dev/node/faq/single-and-multinode-setup) --- # What if I'm using a remote connection? - Storj Docs If you must use a remote connection, due to the length of time it takes for some of the steps, it's highly recommended to run them inside a virtual console like [TMUX](https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/) or [SCREEN](https://linuxize.com/post/how-to-use-linux-screen/) . It is recommended to perform the next steps local to the machine, and **not** via a remote connection. Previous [Wallet address for storagenode](https://storj.dev/node/faq/wallet-address-for-storagenode) Next [What if I'm using the CLI Install on Windows / MacOS?](https://storj.dev/node/faq/cli-on-windows-mac) --- # How do I redirect my logs to a file? - Storj Docs 1\. To redirect the logs to a file, stop your Node: CLI InstallGUI WIndows Install docker stop -t 300 storagenode docker stop -t 300 storagenode CopyCopied! 2\. Then edit your `config.yaml` (you can use _nano_ or _vi_ editor for Linux/MacOS or _Notepad++_ for Windows) to add (or change) the log location (see [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) ): CLI InstallGUI Windows Install log.output: "/app/config/node.log" log.output: "/app/config/node.log" CopyCopied! You can find resulting log in the storage location. 3\. Start your Node again: CLI InstallGUI Windows Install docker start storagenode docker start storagenode CopyCopied! When you use this option, docker logs commands no longer show your node log. Use the file instead. Previous [Migrating from Windows GUI installation to Docker CLI](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli) Next [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) --- # Is an account required to rent out drive space ? - Storj Docs **No**. You do not need to create an account to start earning STORJ tokens by renting your drive space. All you need to do is run the storagenode software and [configure it properly](https://storj.dev/node) . Note that [the V2 network has been shutdown in January 2020](https://forum.storj.io/t/v2-is-officially-shut-down/4250) as v3 in [Production](https://www.storj.io/blog/announcing-early-access-for-tardigrade) now, so it is not possible to start farming with new nodes on V2 anymore. You can learn about how to sign up to become a Storage Node Operator on the V3 network [here](https://storj.dev/node/get-started/setup) . Previous [Install storagenode on Raspberry Pi3 or higher version](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version) Next [Node offline troubleshooting](https://storj.dev/node/faq/node-offline-troubleshooting) --- # How do I setup static mount via /etc/fstab for Linux? - Storj Docs First, run the following command and find the name of the hard drive you wish to use (for example sda2) lsblk lsblk CopyCopied! Once you find it, we will now get the Unique ID (**UUID**) of the hard drive lsblk -d -fs /dev/ lsblk -d -fs /dev/ CopyCopied! ‌Copy the **UUID**, as well as the **FSTYPE.** We’ll need that later.‌ Next, we will create a new directory in the /mnt folder where you want your Storj files to be stored; you can name this directory whatever you would like. sudo mkdir /mnt/ sudo mkdir /mnt/ CopyCopied! ‌Next, we will add our hard drive to the **etc/fstab** file sudo nano /etc/fstab sudo nano /etc/fstab CopyCopied! ‌Add the following line at the end of the file: UUID= /mnt/ defaults 0 2 UUID= /mnt/ defaults 0 2 CopyCopied! ‌To save changes, press `Ctrl-X`, `Y`, `Enter` Once saved, run the following command: sudo mount -a sudo mount -a CopyCopied! ‌That’s it!‌ If you’d like to confirm, you can run this command again and your new mount point will be updated in the mount column lsblk -d -fs /dev/ lsblk -d -fs /dev/ CopyCopied! ‌Congrats, you’ve successfully static mounted your hard drive! Previous [How do I redirect my logs to a file?](https://storj.dev/node/faq/redirect-logs) Next [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) --- # Frequently Asked Questions - Storj Docs [Maintenance](https://storj.dev/node/faq#maintenance) ------------------------------------------------------ [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) [Migration](https://storj.dev/node/faq#migration) -------------------------------------------------- [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) [Migrating from Windows GUI installation to Docker CLI](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli) [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows) [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) [Monitoring](https://storj.dev/node/faq#monitoring) ---------------------------------------------------- [How do I check my logs?](https://storj.dev/node/faq/check-logs) [How do I redirect my logs to a file?](https://storj.dev/node/faq/redirect-logs) [Payouts](https://storj.dev/node/faq#payouts) ---------------------------------------------- [How do I estimate my potential earnings for a given amount of space and bandwidth?](https://storj.dev/node/faq/how-do-i-estimate-my-potential-earnings-for-given-amount-of-space-and-bandwidth) [How do I estimate my payouts per Satellite?](https://storj.dev/node/faq/estimate-payouts) [How does held back amount work?](https://storj.dev/node/faq/held-back-amount) [How do I check my L2 zkSync payouts?](https://storj.dev/node/faq/how-do-i-check-my-l2-payouts) [Why are my payouts so low?](https://storj.dev/node/faq/low-payouts) [How do I know the exchange rate for my payout?](https://storj.dev/node/faq/how-do-i-know-the-exchange-rate-for-my-payout) [What tax forms do Storage Node Operators need to submit?](https://storj.dev/node/faq/what-tax-forms-do-storage-node-operators-need-to-submit) [Wallet address](https://storj.dev/node/faq#wallet-address) ------------------------------------------------------------ [Wallet address for storagenode](https://storj.dev/node/faq/wallet-address-for-storagenode) [Can Storj use a different blockchain for payments?](https://storj.dev/node/faq/can-storj-use-other-blockchain) [Why does Storj Labs not pay Storage Node Operators directly in USD?](https://storj.dev/node/faq/why-not-pay-in-fiat) [How do I hold STORJ? What is a valid address or compatible wallet?](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) [Can we use an exchange as a wallet for STORJ tokens?](https://storj.dev/node/faq/can-we-use-an-exchange-as-a-wallet-for-storj-tokens) [How to change the payment address for storagenode (v3 network)](https://storj.dev/node/faq/how-to-change-the-payment-address-for-storagenode) [Tokens](https://storj.dev/node/faq#tokens) -------------------------------------------- [What is the STORJ token?](https://storj.dev/node/faq/what-is-the-storj-token) [How can I use the STORJ token as form of payment?](https://storj.dev/support/account-management-billing/payment-methods/how-can-I-use-the-storj-token-to-pay) [Remote access](https://storj.dev/node/faq#remote-access) ---------------------------------------------------------- [How do I check my node when I'm away from my machine?](https://storj.dev/node/faq/check-my-node) [What if I'm using a remote connection?](https://storj.dev/node/faq/remote-connection) [How to remote access the web dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard) [Reputation](https://storj.dev/node/faq#reputation) ---------------------------------------------------- [How is the online score calculated?](https://storj.dev/node/faq/how-the-online-score-is-calculated) [Audits by satellite](https://storj.dev/node/faq/audits-by-satellite) [Settings](https://storj.dev/node/faq#settings) ------------------------------------------------ [How to add an additional drive?](https://storj.dev/node/faq/how-to-add-an-additional-drive) [Single and multi-node Port forwarding setup](https://storj.dev/node/faq/single-and-multinode-setup) [What other commands can I run?](https://storj.dev/node/faq/other-commands) [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) [How do I change values like wallet address or storage capacity?](https://storj.dev/node/faq/how-do-i-change-my-parameters-such-as-payout-address-allotted-storage-space-and-bandwidth) [What if I'm using the CLI Install on Windows / MacOS?](https://storj.dev/node/faq/cli-on-windows-mac) [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) [Storage](https://storj.dev/node/faq#storage) ---------------------------------------------- [Why am I not storing more data?](https://storj.dev/node/faq/storing-more-data) [Why is the network not using all of my storage and bandwidth?](https://storj.dev/node/faq/storage-bandwidth-usage) [Troubleshooting](https://storj.dev/node/faq#troubleshooting) -------------------------------------------------------------- [What if my machine restarts or shuts down?](https://storj.dev/node/faq/machine-restart-shutdown) [Node offline troubleshooting](https://storj.dev/node/faq/node-offline-troubleshooting) [Why is my node disqualified?](https://storj.dev/node/faq/why-is-my-node-disqualified) [Suspension mode](https://storj.dev/node/faq/suspension-mode) [Updates](https://storj.dev/node/faq#updates) ---------------------------------------------- [Where can I check for a new version?](https://storj.dev/node/faq/where-can-i-check-for-a-new-version) * * * [Need help?](https://storj.dev/node/faq#need-help) --------------------------------------------------- If you still couldn't find the answers to your questions, visit our [Help Center](https://storj.dev/support) Previous [ZkSync Payments](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) Next [Audits by satellite](https://storj.dev/node/faq/audits-by-satellite) --- # What if I'm using the CLI Install on Windows / MacOS? - Storj Docs Your Node may require extra monitoring. You may have to frequently restart Docker from the Docker desktop application when your Last Contact shown in the dashboard gets OFFLINE. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/TP1GtoM230mATj-SyjK4w_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/TP1GtoM230mATj-SyjK4w_image.png) Previous [What if I'm using a remote connection?](https://storj.dev/node/faq/remote-connection) Next [What if my machine restarts or shuts down?](https://storj.dev/node/faq/machine-restart-shutdown) --- # Suspension mode - Storj Docs An overview of the [suspension mode design](https://forum.storj.io/t/design-draft-storage-node-suspended-state/4606?u=alexey) [How does suspension mode work?](https://forum.storj.io/t/suspension-mode-and-disqualification-emails/6091) [Explanation regarding suspension mode notification emails](https://forum.storj.io/t/node-suspension/6102/111) [What should I do?](https://storj.dev/node/faq/suspension-mode#what-should-i-do) ================================================================================= Please, search for the reason for failed audit [in your logs](https://storj.dev/node/faq/check-logs) . You should try to find the errors on the affected satellite(s) starting around the timestamp mentioned in the suspension mode notification email you received. [Linux/MacOS bash](https://storj.dev/node/faq/suspension-mode#linux-mac-os-bash) --------------------------------------------------------------------------------- docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep failed docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep failed CopyCopied! [Linux/MacOS bash for](https://storj.dev/node/faq/suspension-mode#) [redirected logs](https://storj.dev/node/faq/redirect-logs) --------------------------------------------------------------------------------------------------------------------------------- grep -E "GET_AUDIT|GET_REPAIR" /mnt/storj/storagenode/node.log | grep failed grep -E "GET_AUDIT|GET_REPAIR" /mnt/storj/storagenode/node.log | grep failed CopyCopied! [Windows Docker Powershell](https://storj.dev/node/faq/suspension-mode#windows-docker-powershell) -------------------------------------------------------------------------------------------------- docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls failed docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls failed CopyCopied! [Windows GUI Powershell](https://storj.dev/node/faq/suspension-mode#windows-gui-powershell) -------------------------------------------------------------------------------------------- sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls failed sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls failed CopyCopied! [Windows Powershell for](https://storj.dev/node/faq/suspension-mode#) [redirected logs](https://storj.dev/node/faq/redirect-logs) ----------------------------------------------------------------------------------------------------------------------------------- sls "GET_AUDIT|GET_REPAIR" "x:\storagenode\node.log" | sls failed sls "GET_AUDIT|GET_REPAIR" "x:\storagenode\node.log" | sls failed CopyCopied! Once you have found the error(s), search for threads mentioning these errors [on the forum](https://forum.storj.io/search?expanded=true) so you can find what are the steps to fix the error. Once you have fixed the error that led your node to get suspended, it should get unsuspended fairly soon after and you should start seeing new uploads for that satellite in your logs, which indicates that the node is no longer suspended. Previous [Single and multi-node Port forwarding setup](https://storj.dev/node/faq/single-and-multinode-setup) Next [Wallet address for storagenode](https://storj.dev/node/faq/wallet-address-for-storagenode) --- # Single and multi-node Port forwarding setup - Storj Docs When the outside world is trying to reach a specific node, it basically has to go through a few steps. We are going to include the Docker setup steps in case you want to use it on the other system or in case someone else with a docker setup has the same question. [Single node setup](https://storj.dev/node/faq/single-and-multinode-setup#single-node-setup) ============================================================================================= outside world => 28967 => router => 28967 => node machine \[ => 28967 => docker container\] For single node, you will use the same port number throughout, so you can just use port `28967` everywhere. This makes the settings easier. However, there are several places where you can adjust ports and forward ports to other ports. That will become relevant in multi-node setups. [Multi-machine multi-node setup](https://storj.dev/node/faq/single-and-multinode-setup#multi-machine-multi-node-setup) ======================================================================================================================= In a multi-machine setup for example, it could look like this. * node1: outside world => 28967 => router => 28967 => node machine1 \[ => 28967 => docker container\] * node2: outside world => 28968 => router => 28967 => node machine2 \[ => 28967 => docker container\] In this setup, your router translates external port `28968` to internal port `28967` on machine2. This means machine 2 is still listening on the default `28967` port, but if the outside world wants to reach it, it has to talk to external port `28968`. [Single-machine multi-node setup](https://storj.dev/node/faq/single-and-multinode-setup#single-machine-multi-node-setup) ========================================================================================================================= Only use this setup if you want to share multiple HDD’s on a single machine. There is no advantage to be gained from running multiple nodes on the same HDD or array. This would not result in your nodes getting more data than if you were running only one single node on your hard drive. In a single-machine setup with multiple nodes, it could look like this. * node1: outside world => 28967 => router => 28967 => node machine1 \[ => 28967 => docker container\] * node2: outside world => 28968 => router => 28968 => node machine1 \[ => 28967 => docker container\] In this setup your router forwards both ports to the same machine without changing them. That machine then has to deal with port `28968` for node2. There are two options. 1. On setups without Docker, make the node2 listen to port `28968` by changing the `config.yaml` 2. On Docker node setups, change the port forward parameter in the `docker run` command for node2 to `-p 28968:28967`. Please note that these port numbers are different, because traffic on the machine is received on external port `28968` but translated to internal port `28967` inside the container. Because of this translation, no change in the `config.yaml` is necessary for these setups. [Related settings](https://storj.dev/node/faq/single-and-multinode-setup#related-settings) ------------------------------------------------------------------------------------------- For the second node in multi-node setups, this translates to the following settings in config.yaml: # public address to listen onserver.address: :28967 # public address to listen onserver.address: :28967 CopyCopied! This setting refers to the port the node is listening on. Without Docker: outside world => 28968 => router => **28967** => node machine With Docker: outside world => 28968 => router => 28967 => node machine => **28967** => docker container # the public address of the node, useful for nodes behind NATcontact.external-address: yourddns.domain.com:28968 # the public address of the node, useful for nodes behind NATcontact.external-address: yourddns.domain.com:28968 CopyCopied! This setting refers to where the outside world can contact the node. outside world => **28968** => router => 28967 => node machine \[ => 28967 => docker container\] Note: For Docker setups, this value is set through the `-e ADDRESS="yourddns.domain.com:28967"` parameter in the `docker run` command. [Common mistakes](https://storj.dev/node/faq/single-and-multinode-setup#common-mistakes) ========================================================================================= [Forwarding twice](https://storj.dev/node/faq/single-and-multinode-setup#forwarding-twice) ------------------------------------------------------------------------------------------- Have the router forward `28968` to `28967`, but also do the same in your `docker run` command with `-p 28968:28967` outside world => 28968 => router => **28967** / **28968** => node machine => 28967 => Docker container The ports that the node machine receives traffic on and Docker expects traffic on no longer match, so it doesn’t go through. [Changing the port your node listens to while also translating ports](https://storj.dev/node/faq/single-and-multinode-setup#changing-the-port-your-node-listens-to-while-also-translating-ports) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- # public address to listen onserver.address: :28968 # public address to listen onserver.address: :28968 CopyCopied! With `-p 28968:28967` in the `docker run` command. outside world => 28968 => router => 28968 => node machine => **28967** / **28968** => Docker container. The Docker container gets traffic on `28967`, but the node listens on `28968`. [Using the same port on the same machine for multiple nodes](https://storj.dev/node/faq/single-and-multinode-setup#using-the-same-port-on-the-same-machine-for-multiple-nodes) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Different nodes always need to use different ports. Traffic can’t go through one port and then be split up again. This is why when you use a single machine, you can’t have your router forward both port `28967` and `28968` to `28967` on the same machine, but you can use the same port on multiple machine setups. The same goes for containers with docker setups. Multiple nodes can all listen to port `28967` as long as they are in multiple containers. [In general](https://storj.dev/node/faq/single-and-multinode-setup#in-general) ------------------------------------------------------------------------------- Mistakes usually consist of anything that breaks this chain. It’s important that in every step, the port that traffic is being sent to is also the port the next element in the chain is listening to. This can be complicated even more if people run multiple NAT setups and when firewalls get in the way. But that’s out of scope for this post. This article was adapted from the original forum post [by author René Smeekes (@BrightSilence)](https://forum.storj.io/t/setting-up-second-machine-with-storj-on-same-network/5953/4?u=alexey) Previous [Set up a storagenode on Odroid HC2 (video tutorial)](https://storj.dev/node/faq/set-up-a-storagenode-on-droid-hc2-video-tutorial) Next [Suspension mode](https://storj.dev/node/faq/suspension-mode) --- # How to migrate the Windows GUI node from one physical location to another? - Storj Docs To be able to move an existing node to a different physical location (different PC) we should transfer both the node's identity and the data. It is neither sufficient to only migrate the identity nor to only move the data to the new location, we need to do both. First, we need to know where the identity is currently stored on your original machine. If you didn't change the default path, your identity is usually located by default in `"%AppData%\Storj\Identity\storagenode"`. You can open this path in the Explorer or with `cmd`. We will assume that you can connect to your node directly via the local network. Please, read documentation about a `robocopy command:` [`https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy`](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy) [Both PCs at the local network location](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other#both-pcs-at-the-local-network-location) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Please create an identity folder on your new PC with the same name as the identity folder you had on your old PC, and share it to the network. For example, assuming your new PC is called `PC2` and the user on it is called `user`, then you can open `cmd` on the first PC and execute the command: robocopy "%AppData%\Storj\Identity\storagenode" \\pc2\Users\user\AppData\Roaming\Storj\Identity\storagenode /MIR robocopy "%AppData%\Storj\Identity\storagenode" \\pc2\Users\user\AppData\Roaming\Storj\Identity\storagenode /MIR CopyCopied! Using the same approach, you should also transfer the data. We will assume that the storage folder on the second PC is called `storage`. You can share that folder the same way as you did for the identity. Please run this command while your node is running: robocopy d:\storagenode \\pc2\storage /MIR robocopy d:\storagenode \\pc2\storage /MIR CopyCopied! Using the same approach, you also transfer the orders folder. By default the `orders` folder is located in the setup location, i.e. `"%ProgramFiles%\Storj\Storage Node\orders"`. You need to share this folder on the destination PC in the same way as the previous folders. Please run this command while your node is running: robocopy "%ProgramFiles%\Storj\Storage Node\orders" \\pc2\orders /MIR robocopy "%ProgramFiles%\Storj\Storage Node\orders" \\pc2\orders /MIR CopyCopied! While these commands are executing, you should make a port forwarding rule on your router for the future storagenode on the second PC, as described in [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) . After the above `robocopy` commands have finished executing for the first time, you should run them several more times until the difference will be negligible. Then you can stop the storagenode service on the first PC in the elevated `cmd`: net stop storagenode net stop storagenode CopyCopied! Then run the commands for copying the data and orders one last time. Now you should uninstall the storagenode Windows GUI version from your first PC and install it on the new PC following these instructions: [GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) , but please skip the steps for receiving the authorization token and generating the identity. You must provide the correct path to the locations of your copied identity and to the copied data during the installation wizard. The network-attached storage location could work, but it is neither supported nor recommended! ### [Remote location](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other#remote-location) There are plenty of options how to transfer the identity and data to the remote location, here are some examples: * [Storj](https://www.storj.io/) * ftp service * file sharing services * BitTorrent * Resilio sync * Team Viewer Depending on what type of data transfer you have selected, you can transfer the data while your node is running, but you need to sync for a second time after you have shut down the source node to transfer the last-changed pieces (BitTorrent and Resilio Sync). Unfortunately, most of these services will require you to first stop the source node while you transfer the data, in which case you should not run it again. If your node would be offline to much (more than 288 hours) it can be suspended and if it would be offline more than 30 days it can be disqualified. So, you should try to bring your node online again as soon as possible. Previous [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) Next [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows) --- # What if my machine restarts or shuts down? - Storj Docs If you have properly mounted your hard drive (if on Linux, [How do I setup static mount via /etc/fstab for Linux?](https://storj.dev/node/faq/linux-static-mount) ), then your Node should start up again automatically after your machine has rebooted. However, power failures on [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) or other abrupt disconnections may cause database corruption leading to errors such as: `database error: database disk image is malformed` or `database: file is not a database` in [How do I check my logs?](https://storj.dev/node/faq/check-logs) ). Incorrect mounting could lead the Node to not recognize the proper data location where the Node was previously storing the data, resulting in node crash. In case of using the storagenode docker version, it will continuously restarted until the Node Operator would fix the problem. In case of using the Windows GUI, the service will not restart automatically and the Node Operator should fix the problem and [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) . Such failures should be attended to immediately as they can lead to the node getting disqualified. [Here are instructions on how to fix a malformed database disk image](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed) . If the database is not recognized ("file is not a database"), recovery of this database will be impossible, and you will need to [recreate it](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error) . If you need assistance, please ask on our [forum](https://forum.storj.io/c/sno-category) . Previous [What if I'm using the CLI Install on Windows / MacOS?](https://storj.dev/node/faq/cli-on-windows-mac) Next [What is the STORJ token?](https://storj.dev/node/faq/what-is-the-storj-token) --- # How to fix a "database disk image is malformed" - Storj Docs [Problem](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed#problem) ============================================================================================ Sometimes a Storage Node Operator may encounter the "database disk image is malformed" error in their log. This could happen during unplanned shutdown or reboot. The error indicates that one or more of the `sqlite3` databases may have become corrupted. [Solution](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed#solution) ============================================================================================== Firstly, we should try to verify the database with an embedded SQLite3 command. So, we need to have `sqlite3` installed (v3.25.2 or later). The installation steps depend on the OS. 1. [Stop the storagenode](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed) 2. Make a backup of all the sqlite3 databases. They are located in the storage folder for your data storage. For example `x:\storagenode\storage\bandwidth.db`, where `x:\storagenode` is the data folder you had specified in the `--mount type=bind,source=x:\storagenode,destination=/app/config` option of the `docker run` command for your storagenode, or `x:\storagenode\storage` in case of using the Windows GUI, in the `storage.path:` option of the [config.yaml](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) file. 3. Check each database for errors. We will use `bandwidth.db` as an example in this guide. Docker version of sqlite3Direct installation of sqlite3 We will use Docker instead of direct installation (this option is available only for x86\_64 CPUs, for arm-based boards you will need to install sqlite3 via the package manager of your OS). See the next tab. replace ${PWD} with an absolute path to the databases location, or simple switch the current location to there docker run --rm -it --mount type=bind,source=${PWD},destination=/data sstc/sqlite3 find . -maxdepth 1 -iname "*.db" -print0 -exec sqlite3 '{}' 'PRAGMA integrity_check;' ';' docker run --rm -it --mount type=bind,source=${PWD},destination=/data sstc/sqlite3 find . -maxdepth 1 -iname "*.db" -print0 -exec sqlite3 '{}' 'PRAGMA integrity_check;' ';' CopyCopied! 4. If you see errors in the output, then the check did not pass. We will unload all uncorrupted data and then load it back. But this could sometimes fail, too. If no errors occur here, you can skip all the following steps and start the storagenode again. 5. If you were not lucky and the check failed, then please try to fix the corrupted database(s) as shown below. 6. Open a shell Docker version of sqlite3Direct installation of sqlite3 Open a shell Inside the container: docker run --rm -it --mount type=bind,source=x:\storagenode\storage,destination=/storage sstc/sqlite3 sh docker run --rm -it --mount type=bind,source=x:\storagenode\storage,destination=/storage sstc/sqlite3 sh CopyCopied! Tip. You can use tmpfs to restore your databases. It uses memory instead of disk and should take a lot less time than on HDD (you can read more about usage of tmpfs with Docker in the Use tmpfs mounts guide or this forum comment). For Windows or MacOS you must increase the allocated RAM for the docker's VM via Docker desktop application to fit a double size of the greatest corrupted database file in case of usage of tmpfs. 7. Now run the following commands in the shell. You need to repeat steps 7 to 12 for each corrupted sqlite3 database: cp /storage/bandwidth.db /storage/bandwidth.db.baksqlite3 /storage/bandwidth.db cp /storage/bandwidth.db /storage/bandwidth.db.baksqlite3 /storage/bandwidth.db CopyCopied! 8. You will see a prompt from sqlite3. Run this SQL script: .mode insert.output /storage/dump_all.sql.dump.exit .mode insert.output /storage/dump_all.sql.dump.exit CopyCopied! 9. We will edit the SQL file dump\_all.sql Linux or docker versionPowerShell (Windows) with a local sqlite3 version { echo "PRAGMA synchronous = OFF ;"; cat /storage/dump_all.sql; } | grep -v -e TRANSACTION -e ROLLBACK -e COMMIT >/storage/dump_all_notrans.sql { echo "PRAGMA synchronous = OFF ;"; cat /storage/dump_all.sql; } | grep -v -e TRANSACTION -e ROLLBACK -e COMMIT >/storage/dump_all_notrans.sql CopyCopied! 10. Remove the corrupted database (make sure that you have a backup!) rm /storage/bandwidth.db rm /storage/bandwidth.db CopyCopied! 11. Now we will load the unloaded data into the new database sqlite3 /storage/bandwidth.db ".read /storage/dump_all_notrans.sql" sqlite3 /storage/bandwidth.db ".read /storage/dump_all_notrans.sql" CopyCopied! 12. Check that the new database (bandwidth.db in our example) has a size larger than 0: Linux or docker versionPowerShell (Windows) with a local sqlite3 version ls -l /storage/bandwidth.db ls -l /storage/bandwidth.db CopyCopied! 13. Exit from the container (skip this step, if you use a directly installed sqlite3) exit exit CopyCopied! 14. If you are lucky and all corrupted `sqlite3` databases are fixed, then you can start the storagenode again. Warning. If you were not successful with the fix of the database, then your stat is lost. You need to follow the guide [How to fix database: file is not a database error](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error) . [Prevention](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed#prevention) ================================================================================================== On Windows: disable the write cache. Consider migrating to the [Windows GUI](https://storj.dev/node/get-started/install-node-software/gui-windows/storage-node) instead of using Docker. On Unraid: update to the latest version of the platform (the bug is fixed in the 6.8.0-rc5 as seen in [this comment](https://forums.unraid.net/bug-reports/prereleases/sqlite-data-corruption-testing-r664/page/4/?tab=comments#comment-6650) ) or rollback to version [6.6.7](https://forums.unraid.net/topic/80439-downgraded-back-to-667-due-to-sqlite-corruption/) . On Docker: use the updated docker run command from the documentation: [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) [Common Problems](https://storj.dev/node/faq/how-to-fix-a-database-disk-image-is-malformed#common-problems) ------------------------------------------------------------------------------------------------------------ Make sure that you are not using NFS or SMB to connect to the storage, they are not compatible with SQLite. The only working network protocol is iSCSI. Make sure that your external USB drive has enough power and it does not turn off during operations. It's better to avoid using them and use only internal drives. Previous [How to change the payment address for storagenode (v3 network)](https://storj.dev/node/faq/how-to-change-the-payment-address-for-storagenode) Next [How to fix database: file is not a database error](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error) --- # How to remote access the web dashboard - Storj Docs [Access the Single Node Dashboard Using ssh](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#access-the-single-node-dashboard-using-ssh) =========================================================================================================================================================== [Enable the web dashboard for your setup](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#enable-the-web-dashboard-for-your-setup) ----------------------------------------------------------------------------------------------------------------------------------------------------- WindowsLinuxMacOS See [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) or [Dashboard CLI](https://storj.dev/node/get-started/install-node-software/cli/dashboard-cli) for docker version [Install a ssh server on your PC with the storagenode](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#install-a-ssh-server-on-your-pc-with-the-storagenode) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- WindowsLinuxMacOS [Get started with OpenSSH for Windows](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui) [Install a ssh client on your device](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#install-a-ssh-client-on-your-device) --------------------------------------------------------------------------------------------------------------------------------------------- WindowsLinuxMacOS Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 CopyCopied! [Get started with OpenSSH for Windows](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui) [Check connection](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#check-connection) ------------------------------------------------------------------------------------------------------- Here we will use a _user_ as user on the remote ssh server, and _server_ as hostname or IP of the remote ssh server. WindowsMacOSLinuxAndroidiOS ssh user@server ssh user@server CopyCopied! `Password:` `user@server:~$` ### [Port forwarding](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#port-forwarding) WindowsLinuxMacOSAndroidiOS ssh -L 14002:localhost:14002 user@server ssh -L 14002:localhost:14002 user@server CopyCopied! Navigate to [http://localhost:14002](http://localhost:14002/) in your browser, you should see a web dashboard of your storagenode. The connection can be established to your ssh server at that stage from the LAN, however, to publish your ssh server to the internet we need to secure it first. We should enable a key-only way to log in to your server. To be able to do so we need to generate and export your ssh public key to your ssh server before disabling the password login. ### [Generate ssh keys](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#generate-ssh-keys) WindowsLinuxMacOSAndroidiOS ssh-keygen ssh-keygen CopyCopied! ### [Export public key from the ssh client to the ssh server](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#export-public-key-from-the-ssh-client-to-the-ssh-server) WindowsLinuxMacOSAndroidiOS If the ssh server is a Windows machine, then you can use this guide: [Deploying the public key](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#deploying-the-public-key) . Otherwise, use the Powershell: cat ~/.ssh/id_rsa.pub | ssh user@server "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" cat ~/.ssh/id_rsa.pub | ssh user@server "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" CopyCopied! [Disable the password login on your ssh server with storagenode](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#disable-the-password-login-on-your-ssh-server-with-storagenode) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- WindowsLinuxMacOS We need to specify options `PubkeyAuthentication yes` and `PasswordAuthentication no` in the config file for the ssh daemon. So, return back to your server with storagenode. You can use a ssh terminal to make these modifications, but be careful - if you have not added your key to the `.ssh/authorized_keys` file on your ssh server on previous steps, you will lose an access via ssh to your server. Open the config file `%programdata%\ssh\sshd_config` with Notepad++ and set options `PubkeyAuthentication yes` and `PasswordAuthentication no`, save changes and restart the `sshd` service either from the **Services** applet or from the elevated Powershell: Restart-Service sshd Restart-Service sshd CopyCopied! [Windows Configurations in sshd\_config](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration#windows-configurations-in-sshd_config) Now check your connection: try to connect from your ssh client again, it should now use the ssh key for authentication instead of a password. To add more security you can install applications such as `fail2ban` to your Linux or macOS server. Now, you can make a port forwarding rule on your router for the `22` TCP port (default ssh port) to your ssh server. For more security we recommend to forward an unusual port to the 22 port of the PC with ssh. [Access nodes stat using Multinode Dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard#access-nodes-stat-using-multinode-dashboard) ============================================================================================================================================================= See [Multinode Dashboard (Preview)](https://forum.storj.io/t/tech-preview-multinode-dashboard-binaries/14572) for details. Previous [How to fix database: file is not a database error](https://storj.dev/node/faq/how-to-fix-database-file-is-not-a-database-error) Next [Install storagenode on Raspberry Pi3 or higher version](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version) --- # How to add an additional drive? - Storj Docs We recommend to run a new node, if you want to add an additional hard drive. All nodes behind the same subnet /24 of a public IP are treated as a single node for ingress traffic and as separate ones for egress traffic (to the customers, repair and audit) - this is because we want to be decentralized as much as possible. Adding more drives/nodes will not increase the ingress traffic, only usage by customers can do this. You can, of course, use RAID instead, but this reduncancy not required for the network's operation - the network itself has a built-in redundancy due to the usage of erasure codes: the customer needs only a subset of pieces out of total to reconstruct the whole file. If you would like to use RAID anyway, please note - your node will not receive more customer data only because you use RAID, this will not affect the node selection. Using RAID0 (LVM, spanned drives, JBOD, etc.) is not recommended - with only one disk failure the whole node is lost. Even using RAID5/6 with today's disks is too risky due to bit failure rate on disks with high capacity: [High risk to lose a RAID5 volume during rebuild](https://forum.storj.io/t/hardware-configuration-and-receiving-mail-with-token/6445/4?u=alexey) . You can also read the discussion [RAID vs No RAID on our forum](https://forum.storj.io/t/raid-vs-no-raid-choice/6776) . Each node must have its own generated unique identity signed with a new authorization token. Using a copy of the same identity but different tokens will result in disqualification as it is the same identity but with missing data. [General rules to run multiple nodes in the same network](https://storj.dev/node/faq/how-to-add-an-additional-drive#general-rules-to-run-multiple-nodes-in-the-same-network) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- If you have only one external address, then you need to have a unique port for each storagenode. The default port for storagenode is `28967`, protocols `TCP+UDP`. # the public address of the node, useful for nodes behind NATcontact.external-address: "my.ddns.tld:28967" # the public address of the node, useful for nodes behind NATcontact.external-address: "my.ddns.tld:28967" CopyCopied! If you want to add an additional new node, you can use the next free port or simply increase the previous used port by 1, for example - `28968`. If you run multiple nodes on the same device, you will need a unique port for the dashboard too. The default port for the dashboard is `14002` TCP. # server address of the api gateway and frontend app# console.address: 127.0.0.1:14002 # server address of the api gateway and frontend app# console.address: 127.0.0.1:14002 CopyCopied! You can use the same rule as for the node's port to select any free port or simply increase the port number by 1, for example - `14003`. Don't forget to uncomment the parameter in your config (remove `#` with space after, each option should be started without spaces)! You need to forward only the external node's port. Please, do not forward the dashboard's port - it has no protection and anyone on the internet can see your private information. See [How to remote access the web dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard) guide to connect to your dashboard remotely. If you run a binary version of storagenode ([GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) for example) or a docker version with `--network host` option, you also need to have unique internal ports. For the node's CLI dashboard, the default internal address and port is `127.0.0.1:7778`, it is specified in the `server.private-address` option. # private address to listen onserver.private-address: 127.0.0.1:7778 # private address to listen onserver.private-address: 127.0.0.1:7778 CopyCopied! For the second and any further nodes, you need to specify a unique port for each node there, too. The next parameter to change the port is `server.address`, it contains an internal listen node's address and port, specified as `:28967` (this is equivalent to `0.0.0.0:28967`, i.e. it will bind to any local IP) by default. # public address to listen onserver.address: :28967 # public address to listen onserver.address: :28967 CopyCopied! You need to make these changes for the second and any further additional nodes as well. [Forwarding options](https://storj.dev/node/faq/how-to-add-an-additional-drive#forwarding-options) --------------------------------------------------------------------------------------------------- For example, you decided to configure your second node with port `28968`. Then you can forward this port to the internal `28967` port, if the destination local IP is different from the first node. If both nodes are running on the same host, then you need to forward `28968` to `28968` and use this port in the `contact.external-address:` option of the `config.yaml` (in case of binary) or `-e ADDRESS` parameter of `docker run` in case of docker. If you use a binary version (or `docker run` with `--network host`), you also need to specify this port in the `server.address:` too. In summary: 1. you need to change the `contact.external-address:` option in `config.yaml` in case of binary or `-e ADDRESS` parameter of `docker run` in case of docker to use the external address and port, i.e. `my.ddns.tld:28968`. 2. if the second node is running on another device, you can forward `28968` to `28967`, nothing else is needed to change in the second node configuration except the external address above; 3. if the second node is running on the same device as the first one, you need to forward `28968` to `28968`, change the `server.address:` option in the `config.yaml` (in case of binary or `docker run` with `--network host`) or `-p 28968:28967` parameter in `docker run` command (in case of docker without `--network host`). See KB article [Single and multi-node Port forwarding setup](https://storj.dev/node/faq/single-and-multinode-setup) for details. See [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) section for general port forwarding configuration. [Docker version](https://storj.dev/node/faq/how-to-add-an-additional-drive#docker-version) ------------------------------------------------------------------------------------------- We assume that the second node would be run on the same device as a first one. 1. Go to your router and forward port `28968` to `28968` and the IP of your device. 2. `docker run` will contain: docker run .... -p 28968:28967/tcp -p 28968:28967/udp -p 172.0.0.1:14003:14002 -e ADDRESS=my.ddns.tld:28968 .... docker run .... -p 28968:28967/tcp -p 28968:28967/udp -p 172.0.0.1:14003:14002 -e ADDRESS=my.ddns.tld:28968 .... CopyCopied! _Please, use the full command from_ [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) _, the above is an excerpt showing only the changed parts._ [How do I change values like wallet address or storage capacity?](https://storj.dev/node/faq/how-do-i-change-my-parameters-such-as-payout-address-allotted-storage-space-and-bandwidth) [Binary version](https://storj.dev/node/faq/how-to-add-an-additional-drive#binary-version) ------------------------------------------------------------------------------------------- We assume that the second node would be run on the same device as the first one. The Windows GUI installer can install only one node on the same Windows PC. For the second and next nodes we support only the docker version: [CLI Install](https://storj.dev/node/get-started/install-node-software/cli) . The alternative is to use the unofficial, Community supported Windows Toolbox made by @Vadim: [Win GUI Storj Node Toolbox](https://forum.storj.io/t/win-gui-storj-node-toolbox/4381) , it allows you to set up more than one Windows node on the same PC. 1. Go to your router and forward port `28968` to `28968` and IP of your device. Change parameters in your `config.yaml` (see [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) ): # the public address of the node, useful for nodes behind NATcontact.external-address: "my.ddns.tld:28968" # the public address of the node, useful for nodes behind NATcontact.external-address: "my.ddns.tld:28968" CopyCopied! # public address to listen onserver.address: :28968 # public address to listen onserver.address: :28968 CopyCopied! # private address to listen onserver.private-address: 127.0.0.1:7779 # private address to listen onserver.private-address: 127.0.0.1:7779 CopyCopied! # server address of the api gateway and frontend appconsole.address: 127.0.0.1:14003 # server address of the api gateway and frontend appconsole.address: 127.0.0.1:14003 CopyCopied! 3\. Save the `config.yaml` and restart the `storagenode` service (see [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) ). Previous [How is the online score calculated?](https://storj.dev/node/faq/how-the-online-score-is-calculated) Next [How to change the payment address for storagenode (v3 network)](https://storj.dev/node/faq/how-to-change-the-payment-address-for-storagenode) --- # Migrating from Docker CLI to a GUI Install on Windows - Storj Docs [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows#migrating-from-docker-cli-to-a-gui-install-on-windows) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1\. Make sure the Docker version is stopped and removed. 2\. Move orders from the data location to the installation folder location (`"%ProgramFiles%\Storj\Storage Node\orders"` by default) (PowerShell): robocopy /MIR /MOVE D:\Storj\orders "$env:ProgramFiles\Storj\Storage Node\orders" robocopy /MIR /MOVE D:\Storj\orders "$env:ProgramFiles\Storj\Storage Node\orders" CopyCopied! 3\. Point to the same exact **storage** folder where you were previously storing the data. Do NOT copy the path from the old `config.yaml` or `source` part of the `--mount` option of your Docker node where the **storage** subfolder was not explicitly included in the path. It is better to specify the path to the **storage** subfolder with the **Browse...** button. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1ObCw2xLut_f0t9c1E9Jl_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/1ObCw2xLut_f0t9c1E9Jl_image.png) 4\. Verify the complete path to the correct **storage** folder on your hard drive. **If you choose a different folder, your previously stored data will not be recognized, and your node will be disqualified**. [Migrating from Docker CLI on Linux to a GUI install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows#migrating-from-docker-cli-on-linux-to-a-gui-install-on-windows) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- First you need to transfer both the identity and the data from the Linux installation to the new Windows device: [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) Then you can follow the instructions in this guide. Previous [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) Next [Migrating from Windows GUI installation to Docker CLI](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli) --- # ERC20-compatible wallet address for STORJ tokens - Storj Docs Here is walkthrough for one of the popular software wallet - [https://MyEtherWallet.com](https://myetherwallet.com/) . The following step will let you create a valid STORJ token address if you do not already have one. If you already have a compatible STORJ payout address, or an address made with another ERC20 compatible wallet such as Metamask, Parity or Mist, you can skip this article. First we will add a STORJ ERC20 payout address. STORJ is the name of the token which is used to pay the Operators for renting out their storage space. STORJ has a monetary value and divisibility which makes it suitable as a means of payment. To create a new payout address, you can use any compatible ethereum wallet; we use [https://www.myetherwallet.com/ (MEW)](https://www.myetherwallet.com/) here as example. There are many other options available; Storj Labs does not endorse any particular wallet, please choose the one you are most comfortable with. You have three options how to create a new wallet on MEW site 1. mobile application [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip3.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip3.png) 2. keystore file [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip2.png) 3. mnemonic phrase [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip1.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip1.png) [Create wallet using keystore file](https://storj.dev/node/faq/wallet-address-for-storagenode#create-wallet-using-keystore-file) ================================================================================================================================= On the MEW website, enter a strong password of your liking into the "Enter a password" field and then click on "Create New Wallet", see **Figure 3.1.** [![Creating a payout address with MyEtherWallet using keystore file](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip2.png) _**Figure 3.1.** Creating a payout address with MyEtherWallet using keystore file._ Now download the _Keystore File_ and save it to a safe location (e.g. a USB flash drive) and be sure to make multiple backups of your passphrase and Keystore file in different locations to assure that you will not accidentally lose it.. **Also do not forget to write down the password for the Keystore file you entered in the previous step**. Next click on _Download Keystore file_ [![Download the Keystore file](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip5.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip5.png) _**Figure 3.2.** Download the Keystore file._ [Create wallet using mnemonic phrase](https://storj.dev/node/faq/wallet-address-for-storagenode#create-wallet-using-mnemonic-phrase) ===================================================================================================================================== [![Creating wallet using mnemonic phrase](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip6.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip6.png) _**Figure 3.3.** Creating wallet using mnemonic phrase_ Write down your mnemonic phrase or print it. Then click on **I Wrote Down My Mnemonic Phrase** to continue. Then wallet will do a little exam for you. You need to fill missed words from your mnemonic phrase. See **Figure 3.4** [![Verification](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip7.png) _**Figure 3.4.** Verification_ [![Verification was successful](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/mceclip8.png) _**Figure 3.5.** Verification was successful_ [Please Note:](https://storj.dev/node/faq/wallet-address-for-storagenode#please-note) ====================================================================================== Do NOT use an exchange wallet address, the micropayments wont work with an exchanges' deposit addresses. You could lose your payments, if you would use an exchanges' deposit address instead of your wallet. Previous [Suspension mode](https://storj.dev/node/faq/suspension-mode) Next [What if I'm using a remote connection?](https://storj.dev/node/faq/remote-connection) --- # How do I migrate my node to a new device? - Storj Docs To migrate your Node to a new drive or computer, you first need to copy both the contents of your storage folder, as well as your identity folder to the new location. WindowsLinuxmacOS Your default identity folder is located in: `%APPDATA%\Storj\Identity\storagenode` Your default orders folder is located in `"%ProgramFiles%\Storj\Storage Node\orders"` To migrate your Windows storage node you can follow this guide: [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) The only difference - you do not need to share folders, since they are available locally, just use the local paths. Also, you can [enable WSL, install Ubuntu from the Microsoft store](https://docs.microsoft.com/en-us/windows/wsl/install-win10) and use the [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) guide. In this case your drives are mounted automatically. For example, `D:` disk will be mounted to the `/mnt/d`. 💻 [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows) ✍🏼 [Migrating from Windows GUI installation to Docker CLI](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli) [Migrating with rsync](https://storj.dev/node/faq/migrate-my-node#migrating-with-rsync) ---------------------------------------------------------------------------------------- We will assume that your parameters look like this: * the source folder where the existing identity is located is `/mnt/storj/identity/storagenode`; * the source folder where the existing stored data is located is `/mnt/storj/storagenode/storage`; * the source folder where the existing orders folder is located is `/mnt/storj/storagenode/orders`; * the destination folder the existing identity will be copied to is`/mnt/storj2/storagenode-new/identity`; * the destination folder the existing stored data will be copied to is `/mnt/storj2/storagenode-new/storage`. * the destination folder the existing orders will be copied to is `/mnt/storj2/storagenode-new/orders`. To migrate your identity, orders and data to the new location, you can use the `rsync` command (please, replace the example paths mentioned above to your own!): 1. Open a new terminal 2. Keep your original storage node running 3. Copy the identity: rsync -aP /mnt/storj/identity/storagenode/ /mnt/storj2/storagenode-new/identity/ rsync -aP /mnt/storj/identity/storagenode/ /mnt/storj2/storagenode-new/identity/ CopyCopied! 4\. Copy the orders rsync -aP /mnt/storj/storagenode/orders/ /mnt/storj2/storagenode-new/orders/ rsync -aP /mnt/storj/storagenode/orders/ /mnt/storj2/storagenode-new/orders/ CopyCopied! 5\. Copy the data rsync -aP /mnt/storj/storagenode/storage/ /mnt/storj2/storagenode-new/storage/ rsync -aP /mnt/storj/storagenode/storage/ /mnt/storj2/storagenode-new/storage/ CopyCopied! 6\. Repeat running the orders (step 4.) and data copying command (step 5.) a few more times until the difference would be negligible, then 7\. Stop the storage node (see [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) ) 8\. Remove the old container docker rm storagenode docker rm storagenode CopyCopied! 9\. Run the copying command with a `--delete` parameter to remove deleted files from the destination: rsync -aP --delete /mnt/storj/storagenode/orders/ /mnt/storj2/storagenode-new/orders/ rsync -aP --delete /mnt/storj/storagenode/orders/ /mnt/storj2/storagenode-new/orders/ CopyCopied! rsync -aP --delete /mnt/storj/storagenode/storage/ /mnt/storj2/storagenode-new/storage/ rsync -aP --delete /mnt/storj/storagenode/storage/ /mnt/storj2/storagenode-new/storage/ CopyCopied! 10\. Now you can copy `config.yaml` file and `revocations.db` to the new location: cp /mnt/storj/storagenode/config.yaml /mnt/storj2/storagenode-new/cp /mnt/storj/storagenode/revocations.db /mnt/storj2/storagenode-new/revocations.db cp /mnt/storj/storagenode/config.yaml /mnt/storj2/storagenode-new/cp /mnt/storj/storagenode/revocations.db /mnt/storj2/storagenode-new/revocations.db CopyCopied! 11\. After you copied over all the necessary files, update your `--mount` parameters in your[Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) . For our example, it will look like this (we only show a partial example of the new`--mount` parameter lines, not the entire `docker run` command!): --mount type=bind,source=/mnt/storj2/storagenode-new/identity,destination=/app/identity \--mount type=bind,source=/mnt/storj2/storagenode-new,destination=/app/config \ --mount type=bind,source=/mnt/storj2/storagenode-new/identity,destination=/app/identity \--mount type=bind,source=/mnt/storj2/storagenode-new,destination=/app/config \ CopyCopied! The network-attached storage location could work, but it is neither supported nor recommended! Please, note - we intentionally specified`/mnt/storj2/storagenode-new` as the data source in the `--mount` parameter and not `/mnt/storj2/storagenode-new/storage` because the `storagenode` docker container will add a subfolder called `storage` to the path automatically. So please, make sure that your data folder contains a `storage` subfolder with all the data inside (`blobs` folder, database files, etc.), otherwise the node will start from scratch since it can't find the data in the right subfolder and will be disqualified in a few hours. If you migrating across platforms (x86-64 -> x86-32, x86 -> ARM, etc.), please remove binaries from the `bin` subfolder in the storage location to allow the container to download binaries for your new platform. Related to these changes: https://github.com/storj/storagenode-docker/issues/23 Previous [How do I know the exchange rate for my payout?](https://storj.dev/node/faq/how-do-i-know-the-exchange-rate-for-my-payout) Next [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) --- # Install storagenode on Raspberry Pi3 or higher version - Storj Docs Raspberry Pi3 model B is a microcomputer for doing almost anything. Let's use it for installing storagenode for V3 of the Storj Network! _In this guide we assume that you have a Raspberry Pi 3 (or higher), set up with Raspberry Pi OS Lite (without Graphical User Interface). [To set up Raspberry Pi OS Lite, please refer to the official documentation here.](https://www.raspberrypi.com/software/) _ [Prepare](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#prepare) ===================================================================================================== Set up your Pi to [allow SSH](https://www.raspberrypi.com/documentation/computers/remote-access.html#ssh) (it will make your life a lot easier). Note. If you want to enable SSH on headless Pi, you can enable this checkbox during image customization or manually later: you should place an empty ssh file in the boot partition on your SD-card. This will enable the ssh daemon on your Pi after boot. sudo touch /boot/firmware/ssh sudo touch /boot/firmware/ssh CopyCopied! Connect to the RPi via ssh and follow the steps below. If your SD card is big enough, you can extend the system to use the whole available space (by default you have only a few MB in the root partition). Run the `raspi-config` to extend it: sudo raspi-config sudo raspi-config CopyCopied! Navigate to the **Advanced Options**, then choose **Expand Filesystem**. After a while you should see a screen like this: [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rpi3/mceclip0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/rpi3/mceclip0.png) When you exit from the `raspi-config`, it will suggest you to reboot. Please do it. It is recommended to replace the default password for the default user **pi** for security reasons. Please do so. Please configure the [passwordless login via ssh](https://www.raspberrypi.com/documentation/computers/remote-access.html#configure-ssh-without-a-password) and after that, make sure that you can login with your public key, after which you can disable the password authentication completely. To continue with this guide, please use the `screen` command, this will enable you to still reconnect to a disconnected session using the `screen -x` command after logging in via `ssh`. sudo apt-get updatesudo apt-get install screenscreen sudo apt-get updatesudo apt-get install screenscreen CopyCopied! [Formatting and mounting your HDD](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#formatting-and-mounting-your-hdd) ======================================================================================================================================================= Please do not reformat your HDD if it already contains the storage node's data and you want only to mount it after an OS reinstall! [Format your hard drive](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#format-your-hard-drive) ----------------------------------------------------------------------------------------------------------------------------------- If you just reinstalled the system on the SD card, you can skip this step and continue to [Mount your hard drive](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#mount-your-hard-drive) below, otherwise, please proceed with: sudo apt-get install gdisk -ysudo gdisk /dev/sda sudo apt-get install gdisk -ysudo gdisk /dev/sda CopyCopied! Then, type `n`, and press **Enter** until you exit out of the command. Write changes to the disk: `w`, confirm by `y`. Now we will format the drive to use the **ext4** filesystem Do not try to use **btrfs** or **zfs** on models with RAM less than 4GiB! The **exFat** is strictly not recommended in any setup, the **ntfs** uses a lot of RAM on Linux and you can lose data, if this disk were used on Windows (modern Windows uses dedup and compress features by default and they are not fully supported under Linux). sudo mkfs.ext4 /dev/sda1 sudo mkfs.ext4 /dev/sda1 CopyCopied! [Mount your hard drive](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#mount-your-hard-drive) --------------------------------------------------------------------------------------------------------------------------------- sudo mkdir /mnt/storjlsblk sudo mkdir /mnt/storjlsblk CopyCopied! Find your drive and request its `UUID`: sudo blkid /dev/ sudo blkid /dev/ CopyCopied! Copy `UUID` and open the `/etc/fstab` file in a text editor: sudo nano /etc/fstab sudo nano /etc/fstab CopyCopied! Then add the following line to the end (replace `` with the copied `UUID`): UUID= /mnt/storj ext4 defaults 0 2 UUID= /mnt/storj ext4 defaults 0 2 CopyCopied! Save the `/etc/fstab` (**Ctrl-O** and confirm saving, then exit with **Ctrl-X**) Check your mount: sudo mount -a sudo mount -a CopyCopied! It should not print any errors. Otherwise - please, check the `UUID` and the filesystem type. Do not reboot until you fix the error, otherwise your Pi may stuck on boot. To check that all ok: df -HT df -HT CopyCopied! You should see your disk and free space on it, mounted to /mnt/storj. If mount is ok, you can proceed further. sudo chown -R pi:pi /mnt/storj sudo chown -R pi:pi /mnt/storj CopyCopied! To add cgroup memory support (to prevent an OOM hang of your Pi 3 B/B+): Note. This fix is tested only on Raspberry Pi 3 B/B+ models. sudo nano /boot/cmdline.txt sudo nano /boot/cmdline.txt CopyCopied! If you are using a Pi3 B/B+ please add `cgroup_enable=memory cgroup_memory=1 swapaccount=1` to the end of the line. The resulting string should look like this: dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=XXXXXX-XX rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait cgroup_enable=memory cgroup_memory=1 swapaccount=1 dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=PARTUUID=XXXXXX-XX rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait cgroup_enable=memory cgroup_memory=1 swapaccount=1 CopyCopied! Save the file (**Ctrl-X**, confirm saving) and reboot: sudo reboot sudo reboot CopyCopied! [Create your node Identity](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#create-your-node-identity) ========================================================================================================================================= You can create an identity directly on your Pi. It will take at least 24 hours. But you may prefer to create the identity on a more powerful desktop or laptop where identity creation would take a lot less time, and then move the identity files to the Pi. [Create a node Identity on your PI](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#create-a-node-identity-on-your-pi) --------------------------------------------------------------------------------------------------------------------------------------------------------- Download the identity binary for the RPi: [identity\_linux\_arm.zip](https://github.com/storj/storj/releases/latest/download/identity_linux_arm.zip) sudo apt-get install unzip curl -ycurl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm.zip -o identity_linux_arm.zipunzip ~/identity_linux_arm.zip sudo apt-get install unzip curl -ycurl -L https://github.com/storj/storj/releases/latest/download/identity_linux_arm.zip -o identity_linux_arm.zipunzip ~/identity_linux_arm.zip CopyCopied! Generate the Identity: ./identity_linux_arm create storagenode ./identity_linux_arm create storagenode CopyCopied! Your identity will be generated here: `/home/pi/.local/share/storj/identity/storagenode` [Create a node Identity on your desktop](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#create-a-node-identity-on-your-desktop) ------------------------------------------------------------------------------------------------------------------------------------------------------------------- Download the identity binary for your platform: * Mac OS: [identity\_darwin\_amd64.zip](https://github.com/storj/storj/releases/latest/download/identity_darwin_amd64.zip) * Linux: [identity\_linux\_amd64.zip](https://github.com/storj/storj/releases/latest/download/identity_linux_amd64.zip) * Windows 10: [identity\_windows\_amd64.zip](https://github.com/storj/storj/releases/latest/download/identity_windows_amd64.zip) Unpack the binary to the preferred folder. Let´s suppose it is your home folder. Then generate the Identity (this example is for Windows): ./identity_windows_amd64.exe create storagenode ./identity_windows_amd64.exe create storagenode CopyCopied! Your Identity will be generated here: * Windows: `$Env:APPDATA/Storj/Identity/storagenode` (Powershell) or `%APPDATA%\Storj\Identity\storagenode` if you use a `cmd.exe` or Explorer * MacOS: `/Users/USER/Library/Application Support/Storj/identity/storagenode` * Linux: `~/.local/share/storj/identity/storagenode` Note. You can also specify to place the identity files into another folder using the option `--identity-dir` [Copy your node Identity to the RPi](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#copy-your-node-identity-to-the-r-pi) ------------------------------------------------------------------------------------------------------------------------------------------------------------ In case you generated your node identity on a desktop/laptop computer instead of directly on the RPi to save time, you can copy it to the RPi afterward, as follows: ### [Copy the Identity to the RPi from Linux or Mac](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#copy-the-identity-to-the-r-pi-from-linux-or-mac) Copy your node identity from your desktop to the RPi: [https://unix.stackexchange.com/questions/106480/how-to-copy-files-from-one-machine-to-another-using-ssh](https://unix.stackexchange.com/questions/106480/how-to-copy-files-from-one-machine-to-another-using-ssh) ### [Copy the Identity to the RPi from a Windows machine](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#copy-the-identity-to-the-r-pi-from-a-windows-machine) Copy your node identity from your Windows machine to the RPi: [https://unix.stackexchange.com/questions/92715/can-i-transfer-files-using-ssh](https://unix.stackexchange.com/questions/92715/can-i-transfer-files-using-ssh) [Install Docker](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#install-docker) =================================================================================================================== To install Docker on the RPi, be sure to use the following installation method: curl -sSL https://get.docker.com | sh curl -sSL https://get.docker.com | sh CopyCopied! To enable docker to start after reboot: sudo systemctl enable docker.servicesudo systemctl enable containerd.service sudo systemctl enable docker.servicesudo systemctl enable containerd.service CopyCopied! [Download Docker container with storagenode](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#download-docker-container-with-storagenode) =========================================================================================================================================================================== docker pull storjlabs/storagenode:latest docker pull storjlabs/storagenode:latest CopyCopied! [Port forwarding](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#port-forwarding) ===================================================================================================================== In our example, we will need to have port no. `28967` forwarded to our RPi. Use the steps for Linux OS from the article [Port forwarding](https://storj.dev/node/get-started/port-forwarding) to perform port forwarding to your Raspberry Pi. You can take a look at [this article](https://www.noip.com/support/knowledgebase/install-linux-3-x-dynamic-update-client-duc) to learn how to install the no-ip software, if you have a dynamic public IP. Note that if you use the free version of no-ip, you will need to periodically renew it every month so it will continue working properly. Please be sure to check that your port is open [here](https://www.yougetsignal.com/tools/open-ports/) . [Setup the storagenode before the run](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#setup-the-storagenode-before-the-run) =============================================================================================================================================================== Please setup your node first as described here. docker run --rm -e SETUP="true" \--mount type=bind,source="",destination=/app/identity \--mount type=bind,source="",destination=/app/config \--name storagenode storjlabs/storagenode:latest docker run --rm -e SETUP="true" \--mount type=bind,source="",destination=/app/identity \--mount type=bind,source="",destination=/app/config \--name storagenode storjlabs/storagenode:latest CopyCopied! For our example we will use these parameters: * `/home/pi/.local/share/storj/identity/storagenode` is the location of your identity files. You can copy the absolute path from the output of the identity command you ran earlier (second to last line below). We recommend to move it to the HDD, for example, to `/mnt/storj/storagenode/identity`. In this case replace the string `/home/pi/.local/share/storj/identity/storagenode` with your actual path, e.g. `/mnt/storj/storagenode/identity`. It should contain 6 files belonging to the identity. * `/mnt/storj/storagenode`: this is the local directory where you want files to be stored on your hard drive for the network. So the initial setup command will looks like: docker run --rm -e SETUP="true" \--mount type=bind,source="/home/pi/.local/share/storj/identity/storagenode",destination=/app/identity \--mount type=bind,source="/mnt/storj/storagenode",destination=/app/config \--name storagenode storjlabs/storagenode:latest docker run --rm -e SETUP="true" \--mount type=bind,source="/home/pi/.local/share/storj/identity/storagenode",destination=/app/identity \--mount type=bind,source="/mnt/storj/storagenode",destination=/app/config \--name storagenode storjlabs/storagenode:latest CopyCopied! [Run the Docker container with storagenode](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#run-the-docker-container-with-storagenode) ========================================================================================================================================================================= We recommend to create a subfolder for the storagenode on your disk, as this would prevent your node from starting in the event that the mount accidentally fails for any reason. We will assume further that this subfolder is called `storagenode`. Parameters used in the Docker run command: * `WALLET`: ERC20 compatible ethereum address for STORJ token payments (use the same payout address for all nodes if you are running multiple nodes.) If you are opting in to zkSync L2 payouts, please use your zkSync wallet address. You can read more about choosing L1 or L2 payout options and how to configure zkSync [here](https://storj.dev/node/payouts/zk-sync-opt-in-for-snos) . * `EMAIL`: (optional) email address so that we can notify you when a new version has been released, or when the node goes offline and return online, about suspension and disqualification * `ADDRESS`: external IP address or the DDNS you configured and the port you opened on your router. Note: If you are using a custom port other than `28967`, then you have to change the `-p 28967:28967` to `-p other_port:28967` * `STORAGE`: How much disk space you want to allocate to the Storj network * `/home/pi/.local/share/storj/identity/storagenode`: This is the location of your identity files. You can copy the absolute path from the output of the identity command you ran earlier (second to last line below). We recommend to move it to the HDD, for example, to the `/mnt/storj/storagenode/identity`. In this case replace the string `/home/pi/.local/share/storj/identity/storagenode` with your actual path, e.g. `/mnt/storj/storagenode/identity`. It should contain 6 files belonging to the identity. * `/mnt/storj/storagenode`: local directory where you want files to be stored on your hard drive for the network. Example of `docker run` command: docker run -d --restart always --stop-timeout 300 \-p 28967:28967/tcp \-p 28967:28967/udp \-p 127.0.0.1:14002:14002 \-e WALLET="0x0000..." \-e EMAIL="your@email.com" \-e ADDRESS="externaladdress:28967" \-e STORAGE="2TB" \--memory=800m \--log-opt max-size=50m \--log-opt max-file=10 \--mount type=bind,source=/home/pi/.local/share/storj/identity/storagenode,destination=/app/identity \--mount type=bind,source=/mnt/storj/storagenode,destination=/app/config \--name storagenode storjlabs/storagenode:latest docker run -d --restart always --stop-timeout 300 \-p 28967:28967/tcp \-p 28967:28967/udp \-p 127.0.0.1:14002:14002 \-e WALLET="0x0000..." \-e EMAIL="your@email.com" \-e ADDRESS="externaladdress:28967" \-e STORAGE="2TB" \--memory=800m \--log-opt max-size=50m \--log-opt max-file=10 \--mount type=bind,source=/home/pi/.local/share/storj/identity/storagenode,destination=/app/identity \--mount type=bind,source=/mnt/storj/storagenode,destination=/app/config \--name storagenode storjlabs/storagenode:latest CopyCopied! [Setup Watchtower to keep your storagenode updated](https://storj.dev/node/faq/install-storagenode-on-raspberry-pi3-or-higher-version#setup-watchtower-to-keep-your-storagenode-updated) ========================================================================================================================================================================================= The storagenode software should be updated in a timely fashion to avoid node suspension or disqualification. Please follow the guide [here](https://storj.dev/node/get-started/install-node-software/cli/software-updates) . Previous [How to remote access the web dashboard](https://storj.dev/node/faq/how-to-remote-access-the-web-dashboard) Next [Is an account required to rent out drive space ?](https://storj.dev/node/faq/is-account-required) --- # Running a V3 Storage Node with VPN - Storj Docs _Can't connect to the network via TCP directly?, try this guide._ _Run a storage node anonymously and safely anywhere in the world without the possibility of censorship from ISPs, governments or the necessity of router configuration._ [1\. Introduction](https://storj.dev/node/faq/running-node-via-pia#1-introduction) =================================================================================== Internet anonymity and freedom are becoming less and less common in the current digital age, both corporations and governments are increasingly interested in monitoring and tracking the user’s activity on the World Wide Web, from mass surveillance programs to ISP blocking of certain types of network traffic or even blocking entire websites. There are many countries in the world that are blocking our storagenode software from being able to connect to the network. More so, some ISPs allow their clients to use only http/https or use a carrier-grade NAT for them. All of these issues prevent the storagenode user from ever being able to run a successful storage node. ISPs are continuously monitoring the client’s network activity, so even if the storage node operator manages to successfully connect to the network, the ISP will know he or she is running storagenode, which can lead to network throttling or even ISP warnings of unusual network activity. Configuring port forwarding in the router settings could be a tedious task for a lot of people unfamiliar with port forwarding. In this guide we will set up a VPN called _[Private Internet Access (PIA) ™](https://www.privateinternetaccess.com/) _ and configure storagenode to connect the storage node to the network through PIA. In this guide we will do the following: 1. Set up a hostname with a service called [NoIP](http://www.noip.com/) to continuously keep track of the VPN's public IP address to prevent the node from going offline. 2. Private internet access will be downloaded and configured to be able to use port forwarding. 3. storagenode will be configured to use both the NoIP hostname and the given TCP port by PIA. 4. Different techniques will be used to test if the storage node(s) are working correctly. [2\. Why use Private Internet Access](https://storj.dev/node/faq/running-node-via-pia#2-why-use-private-internet-access) ========================================================================================================================= Private Internet Access (PIA) is one of the safest and most popular VPN’s out there, it is easy to setup and offers a large number of advanced settings (e.g. the ability to request port forwarding), which will be used in this guide. Although PIA is not free, it is also not very expensive, at $3.33/month for a yearly contract (at time of writing this guide) it is very affordable. For Operators not interested in internet privacy (e.g. private browsing) and who want to rent out only a few GBs of data, the cost of paying for a VPN will not be justified. However, Operators that value internet privacy or are unable to connect to the storage node network due to a variety of issues discussed in the introduction, and who plan to rent out more than 500 GB, can expect to pay for their VPN through their earnings from running storagenode. The other large advantage for Storage Node Operators is that PIA accepts payments in Bitcoin/Etherium/etc., which makes paying with the Storj earnings even easier, since this will only involve selling the STORJ tokens earned on an exchange for Bitcoin/Etherium/etc., which can then directly be used to pay the VPN invoice. The workflow covered in this guide can of course also be applied to other VPNs. Storj does not endorse any particular VPN service, every user is free to decide for themselves which VPN company they want to select. There are plenty of other competitors in that space: * [portmap.io](https://portmap.io/) * [ngrok](https://ngrok.com/) * [PureVPN](https://www.purevpn.com/) * [AirVPN](https://airvpn.org/) * etc... [The positives and negatives of using Private Internet Access in combination with storagenode](https://storj.dev/node/faq/running-node-via-pia#the-positives-and-negatives-of-using-private-internet-access-in-combination-with-storagenode) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ### [Upsides](https://storj.dev/node/faq/running-node-via-pia#upsides) 1. Up to five machines can be connected with a single private internet access subscription at once, which means that five connections can be configured on five machines. 2. The TCP port assigned by PIA through which the node will connect to the network remains static as long as the connection is made to the same VPN gateway. 3. There are 8x VPN gateways available that allow port forwarding. ### [Downsides](https://storj.dev/node/faq/running-node-via-pia#downsides) 1. The PIA public IP address changes continuously, which required the setup of a DDNS domain name to prevent the node from going offline. 2. PIA is not free and depending on your storagenode operation returns, it might or might not be economically viable. 3. PIA slows down the internet connection by about 30-60% in most cases (highly variable through the day). [3\. Storagenode download, installation and initial configuration](https://storj.dev/node/faq/running-node-via-pia#3-storagenode-download-installation-and-initial-configuration) ================================================================================================================================================================================== In this step, we will download and install storagenode. If you have already done so, please skip this step. [Windows architecture check](https://storj.dev/node/faq/running-node-via-pia#windows-architecture-check) --------------------------------------------------------------------------------------------------------- To check the architecture of your computer, open the control panel and type in "system": (Control Panel\\System and Security\\System). This will open up a window that show the architecture of your system (Figure 4.1). The system architecture in this guide is 64-bit (x64), indicating that the 64-bit version of the storagenode binary should be downloaded (Figure 3.1). [![System architecture check](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cc2ed0a8.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cc2ed0a8.png) _**Figure 3.1.** System architecture check._ [Linux, Ubuntu and Mac architecture check](https://storj.dev/node/faq/running-node-via-pia#linux-ubuntu-and-mac-architecture-check) ------------------------------------------------------------------------------------------------------------------------------------ In Linux. Ubuntu or Mac open a terminal and type in the following command: uname -a uname -a CopyCopied! This command should return a text similar to the following: Linux behrooz 2.6.32-5-amd64 #1 SMP Tue Apr 4 12:24:40 UTC 2017 **x86_64** GNU/Linux Linux behrooz 2.6.32-5-amd64 #1 SMP Tue Apr 4 12:24:40 UTC 2017 **x86_64** GNU/Linux CopyCopied! This indicates that the user has an amd64 (64-bit) architecture system. If it prints out x86 instead, the system has a 32-bit architecture. [3.1. Install Docker](https://storj.dev/node/faq/running-node-via-pia#3-1-install-docker) ------------------------------------------------------------------------------------------ To use the docker image of the storagenode, you must have Docker installed. If you want to install node as a service, please skip this step. For Windows: [https://docs.docker.com/docker-for-windows/install/](https://docs.docker.com/docker-for-windows/install/) For MacOS: [https://docs.docker.com/docker-for-mac/install/](https://docs.docker.com/docker-for-mac/install/) For Linux: * Ubuntu: [https://docs.docker.com/install/linux/docker-ce/ubuntu/](https://docs.docker.com/install/linux/docker-ce/ubuntu/) * CentOS: [https://docs.docker.com/install/linux/docker-ce/centos/](https://docs.docker.com/install/linux/docker-ce/centos/) * Debian: [https://docs.docker.com/install/linux/docker-ce/debian/](https://docs.docker.com/install/linux/docker-ce/debian/) * Fedora: [https://docs.docker.com/install/linux/docker-ce/fedora/](https://docs.docker.com/install/linux/docker-ce/fedora/) [3.2. Create Identity](https://storj.dev/node/faq/running-node-via-pia#3-2-create-identity) -------------------------------------------------------------------------------------------- You need to [create a new Identity](https://storj.dev/node/get-started/identity) for your storage node, if you don't have one. [3.3. Download a storagenode](https://storj.dev/node/faq/running-node-via-pia#3-3-download-a-storagenode) ---------------------------------------------------------------------------------------------------------- [⌨️ CLI Install](https://storj.dev/node/get-started/install-node-software/cli) ------------------------------------------------------------------------------- [🖥 GUI Install - Windows](https://storj.dev/node/get-started/install-node-software/gui-windows) ------------------------------------------------------------------------------------------------- [3.4. Wallet address](https://storj.dev/node/faq/running-node-via-pia#3-4-wallet-address) ------------------------------------------------------------------------------------------ The article [Wallet address for storagenode](https://storj.dev/node/faq/wallet-address-for-storagenode) will let you create a valid STORJ token address if you do not already have one. If you already have a compatible STORJ payout address, or an address made with another [ERC20 compatible wallet](https://storj.dev/node/faq/how-do-I-hold-storj-tokens) , you can continue with the steps below. [3.5. Storage Location](https://storj.dev/node/faq/running-node-via-pia#3-5-storage-location) ---------------------------------------------------------------------------------------------- You will need a place to store the data. It could be a dedicated HDD (or even RAID, if you want). We suggest to use a subfolder for the data (it will prevent the storage node from start if the disk would disconnect for some reason). _**Note.** The network connected drive could work, but not recommended and not supported._ [3.6. Storage Size](https://storj.dev/node/faq/running-node-via-pia#3-6-storage-size) -------------------------------------------------------------------------------------- Next, you have to make a decision how much space you want to rent out to the network. The minimum allotted space is 500 GB however, you should allow for 10% overhead. [4\. DDNS hostname configuration](https://storj.dev/node/faq/running-node-via-pia#4-ddns-hostname-configuration) ================================================================================================================= When registered with a VPN gateway, your public IP address will change to the address of the gateway. This is done for security and privacy reasons by Private Internet Access (PIA) or whatever VPN service you choose, so you don’t give away your location. Although we can configure PIA to stay online for long periods of time, the IP address can and will change regularly. The consequence of this would be that when the IP address changes, storagenode would lose connection to the network. Adding a DDNS hostname solves the issue of public IP changes. We will add a free DDNS hostname using [NoIP](http://www.noip.com/) which needs to be renewed for free every 30 days on a free account. See [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding#create-a-free-hostname-using-no-ip) 1. In the hostname input field select a hostname of your linking (e.g. `myhomestorjrig`), it can contain letters and numbers. 2. Next select `.ddns.net` in the box to the right. 3. Click on Sign Up [![Adding our own DDNS hostname](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dbmW2zZComZnvZfiTlmTZ_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/dbmW2zZComZnvZfiTlmTZ_image.png) _**Figure 4.1.** Adding our own DDNS hostname._ 4. On the sign-up page enter your email, username and password. Make sure to write these details down, we will need them later. [![NoIP registration page](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Xzp-7nDgdp0H2r60KmFvq_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Xzp-7nDgdp0H2r60KmFvq_image.png) _**Figure 4.2.** NoIP registration page._ 5. When done, click on **Create My Free Account**. NoIP will now send us a confirmation email with an activation link to our email address. Once we click on the activation link it should take us to the NoIP website and confirm that our account is now active. 6. Now scroll down to where it says How to remote access your device and click on get started with dynamic DNS (**Figure 4.3**). [![The activation page](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Od2QBn9eLu5_O8RpNC1GR_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/Od2QBn9eLu5_O8RpNC1GR_image.png) _**Figure 4.3.** The activation page: click on the large blue box to go to the DDNS hostname setup page._ 7. Clicking on the link should take us to our NoIP dashboard. 8. Now scroll down to _Dynamic Update Client for Windows (DUC)_ and click on Download (**Figure 4.4**). This should take us to the download page where we can download the DUC tool. On the download page click on **Download Now**. [![Dynamic Update Client download](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccb529ec.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccb529ec.png) _**Figure 4.4.** Dynamic Update Client download._ 9. After the file downloaded successfully head over to the download folder and double click on the DUCSetup executable. 10. On the resulting installation window, click on **Agree** - **Install** - **Finish**. [![DUC installation](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccc138d2.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccc138d2.png) _**Figure 4.5.** DUC installation._ 11. The Dynamic Update Client should now open. Enter the details from step (4) above and click on **Sign in** (**Figure 4.6**). [![Dynamic Update Client](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccced623.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccced623.png) _**Figure 4.6.** Dynamic Update Client._ 12. Once logged in successfully, the Edit groups/Hosts menu should be displayed (Figure 4.7). If not already selected, choose the hostname box and click on save. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccdc5c95.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09ccdc5c95.png) _**Figure 4.7.** From the Edit groups/Hosts menu, select the hostname and click on **Save**._ 13. The DUC tool will now come to life (**Figure 4.8**). Next head over to _**File**_ - _**Preferences**_ and select **Start this application automatically when the user logs on**. In case your computer reboots, DUC will automatically start in the background. This is very handy because if storagenode starts automatically, it will not run into a closed port as DUC is also already running. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cce87ccc.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cce87ccc.png) _**Figure 4.8.** DUC once configured correctly._ Congratulations! You now have a hostname and a dynamic update tool that automatically tracks and assigns the IP address to your DDNS hostname. So if your public IP changes, storagenode will not lose access to the TCP port. In the next section, we will look at downloading and setting up the private internet access VPN program. [5\. Private internet access download and configuration](https://storj.dev/node/faq/running-node-via-pia#5-private-internet-access-download-and-configuration) =============================================================================================================================================================== In this step we will download and configure PIA so that it can be used with storagenode. First we head over to the registration page, this page gives us three payment plan options. If you just want to test out PIA with storagenode, it is advisable to take the One month only plan. On the other hand, if you are serious about running storagenode and plan to rent out a storage space over the long run (the ideal case), the yearly plan at 3.33$/month is much cheaper (**Figure 5.1**) [![Private internet access plans and pricing](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/Screenshot-2025-01-30-124150.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/Screenshot-2025-01-30-124150.png) _**Figure 5.1.** Private internet access plans and pricing._ Next we select the plan that is best for us and click on **Select plan**. This should open the payment method window (**Figure 5.2**). [![Payment methods and options](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/Screenshot-2025-01-30-124457.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/Screenshot-2025-01-30-124457.png) _**Figure 5.2.** Payment methods and options._ Now click on our preferred payment method and proceed to the registration process. Once paid, Private Internet Access will send a few confirmation emails containing the details of our account and the information we will need to login to the app (**Figure 5.3**). The email containing the login information is called _Private Internet Access Account Activated._ [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd127cd9.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd127cd9.png) _**Figure 5.3.** Access Account Activation email containing the PIA app username and password._ Now download the PIA app [here](https://www.privateinternetaccess.com/download) , after the app has downloaded successfully open the download folder and double click on the PIA installer. This will open up a terminal that automatically installs the app and necessary drivers. If a driver window pops up, click on **Install**. When the installation is completed, the terminal window should close automatically and the main PIA app window should now be displayed. * Now add the username and password that was sent to you in the activation email. * Next select Start application at login and hit save (**Figure 5.4**). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd204766.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd204766.png) _**Figure 5.4.** PIA application with the entered username and password provided to us via email._ We now have to connect to a gateway that allows for configuring port forwarding. _**The following gateways support port forwarding:**_ * CA Toronto * CA Montreal * Netherlands * Switzerland * Sweden * France * Germany * Romania * Israel **Note**: Based on your geographical location it is best to select the gateway closest to your location to lower the ping times. In order to add a gateway we head over to the PIA app, which is normally hidden in the system tray (right side of the taskbar) - right click on it - click on "settings" (**Figure 5.5**). **Note**: we can also launch the app by doing a windows app search for PIA, which allows us to pin the app to the taskbar, making it easier to access in the future. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd2c30c4.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd2c30c4.png) _**Figure 5.5.** How to enter the PIA settings through the system tray icon._ See how to configure port forwarding for Desktop application [here](https://helpdesk.privateinternetaccess.com/kb/articles/how-do-i-enable-port-forwarding-on-my-vpn) . Now right click on the system tray icon again (**Figure 5.5**) and click on **Connect**. PIA should now initiate the connection to the network. If all goes well the PIA icon should turn green. Now hover over the green icon with the mouse, the IP address and port number should appear, note however that it can be delayed a bit so sometimes it does not appear right away as PIA first has to request a port from the gateway which can take some time (**Figure 5.6**). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd4a29f7.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd4a29f7.png) _**Figure 5.6.** When hovering over the PIA tray icon our new IP and port is shown. We will use the port number of PIA in storagenode._ Write down the port number as it will be used in the last part of setting up the storage node. [6\. Storagenode configuration with DDNS and PIA port](https://storj.dev/node/faq/running-node-via-pia#6-storagenode-configuration-with-ddns-and-pia-port) =========================================================================================================================================================== We will now configure the storagenode software and add our NoIP hostname and the TCP port given to us by PIA. Our assumptions for this example: * your DDNS hostname is `mystoragenode.ddns.net` * your PIA port is `59538` Replace the above parameters with your own, the DDNS and PIA port you configured above. [Docker version](https://storj.dev/node/faq/running-node-via-pia#docker-version) --------------------------------------------------------------------------------- Specify the PIA port in your `docker run` command as `-p 59538:28967`, and your DDNS hostname with the PIA port in the `ADDRESS` parameter of your `docker run` command as `-e ADDRESS=mystoragenode.ddns.net:59538`. All other parameters should be specified accordingly [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node#step-3-run-the-storage-node) , then Run the storagenode. That's it! The storagenode should now start and connect to the Storj network through PIA. **Note**: You can notice that we published the `59538` host's port to the `28967` container's port. This is the default internal port of the container. You can read more there: [Single and multi-node Port forwarding setup](https://storj.dev/node/faq/single-and-multinode-setup) . [Windows GUI version](https://storj.dev/node/faq/running-node-via-pia#windows-gui-version) ------------------------------------------------------------------------------------------- Specify the PIA port in the `server.address:` option of the `"C:\Program Files\Storj\Storage Node\config.yaml"` file with a text editor such as Notepad++ (please, do not use a regular Notepad!). Specify the DDNS hostname with the PIA port in the `contact.external-address:`. These changes should look like: ...contact.external-address: mystoragenode.ddns.net:59538...server.address: :59538... ...contact.external-address: mystoragenode.ddns.net:59538...server.address: :59538... CopyCopied! Please, save the configuration file after the change (click menu File - Save) and restart the storagenode service either from the Services applet or from the elevated Powershell: Restart-Service storagenode Restart-Service storagenode CopyCopied! **Note**. You could notice that we specified the `server.address:` as `server.address: :59538`, this notation mean that storagenode service will listen on all local interfaces with TCP port `59538`. [6.1 Optional - How to manually edit the configuration parameters](https://storj.dev/node/faq/running-node-via-pia#6-1-optional-how-to-manually-edit-the-configuration-parameters) =================================================================================================================================================================================== If one later has the necessity to edit some configuration parameters, this will have to be done manually. You can open the `config.yaml` file in the configuration folder with a text editor, such as Notepad++ (Windows), Plain text editor (MacOS), `nano` (for Linux), or any preferable plain text editor. For Windows users it is advisable to download and install Notepad++, which formats the YAML text in a neat way, you have to configure Windows to always open a text/YAML file with Notepad++. Default configuration file containing the settings for one specific node: # path to the certificate chain for this identityidentity.cert-path: "identity/identity.cert"# path to the private key for this identityidentity.key-path: "identity/identity.key"# the public address of the node, useful for nodes behind NATcontact.external-address: ""# operator email addressoperator.email: ""# operator wallet addressoperator.wallet: ""# the minimum log level to loglog.level: info# address to listen onserver.address: ":28967"# total allocated disk space in bytesstorage.allocated-disk-space: 1.0 TB # path to the certificate chain for this identityidentity.cert-path: "identity/identity.cert"# path to the private key for this identityidentity.key-path: "identity/identity.key"# the public address of the node, useful for nodes behind NATcontact.external-address: ""# operator email addressoperator.email: ""# operator wallet addressoperator.wallet: ""# the minimum log level to loglog.level: info# address to listen onserver.address: ":28967"# total allocated disk space in bytesstorage.allocated-disk-space: 1.0 TB CopyCopied! Now replace the fields mentioned above with your own parameters. Keep in mind, parameters specified in the storagenode start command has a precedence over options. For example, the environment variable `ADDRESS` for the docker version will override value of the `contact.external-address:` option in the config file and so on. When you save the config file, you should stop and remove the container and run it again (or restart the storagenode service in case of Windows GUI version) to allow storagenode to use this new configuration. **Note**: The environment variables and parameters in the start command have a precedence over the config file. The order is: 1. config options 2. command line parameters 3. environment variables [7\. Testing if everything is working correctly](https://storj.dev/node/faq/running-node-via-pia#7-testing-if-everything-is-working-correctly) =============================================================================================================================================== Now that everything is set up correctly, we have to test the following: * Can our node(s) connect to the network and talk to it, and can the network see our node. * Is the PIA port open for our hostname(s). The easiest way to manually check if everything is working correctly is to use an online port checker to check if our PIA port is open. 1. First we go to [yougetsignal](http://www.yougetsignal.com/tools/open-ports/)  in our browser. 2. We then enter our DDNS hostname (`myhomestorjfarm.ddns.net` in this example) in the **Remote Address** field. 3. Next we enter the PIA port number (`59538` in this example) in the **Port Number** field. 4. We then click on **Check**. A green flag should now appear indicating that the PIA port is open for our hostname, indicating that storagenode is successfully connected to the network (**Figure 7.1**). [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd619824.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/PIA-storagenode/5cb09cd619824.png) _**Figure 7.1.** When all is working correctly the PIA port should be open for our DDNS_ [7.1. If the port is closed](https://storj.dev/node/faq/running-node-via-pia#7-1-if-the-port-is-closed) -------------------------------------------------------------------------------------------------------- If the flag indicator is red, it means there is a connection problem. This can occur sometimes at startup when the IP address is suddenly updated but the Dynamic Update Client (DUC) does not recognize the IP change yet as it only updates the IP address every 5 minutes (this can be lowered with a paid NoIP account). This indicates that storagenode is connected to the old IP address through the hostname. The way to solve goes as follows: 1. Stop the storagenode: [How do I shut down my node for system maintenance?](https://storj.dev/node/faq/system-maintenance) 2. Click on **Refresh now** in the DUC app. 3. Right after refreshing DUC, start the storagenode back, this should start storagenode with the correct IP address assigned to our hostname. 4. Now repeat the Yougetsignal check, the port should now be open, indicated by a green flag. If you are on windows and the port is still closed have a look at [Windows Firewall](https://storj.dev/node/get-started/port-forwarding#make-sure-to-add-a-firewall-rule)  on how to allow the PIA port through the Windows firewall. If the port is still closed, let it run for 30 minutes and try the port scan again. If it still doesn't show the port is open, restart PIA and storagenode and try again until it works, sometimes it takes a bit of trial and error to get it working the first time. **Note**: A antivirus program can prevent storagenode from connecting through the PIA port. [8\. Conclusion](https://storj.dev/node/faq/running-node-via-pia#8-conclusion) =============================================================================== Following the steps laid out in this Tutorial, we have successfully configured PIA, NoIP and storagenode, resulting in fully functioning node. Our storage nodes now have two encryption layers, the first one offered natively by storagenode and the second one by PIA which encrypts all our internet data. We are also able to do normal internet tasks as the VPN encrypts all data coming from our computer and not just that of storagenode, circumventing internet censorship and defeating government spying programs, basically making the internet function as it was intended to be. If you have any more questions or comments, feel free to join us on our [forum](https://forum.storj.io/)  or ask a question via our [support helpdesk](https://support.storj.io/) . Previous [Node offline troubleshooting](https://storj.dev/node/faq/node-offline-troubleshooting) Next [Set up a storagenode on Odroid HC2 (video tutorial)](https://storj.dev/node/faq/set-up-a-storagenode-on-droid-hc2-video-tutorial) --- # Migrating from Windows GUI installation to Docker CLI - Storj Docs [Preparing the destination system](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli#preparing-the-destination-system) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ [Step 1. Understand Prerequisites](https://storj.dev/node/get-started/prerequisites) [CLI Install](https://storj.dev/node/get-started/install-node-software/cli) If your Windows doesn't support WSL2 we recommend to install version 2.1.0.5. We do not recommend using later versions with Hyper-V as [a lot of bugs](https://forum.storj.io/t/latest-docker-desktop-for-windows-compatibility/6045) have been reported. 3\. The difference between the Windows GUI and the Docker CLI is where each system stores the data. The Windows GUI version stores data in the path specified in the `storage.path` parameter of the configuration file `"%ProgramFiles%\Storj\Storage Node\config.yaml"`, while the Docker version stores data in the subfolder called `storage`, which is automatically (silently) added to the specified path through the `--mount` option. The same applies for the `orders` folder. In the Windows GUI version it's stored in the installation location (`"%ProgramFiles%\Storj\Storage Node\orders"` by default), the docker version stores orders alongside with data in the data location. For example, if the storage folder specified in the Windows GUI is `D:\STORJ`, then for the Docker version you should move the content of the `D:\STORJ` folder to the subfolder `storage`, i.e. `D:\STORJ\storage`, the orders should be moved from the `"%ProgramFiles%\Storj\Storage Node\orders"` to the `D:\STORJ\orders`. The same applies for Linux/MacOS systems. How do we accomplish that? We will use the `D:\STORJ` path of the source Windows system as an example. The destination path depends on OS: WindowsLinuxMacOS In Windows, we will use the same folder`D:\STORJ` and PowerShell as a terminal. We will assume that your Windows user is called `user` and it has full access to the `D:\STORJ` folder. If you are moving the identity and data to the new Windows CLI host, you need to share the destination folder on that host and follow the guide [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) Then, [Step 2. Setup Port Forwarding](https://storj.dev/node/get-started/port-forwarding) [Preparing the source Windows system](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli#preparing-the-source-windows-system) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ The configuration steps are different depending on the destination OS. WindowsLinuxMacOS If your source and destination OSes are both Windows, you can use the integrated `robocopy` command-line utility to copy your files across the network or local system: [How to migrate the Windows GUI node from one physical location to another?](https://storj.dev/node/faq/migrate-my-node/how-to-migrate-the-windows-gui-node-from-a-one-physical-location-to-other) If your source and destination is the same Windows, stop and disable storagenode service to avoid disqualification. Execute in the elevated PowerShell: Stop-Service storagenodeSet-Service storagenode -StartupType Disabled Stop-Service storagenodeSet-Service storagenode -StartupType Disabled CopyCopied! And rename folders to use with docker. Please replace `D:\STORJ` with your actual path (PowerShell): mv D:\STORJ D:\storagemkdir D:\STORJmv D:\storage D:\STORJ\storage mv D:\STORJ D:\storagemkdir D:\STORJmv D:\storage D:\STORJ\storage CopyCopied! [Copy identity, orders and data from the Windows GUI storagenode](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli#copy-identity-orders-and-data-from-the-windows-gui-storagenode) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- You can use this guide to migrate the identity, orders and data to a different device: [How do I migrate my node to a new device?](https://storj.dev/node/faq/migrate-my-node) WindowsLinuxMacOS We will assume that your identity is placed in the default location, i.e. `%APPDATA%\Storj\Identity\storagenode`and you used the default setup location, i.e. orders are located there: `"C:\Program Files\Storj\Storage Node\orders"` robocopy /MIR /MOVE $env:AppData\Storj\Identity\storagenode D:\STORJ\identity robocopy /MIR /MOVE $env:AppData\Storj\Identity\storagenode D:\STORJ\identity CopyCopied! The storage data has already been migrated in the previous step. Now move orders to the data location: robocopy /MIR /MOVE "$env:ProgramFiles\Storj\Storage Node\orders" D:\STORJ\orders robocopy /MIR /MOVE "$env:ProgramFiles\Storj\Storage Node\orders" D:\STORJ\orders CopyCopied! When the data migration is completed, you should remove the storagenode Windows GUI version from the source Windows. If you did not remove the Windows GUI storagenode instance, it could be automatically started by `storagenode-updater` service resulting in two copies of the same node in the network. It will be disqualified within a hour because it will not have all pieces since after the migration. [Running storagenode in Docker](https://storj.dev/node/faq/migrate-my-node/migrating-from-windows-gui-installation-to-a-docker-cli#running-storagenode-in-docker) ------------------------------------------------------------------------------------------------------------------------------------------------------------------ Now you can run the storagenode container following this guide: [Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) . Previous [Migrating from Docker CLI to a GUI Install on Windows](https://storj.dev/node/faq/migrate-my-node/migrating-from-docker-cli-to-a-gui-install-on-windows) Next [How do I redirect my logs to a file?](https://storj.dev/node/faq/redirect-logs) --- # Why is my node disqualified? - Storj Docs Node disqualification is designed to protect customers' data from being lost or getting altered. It's an edge action when the node become unreliable or malicious. Disqualifications are permanent and not reversible. There are some rare exceptions where disqualifications may be reverted such as, due to a bug in our code or satellite misconfiguration. These special cases are not the subject of this article. [Reasons of disqualification](https://storj.dev/node/faq/why-is-my-node-disqualified#reasons-of-disqualification) ================================================================================================================== A disqualification could happen on one or more satellites for the following reasons: * too many failed audits (losing more than 4% of audit score: when the audit score falls below the 96% threshold, the node will be disqualified); * node too long in offline status (more than 30 days); * too many offline periods. See: * [how the audit score is calculated](https://github.com/storj/design-docs/blob/f6b8e7b3124326228ee4ae0e81e06e3d5007edef/20190909-reputation-and-node-selection.md) ; * [what initial parameters used for audit score](https://forum.storj.io/t/tuning-audit-scoring/14084/72?u=alexey) ; * [design of online detection with audits](https://github.com/storj/design-docs/blob/f6b8e7b3124326228ee4ae0eh81e06e3d5007edef/20200521-access-revocation.md) ; * [how the online score is calculated](https://storj.dev/node/faq/how-the-online-score-is-calculated) . [Reasons of failed audits](https://storj.dev/node/faq/why-is-my-node-disqualified#reasons-of-failed-audits) ============================================================================================================ To be audited, the node should be online and answering to audit requests, otherwise it will [affect the online score](https://storj.dev/node/faq/how-the-online-score-is-calculated) instead of audit score. So, the node is online, answers to audits but: * did not provide a piece for audit in 5 minutes. Did the same two more times for the same piece; * has provided a piece but it's corrupted; * did not provide a piece with error "file not found". In such cases, the audit of this piece is considered failed. 40 consecutive failed audits are enough to disqualify the node. However, while 40 consecutive failed audits are sufficient to be disqualified, that’s just the fastest way. The failed audits don’t have to be consecutive - you can also be disqualified e.g., by failing 100 audits with lots of passing audits in between, as any failure of more than 4% of audits over time would lead to disqualification. The higher the percentage that fail, the fewer audits are needed. 40 audits at 100% failure rate is the fastest way to get there. In contrast, at 4% failure rate it would take about 3000 audits to get disqualified. [How to detect an audit failure](https://storj.dev/node/faq/why-is-my-node-disqualified#how-to-detect-an-audit-failure) ======================================================================================================================== You need to inspect [your logs](https://storj.dev/node/faq/check-logs) for errors during **GET\_AUDIT** and **GET\_REPAIR** operations, if they show **failed**, then it will affect the audit score immediately. Failed audits due to corrupted pieces can be not logged by the storagenode software to make adoption of malicious user harder. However, they could be detected indirectly (see [Detect hanging and silent audit failures](https://storj.dev/node/faq/why-is-my-node-disqualified#detect-hanging-and-silent-audit-failures) below). Some corruption errors are logged: [https://github.com/storj/storj/issues/4194](https://github.com/storj/storj/issues/4194) Failed audits due to timeouts are not logged on the node's side for obvious reason - if the node is unable to provide a piece, it's likely hanging and cannot write a log either. These types of failure are hard to detect, they usually relate to the hardware (SMR disks or dying disks, overheating etc.) or OS (drivers, updates etc.) or other software (antivirus, firewalls, malware or viruses etc.) When storagenode cannot provide a piece before the 5 minute timeout has expired, it can still respond to audit requests but cannot provide a piece because it becomes incredibly slow (usually SMR disks or dying disks or other hardware / software problems that make the node too slow to respond), even the port will appear open on [https://www.yougetsignal.com/tools/open-ports/](https://www.yougetsignal.com/tools/open-ports/) , and even UptimeRobot.com would not be able to notice the problem. Usually a simple reboot is enough to bring storagenode back to life. [Detecting direct audit failures](https://storj.dev/node/faq/why-is-my-node-disqualified#detecting-direct-audit-failures) ========================================================================================================================== Direct audit failures can be detected by keywords in the logs as shown below. [Linux/MacOS bash](https://storj.dev/node/faq/why-is-my-node-disqualified#linux-mac-os-bash) --------------------------------------------------------------------------------------------- docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep failed docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep failed CopyCopied! [Windows Docker Powershell](https://storj.dev/node/faq/why-is-my-node-disqualified#windows-docker-powershell) -------------------------------------------------------------------------------------------------------------- docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls failed docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls failed CopyCopied! [Windows GUI Powershell](https://storj.dev/node/faq/why-is-my-node-disqualified#windows-gui-powershell) -------------------------------------------------------------------------------------------------------- sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls failed sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls failed CopyCopied! [Detect hanging and silent audit failures](https://storj.dev/node/faq/why-is-my-node-disqualified#detect-hanging-and-silent-audit-failures) ============================================================================================================================================ Hanging and silent audit failures can be detected by a lack of audit requests during long periods in the logs, or started but not finished audits, or by long periods between "download started" and "downloaded" for **GET\_AUDIT** or **GET\_REPAIR**. This also affects the audit score on the dashboard (it may not display as updated depending on how badly your node is hanging). For the first sign there is no automation at the moment - you can detect it only visually - usually your node should be audited not less than once an hour. If you see no audits for a long time (it's even visible on your dashboard as lack of audit traffic), this is a reason to be concerned, especially if you see that the audit score starts to fall even by one percent. For the second sign you can calculate total audits started and total audits finished. If the numbers doesn't match - there could be a problem (the unmatched numbers should not be greater than 7). For the third sign you can request the time stamps for the exact pieces for one or several satellites: [https://forum.storj.io/t/topic/14848/97](https://forum.storj.io/t/topic/14848/97) [Linux/MacOS bash](https://storj.dev/node/faq/why-is-my-node-disqualified#linux-mac-os-bash-2) ----------------------------------------------------------------------------------------------- Number of started audits: docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep started -c docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep started -c CopyCopied! Number of finished audits: docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep downloaded -c docker logs storagenode 2>&1 | grep -E "GET_AUDIT|GET_REPAIR" | grep downloaded -c CopyCopied! [Windows Docker Powershell](https://storj.dev/node/faq/why-is-my-node-disqualified#windows-docker-powershell-2) ---------------------------------------------------------------------------------------------------------------- Number of started audits: (docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls started).Count (docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls started).Count CopyCopied! Number of finished audits: (docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls downloaded).Count (docker logs storagenode 2>&1 | sls "GET_AUDIT|GET_REPAIR" | sls downloaded).Count CopyCopied! [Windows GUI Powershell](https://storj.dev/node/faq/why-is-my-node-disqualified#windows-gui-powershell-2) ---------------------------------------------------------------------------------------------------------- Number of started audits: (sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls started).Count (sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls started).Count CopyCopied! Number of finished audits: (sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls downloaded).Count (sls "GET_AUDIT|GET_REPAIR" "C:\Program Files\Storj\Storage Node\storagenode.log" | sls downloaded).Count CopyCopied! [Disqualification for downtime](https://storj.dev/node/faq/why-is-my-node-disqualified#disqualification-for-downtime) ====================================================================================================================== The disqualification for downtime is implemented only for long downtimes (more than 30 days offline.) In other cases only a suspension would be applied. However, downtime disqualification could get enabled soon, so better consider it as enabled already. [Long time offline](https://storj.dev/node/faq/why-is-my-node-disqualified#long-time-offline) ---------------------------------------------------------------------------------------------- If your node was offline or is running a version of the software lower than the minimum allowed version (see [Both nodes remain OFFLINE](https://forum.storj.io/t/both-nodes-remain-offline/4025) for example), it can be disqualified. So please if you are using the docker version of the software, enable [automatic updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates#automatic-updates) to protect the node. The Windows GUI and Linux GUI versions already use the automatic updates by default. [Too many offline events](https://storj.dev/node/faq/why-is-my-node-disqualified#too-many-offline-events) ---------------------------------------------------------------------------------------------------------- Your node can be offline for 288 hours before it would get suspended, however, if your node is still relatively new, the online score could be very sensitive, so in general - when the online score falls below 60%, the node will get suspended. While suspended, the node will not receive any ingress traffic, but will still be audited and could have egress traffic. After a suspension happened, you have a week to fix the issue. If the issue is not resolved (your node is still offline), it may get disqualified. When you fix the issue and the node comes back online, it needs to stay online for the next 30 days to recover fully. So during this 30-day recovery time your node will be under review. If the node still is in suspension at the end of the review period - it will be disqualified as unreliable. Every new offline event will require another 30 days online to recover after the downtime. The review period is not extended. When the online score rises above the 60% threshold, the node will come out of suspension and receive ingress normally again. See [How is the online score calculated?](https://storj.dev/node/faq/how-the-online-score-is-calculated) for details. While your node is offline, it can lose pieces due to repair, because offline pieces are considered as unhealthy. The longer the node stays offline - the more of its used space could be freed up due to pieces being repaired to other healthy nodes and this would then also lead to a lower payout. Previous [Why does Storj Labs not pay Storage Node Operators directly in USD?](https://storj.dev/node/faq/why-not-pay-in-fiat) Next [Why is the network not using all of my storage and bandwidth?](https://storj.dev/node/faq/storage-bandwidth-usage) --- # Understanding the Storj Console Project Dashboard - Storj Docs The landing page for the Storj Satellite Admin Console is the Project Dashboard. When you log into the Satellite Admin Console, you start on the Project Dashboard for your default Project. A Project is the basic unit for aggregating usage, calculating billing, invoicing fees, collecting payment, and handling access management. Users can create multiple Projects and projects are invoiced separately. Within a Project, usage is tracked at the Bucket level and aggregated for invoicing to the Project. Project names are not client-side encrypted so that they may be rendered in the Satellite user interface. There are two main drivers for creating multiple Projects: access management and billing. Learn more about Projects in [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) under Concepts. On the Project Dashboard, there are a number of navigational elements and information displays: 1. **Projects management** - This element allows you to add Projects and switch between different Projects. There you also have a [Projects](https://storj.dev/support/projects) setting. 2. **Project Navigation** - This element allows you to move between the different functions related to the project you have selected, to view the [Dashboard](https://storj.dev/support/dashboard) , use the [Object Browser](https://storj.dev/support/object-browser) to interact with data stored on Storj through a web browser interface, create [Access Grants](https://storj.dev/learn/concepts/access/access-grants) for native integrations and credentials for the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) , invite other developers to collaborate with you on your project in [Users](https://storj.dev/support/users) , see [Billing](https://storj.dev/support/account-management-billing/billing) , and **Quick Start**, and manage your Account in **My Account**. 3. **Storage Utilization** - This element displays the amount of storage utilized in the current month measured in GB hours; see [Pricing](https://storj.dev/dcs/pricing) . 4. **Bandwidth Utilization** - This element displays the amount of download bandwidth utilized in the current month measured in GB. 5. **Project Details** - This element displays the number of users added to a project, the number of [Access Grants](https://storj.dev/learn/concepts/access/access-grants) , the current number of [Buckets](https://storj.dev/learn/concepts/key-architecture-constructs#bucket) and the estimated charge for the current month; see [Pricing](https://storj.dev/dcs/pricing) . 6. **Bucket Information** - This element displays the names of [Buckets](https://storj.dev/learn/concepts/key-architecture-constructs#bucket) , the current month usage on Buckets and the number of objects in Buckets. Here are some links to help you get a better understanding of your Satellite Admin Console and Storj constructs: Learn more about [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) under Concepts. Learn more about Project [Usage Limits](https://storj.dev/learn/concepts/limits) under Concepts. Learn more about adding a [Payment Methods](https://storj.dev/support/account-management-billing/payment-methods) under Billing, Payment & Accounts. Learn [Pricing](https://storj.dev/dcs/pricing) under Billing, Payment & Accounts. Next we'll learn about creating/deleting buckets, uploading, downloading, viewing the object map, and sharing access to objects through the [Object Browser](https://storj.dev/support/object-browser) in the Satellite Admin Console. Previous [Projects](https://storj.dev/support/projects) Next [Object Browser](https://storj.dev/support/object-browser) --- # Why is the network not using all of my storage and bandwidth? - Storj Docs The quick answer is that your Node's reputation is still growing. The Node isn't yet storing stripes of frequently accessed pieces. Luckily for Storage Node Operators, we’ve optimized the network to provide the maximum amount of bandwidth allocation based on the operation of a single node in a bandwidth-constrained environment. This means that running a single Node per location (where one location = a discrete network with a separate IP address and bandwidth/bandwidth cap) will yield the best results (highest reputation, most storage contracts from satellites, and most earned STORJ tokens) for Storage Node Operators. Bandwidth volume measures how much storage can be uploaded and downloaded from a Storage Node. Upload bandwidth speed is critical to delivering data to developers, partners, and other companies/ individuals storing data on the network, with low latency. Fast upload bandwidth has the potential to greatly impact earnings for storage node operators. Previous [Why is my node disqualified?](https://storj.dev/node/faq/why-is-my-node-disqualified) --- # Where can I find the config.yaml? - Storj Docs DockerWindows GUI The `config.yaml` is created in your storage location when you did the[Storage Node](https://storj.dev/node/get-started/install-node-software/cli/storage-node) step. For example, if your `--mount` option in your `docker run` command looks like `--mount type=bind,source=/mnt/storj/storagenode,destination=/app/config`, then the `config.yaml` will be in the `/mnt/storj/storagenode` location. Options and parameters specified in the `docker run` command have a precedence over options in the `config.yaml -` Only options not also specified in the `docker run` command will be taken from the `config.yaml`file. Previous [Where can I check for a new version?](https://storj.dev/node/faq/where-can-i-check-for-a-new-version) Next [Why am I not storing more data?](https://storj.dev/node/faq/storing-more-data) --- # Using the Object Browser - Storj Docs The Object Browser supports uploading and managing objects directly through the browser with no command-line tool required. This component uses our [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) service. By using hosted Gateway MT you are opting into **server-side encryption**. See [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) [Configure Object Browser Access](https://storj.dev/support/object-browser#configure-object-browser-access) ------------------------------------------------------------------------------------------------------------ **Navigate to the** [Create buckets](https://storj.dev/dcs/buckets/create-buckets) page within your project. When you click on the bucket, you will be prompted to read carefully - The object browser uses [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) . Don't forget to save your **Encryption Passphrase** generated below, you will need it for future access. If this is your first time using the object browser, you **must create an encryption passphrase.** We strongly encourage you to use a mnemonic phrase. The GUI automatically generates one on the client side for you with the **Generate passphrase** option. You can also download it as a text file. Alternatively, you can enter your own passphrase using the **Enter passphrase** option. Finish selection by click on **Continue** button. To continue, you need to mark the checkbox **_\[v\] I understand, and I have saved the passphrase._** This will enable the **Continue** button. When you click the **Continue** button, you will be placed into the **Objects** view if you already have buckets, otherwise a new bucket **_demo-bucket_** will be created and you will be placed into that bucket view. [Upload files and folders](https://storj.dev/support/object-browser#upload-files-and-folders) ---------------------------------------------------------------------------------------------- \*\*The web browser is best for uploads up to 1GB. \*\* To upload larger files, please utilize the [Uplink CLI Tutorial](https://storj.dev/learn/tutorials/quickstart-uplink-cli) . If you have not yet created a bucket, the bucket **_demo-bucket_** will be created automatically to allow you to upload objects right away. To upload your first object, **drag it into the browser** or select **Upload File** and browse to the file you wish to upload. You can upload not only files but also folders, just **drag them into the browser** or select **Upload Folder** and browse to the folder you wish to upload. If you want to create a folder, you can do that with the **New Folder** button. When you drag and drop your file into the Storj console, the Storj S3-compatible Gateway will encrypt the data using [Design Decision - Server-side Encryption](https://storj.dev/learn/concepts/encryption-key/design-decision-server-side-encryption) , break large files into 64MB Segments (or for smaller files a single segment), then erasure code the segments, breaking each segment into 80 pieces, then distributing those pieces over our network of thousands of independently operated storage nodes. [Deleting files](https://storj.dev/support/object-browser#deleting-files) -------------------------------------------------------------------------- 1. If you select the three vertical dots on the right side of a file, a popup menu will appear: 2. Select the **Delete** command. 3. Confirm deletion with **Delete**. [Creating buckets](https://storj.dev/support/object-browser#creating-buckets) ------------------------------------------------------------------------------ Buckets are your containers that store objects. You can create your buckets in the **Browse** view or if you click on the **<-Back to Buckets** button, in the bucket view. The bucket name can only contain lowercase letters, numbers, and hyphens. To create a new bucket, click the **New bucket** button in the **Browse** view. A new module window will pop up called **Create Bucket**. Please provide a name using only lower case alphanumeric characters and dashes (this is a limitation for compatibility with existing object storages). After creating your new bucket, you will be placed into the bucket where you can [Upload an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/uploading-your-first-object/upload-an-object) [Deleting buckets](https://storj.dev/support/object-browser#deleting-buckets) ------------------------------------------------------------------------------ 1. Clicking the three vertical dots on the right side of the bucket, a popup menu will appear: 2. Click the **Delete** command 3. Type the **_Bucket Name_** and **Delete Bucket**. Be careful when deleting buckets - If you still have objects in the bucket being deleted, they will be deleted too! [Share a file](https://storj.dev/support/object-browser#share-a-file) ---------------------------------------------------------------------- After an upload completes, you will have the option of creating a share link. If you wish, click the file name - it will open a preview with a map. Here you can click the **Share** button. Or you can click on the three vertical dots to the right of the file you want to share, and select **Share** to share your object. The **Share** pop-up window allows you to share the link via social media or copy it with **Copy Link**. The share link includes a rendering of where the pieces of your file are located on the globally distributed network of storage nodes, as well as a preview of that file. [Share a bucket](https://storj.dev/support/object-browser#share-a-bucket) -------------------------------------------------------------------------- 1. Click the three vertical dots to the right of the bucket, a popup menu will appear 2. Click the **Share Bucket** command 3. Click the copy button to copy and share the link This concludes the Object Browser Quickstart. Previous [Dashboard](https://storj.dev/support/dashboard) Next [Users](https://storj.dev/support/users) --- # Using the Storj Console - Storj Docs The Storj Console is the web interface for developers to interact with Storj If you want to learn more about Developer Accounts, Projects, Access Grants, Buckets and how these architectural constructs relate and how they are used, check out the [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) under Concepts. The Storj Console is where you: 1. [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) 2. Create and manage [Projects](https://storj.dev/support/projects) 3. View your [Project Dashboard](https://storj.dev/support/dashboard) for summary data on usage, billing, and invoices. 4. Use the [Object Browser](https://storj.dev/support/object-browser) to drag and drop objects onto Storj through the browser, see the map of storage nodes storing the pieces of your file, and create sharable links to your objects. 5. [Create an Access to an Object](https://storj.dev/learn/tutorials/quickstart-uplink-cli/sharing-your-first-object/generate-access) the all-in-one bearer token for access management and encryption for configuring client tools and applications such as the CLI, developer library, self-hosted gateway, client apps like [Rclone](https://storj.dev/dcs/third-party-tools/rclone) and [FileZilla](https://storj.dev/dcs/third-party-tools/filezilla) , or using the [Storj-hosted S3 Compatible Gateway](https://storj.dev/dcs/api/s3/s3-compatible-gateway) . 6. Invite other developers to collaborate on your project, accessing [Users](https://storj.dev/support/users) in the dashboard. 7. Manage your account and payment method, on [Billing](https://storj.dev/support/account-management-billing/billing) The first step is to [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) on a Satellite. Previous [Requesting a Refund](https://storj.dev/support/account-management-billing/requesting-a-refund) Next [Projects](https://storj.dev/support/projects) --- # How can I use the STORJ token as form of payment? - Storj Docs You can use the STORJ token to buy storage on the Storj network to power apps and ecosystems built on the Storj platform, and to gain access to other services that may be offered by the Storj platform, such as DNS and TLS automation. You also will get a 10% bonus for using STORJ tokens as form of payment. As the number of apps and ecosystems built on the Storj network grows, so too will the number of uses for the STORJ token! [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/mceclip0.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/mceclip0.png) The billing page for your satellite account offers an option to select your payment method. This is where you would choose "Add STORJ Tokens" which will then show the screen with STORJ deposit address and QR, it accepts only STORJ ERC20 Tokens via L1 (Ethereum) or L2 (zkSync Era only) to in order to be credited to your account in USD equivalent on the sent date. Once your STORJ deposit is confirmed by StorjScan, the value of your STORJ deposit in USD will be shown in your Storj account on the billing page as available balance after an additional waiting period which may last up to several hours, depending on the time taken by StorjScan to pass the payment to the Storj platform. You can see more detailed instructions on how to pay with STORJ token in the [billing & payment](https://storj.dev/support/account-management-billing/billing) section of our Storj documentation. Previous [Expired Credit Card](https://storj.dev/support/account-management-billing/payment-methods/expired-credit-card) Next [Promotional Credits](https://storj.dev/support/account-management-billing/payment-methods/promotional-credits) --- # Why does Storj Labs not pay Storage Node Operators directly in USD? - Storj Docs In many countries, receiving foreign currency as a payment may be prohibited by local laws unless you are a legal entity. There are a lot of restrictions around fiat. At the time this article was published we had storage node operators located in 94 countries (http://storjnet.info/), so it would be nearly impossible to comply with all local requirements to send fiat USD to Operators. Another problem is that sending international wire transfers is usually very slow and frequently involves very costly transaction fees. Even after paying the high fees, the transfer may still fail, get lost or be rejected. In the case of STORJ tokens, we are not faced with the above mentioned problems in most cases (you would need to consult with a local attorney and your tax office regarding any local legal requirements around cryptocurrencies, we do not guarantee that receiving tokens is allowed in your country). Also, the STORJ tokens you earn for sharing your hard drive and bandwidth can be used to pay for our Storj DCS service to store your files in our decentralized end-to-end encrypted S3 compatible cloud storage. Previous [Why are my payouts so low?](https://storj.dev/node/faq/low-payouts) Next [Why is my node disqualified?](https://storj.dev/node/faq/why-is-my-node-disqualified) --- # Why am I not storing more data? - Storj Docs The most important aspect to increase the amount of data stored on your Node (and thus maximizing payout) is to build reputation of your Node’s ID over an extended period of time. When a Node first joins the network, there is a probationary period, during which the Node has to prove itself (e.g. maintaining a certain uptime and performance levels, passing all content audits). During that vetting period, the Node only receives as small amount of non-critical data (but still gets paid for this data). Once vetted, a Node can start receiving more data (and not just test data), but must continue to maintain uptime and audit requirements to avoid disqualification. The filtering system blocks bad Storage Nodes from participating. Additional actions that are disqualifying include: failing too many audits; failing to return data, with reasonable speed; and failing too many uptime checks. After disqualified Storage Nodes have been filtered out, remaining statistics collected during audits are used to establish a preference for better Storage Nodes during uploads. These statistics include performance characteristics such as throughput and latency, history of reliability and uptime, geographic location, and other desirable qualities. They are combined into a load-balancing selection process, such that all uploads are sent to qualified Nodes, with a higher likelihood of uploads to preferred Nodes, but with a non-zero chance for any qualified Node. [![](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6kyTxJSBnAQUkuk50IIWq_image.png)](https://link.us1.storjshare.io/raw/jua7rls6hkx5556qfcmhrqed2tfa/docs/images/6kyTxJSBnAQUkuk50IIWq_image.png) Previous [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) Next [Why are my payouts so low?](https://storj.dev/node/faq/low-payouts) --- # What tax forms do Storage Node Operators need to submit? - Storj Docs If you are a storage node operator (SNO), Storj Labs may be required to withhold taxes from your node's earnings, depending on your status as [US Person or Foreign Person](https://www.irs.gov/individuals/international-taxpayers/classification-of-taxpayers-for-us-tax-purposes) . [U.S. persons:](https://storj.dev/node/faq/what-tax-forms-do-storage-node-operators-need-to-submit#u-s-persons) ---------------------------------------------------------------------------------------------------------------- SNOs who are considered U.S. Persons will need to fill out a [W-9 form](https://www.irs.gov/pub/irs-pdf/fw9.pdf) , regardless if the node(s) they run are physically located inside or outside of US territories. They will then receive a Form 1099 from Storj Labs only if their node earnings exceeded $600 for the previous tax year. [Foreign contractors:](https://storj.dev/node/faq/what-tax-forms-do-storage-node-operators-need-to-submit#foreign-contractors) ------------------------------------------------------------------------------------------------------------------------------- SNOs who are considered Foreign Persons are foreign contractors as far as their node income is concerned. As long as a foreign contractor is not a U.S. person and the services are wholly performed outside the US, then no Form 1099 is required to be sent to them and no withholding is required. However, Storj Labs does require a [Form W-8BEN](https://www.irs.gov/pub/irs-pdf/fw8ben.pdf) to be signed by the foreign contractors. By signing Form W-8BEN, the foreign contractor is certifying that he or she is not a U.S. person. The Form W-8BEN is not filed with the I.R.S. (U.S. tax authority). It is kept on file with the US payor (in this case, Storj Labs) in case the US payor is audited. If audited, the Form W-8BEN supports why no Form 1099 was issued and why no tax was withheld from the foreign contractor. Please use [these instructions](https://www.irs.gov/pub/irs-pdf/iw8.pdf) to fill in Form W-8BEN. Both U.S. persons and Foreign persons who are storage node operators should scan and submit the appropriate signed form (W-9 for US persons or W-8BEN for foreign contractors) to our accountant's email address: [finance\_SNO@storj.io](mailto:finance_SNO@storj.io) Previous [What other commands can I run?](https://storj.dev/node/faq/other-commands) Next [Where can I check for a new version?](https://storj.dev/node/faq/where-can-i-check-for-a-new-version) --- # Why are my payouts so low? - Storj Docs If you believe you should have gotten higher payouts, please run [the earnings estimator](https://forum.storj.io/t/earnings-calculator-update-2024-07-28-v14-1-0-now-shows-garbage-collection-progress-detailed-earnings-info-and-health-status-of-your-node-including-vetting-progress-and-garbage-collection-status/1794)  and then compare each Satellite’s payouts to the amount you received in the transactions sent to your payout address for the month in question. Please wait to submit any support ticket until we have announced that all payouts have been completed for the month. Payouts are sent monthly, in the first two weeks after the month being paid is done. Please also consider that part of your payouts will be held back during the first nine months of operation, as explained here: [How does held back amount work?](https://storj.dev/node/faq/held-back-amount) The bottom section of the earnings estimator shows the amount you can expect to receive immediately vs the amount held back, depending which stage you’re in (months 1-3, months 4-6, or months 7-9). If your Node has been running more than nine months already, you’ll receive the full payout with no held back amount. Your payouts could also be low because your Node didn’t receive much traffic that month. Please note that we cannot guarantee a certain amount of data being constantly received by your Node, as real customers are uploading and downloading their files when they need to for their own purposes. This is not like cryptocurrency mining where if you provide a certain amount of bandwidth you would have the bandwidth completely saturated at all times. Make sure your Node has a good internet connection so it’s online 24/7 and is not failing audits, which could put it in containment mode (and not receive more data until it no longer fails audits). Previous [Why am I not storing more data?](https://storj.dev/node/faq/storing-more-data) Next [Why does Storj Labs not pay Storage Node Operators directly in USD?](https://storj.dev/node/faq/why-not-pay-in-fiat) --- # Where can I check for a new version? - Storj Docs We have a proposal for the Storage Nodes Operators - let's work together and keep our network up to date to offer a great service to our Customers! Please, read this thread on the forum: [Keeping your node up to date, changes to storage node software! PLEASE READ this thread!](https://forum.storj.io/t/keeping-your-node-up-to-date-changes-to-storage-node-software-please-read-this-thread/9722) [Automatic updater](https://storj.dev/node/faq/where-can-i-check-for-a-new-version#automatic-updater) ------------------------------------------------------------------------------------------------------ The best way is to [Software Updates](https://storj.dev/node/get-started/install-node-software/cli/software-updates) (for Docker) - this is not necessary with the [Dashboard Windows](https://storj.dev/node/get-started/install-node-software/gui-windows/dashboard) version as it already has an automatic updater included, and the Linux version with similar capabilities is coming soon. ### [Community Forum](https://storj.dev/node/faq/where-can-i-check-for-a-new-version#community-forum) You can check for the latest version of _storagenode_ on our forum: [Storj Official Changelog](https://forum.storj.io/t/changelog-v1-52-2/18025) . Please always read the changelog whenever a new version comes out, as it may include important changes which could affect your node or your potential income. You can subscribe to the changelog thead on the forum to be updated! ### [Other ways to check the version](https://storj.dev/node/faq/where-can-i-check-for-a-new-version#other-ways-to-check-the-version) You can also track our GitHub repo: [Latest Releases](https://github.com/storj/storj/releases/latest) and [Docker Storage Node](https://hub.docker.com/r/storjlabs/storagenode) . Previous [What tax forms do Storage Node Operators need to submit?](https://storj.dev/node/faq/what-tax-forms-do-storage-node-operators-need-to-submit) Next [Where can I find the config.yaml?](https://storj.dev/node/faq/where-can-i-find-a-config-yaml) --- # What is the STORJ token? - Storj Docs STORJ is a utility token on the Ethereum network which follows the [ERC20 standard](https://en.wikipedia.org/wiki/ERC20) . STORJ tokens allow you to purchase storage or earn money for renting your free hard drive space regardless of where in the world you are located (the only exception are countries currently embargoed by the US government which for legal reasons Storj Labs cannot serve). STORJ token can be used directly on Ethereum blockchain for its transactions on Layer 1, and zkSync for transactions on Layer 2. Previous [What if my machine restarts or shuts down?](https://storj.dev/node/faq/machine-restart-shutdown) Next [What other commands can I run?](https://storj.dev/node/faq/other-commands) --- # What other commands can I run? - Storj Docs Run `help` to see other commands: Run the following to execute other commands: CLI InstallGUI Windows Install docker exec -it storagenode /app/storagenode help docker exec -it storagenode /app/storagenode help CopyCopied! Run the following to execute other commands: CLI InstallGUI Windows Install docker exec -it storagenode /app/storagenode <> docker exec -it storagenode /app/storagenode <> CopyCopied! Previous [What is the STORJ token?](https://storj.dev/node/faq/what-is-the-storj-token) Next [What tax forms do Storage Node Operators need to submit?](https://storj.dev/node/faq/what-tax-forms-do-storage-node-operators-need-to-submit) --- # Object Mount Overview - Storj Docs Welcome to the Storj Object Mount Documentation! Storj’s Object Mount makes working with object storage as fast and seamless as using a local drive. Whether you’re working in media production, research & development, or backup workflows, Object Mount combines the convenience of local storage with the scalability of the cloud. [What is Object Mount?](https://storj.dev/object-mount#what-is-object-mount) ----------------------------------------------------------------------------- Object Mount is a high-performance mount client that provides seamless, native access to object storage as if it were a fast, local file system. It allows existing applications to interact with object storage content without needing to recode apps or change your workflow — just mount and go. | **Feature** | **Benefit** | | --- | --- | | **Native Clients** | Object Mount offers native clients for Linux, Windows and macOS. Installs in minutes and can run inside unmodified containers. | | **Compatible and Seamless** | Run your same, unmodified tools and applications — now with fast access to object storage data. Files and directories on object storage behave the same as they do on a local disk. Fast, transparent, user-friendly. | | **POSIX Compliant** | Run your Linux tools, applications and workloads as expected — with all the same user and group permissions, symbolic & hard links, etc. | | **High Performance** | Intelligent caching and high-throughput make editing large files in real-time a breeze. Adobe Premiere Pro, DaVinci Resolve and any other industry standard toolkit all work “out-of-the-box.” Cloud storage is now just as responsive as local storage. | | **No Proprietary Formatting** | Object Mount keeps your files in their original format without any proprietary conversions. Your data is accessible across workflows, teams, tools, apps and dashboards. No risk of vendor lock-in. | | **Cost-efficient and Scalable** | By only accessing the bytes you need, Object Mount minimizes download bandwidth and reduces the need for expansive (and expensive) local storage arrays, lowering egress costs and saving you money on every project. | | **Eco-friendly Collaboration** | Reduce the energy and resource footprint of your Media and Entertainment workflows. Global teams access the same ‘single source of truth’ content without moving, copying or replicating media across multiple, disparate platforms. | ### [Bin Locking](https://storj.dev/object-mount#bin-locking) Bin locking prevents two editors from changing the same bin or project at the same time on Object Mount. The first person to open it gets write access and others are read only until the lock clears. Object Mount propagates lock state quickly and enforces read only behavior, but it does not create or remove locks. Some workflows also require additional third party software to coordinate locking with your editing application. [Where to Start](https://storj.dev/object-mount#where-to-start) ---------------------------------------------------------------- **Learn more** about how Object Mount works in the many **Appendix** articles: * Object Storage [Core Concepts](https://storj.dev/object-mount/appendix/core-concepts) * [POSIX Explained](https://storj.dev/object-mount/appendix/POSIX) Follow the **Installation Procedure** and **User Guides** for your operating system: * [macOS](https://storj.dev/object-mount/macos) * [Windows](https://storj.dev/object-mount/windows) * [Linux](https://storj.dev/object-mount/linux) **Optimize your workflows** with Media and Application tips: * [Premiere Pro](https://storj.dev/object-mount/media-workflows/premiere-pro) from Adobe * [Media Composer](https://storj.dev/object-mount/media-workflows/media-composer) from Avid * [DaVinci Resolve](https://storj.dev/object-mount/media-workflows/davinci-resolve) from Blackmagic Productions Next [macOS](https://storj.dev/object-mount/macos) --- # Need Help Finding Information on Storj? - Storj Docs Need help? If you couldn't find what you're looking for on this Documentation, you can use the search bar on the top bar, check the FAQ in our Community Forum or contact our Support. | Link | Content | | --- | --- | | Storj Docs📍You are here | Information on Storj product features, pricing, availability, and limits; how to use products from the control panel; how to manage your account, teams, and billing; and platform details like release notes and product policies. | | [Community Forum](https://forum.storj.io/) | If you're stuck on an issue, chances are someone has seen it before or can help you troubleshoot it. How to build on top of Storj resources, administer servers, write and deploy code, and install and configure open source tools. | | [Support](https://supportdcs.storj.io/hc/en-us) | FAQ about Storj, and get help with your account or services. | | [Support Node](https://support.storj.io/hc/en-us) | FAQ about Storj SNO, and get help with your account or services. | | [Status Page](https://status.storj.io/) | Check the current status of Storj services. | | [Github Issues](https://github.com/storj/storj/issues) | Report of our issues. | | [Product Releases](https://github.com/storj/storj/releases) | Updated product releases. | | [Contact Sales](https://www.storj.io/landing/get-in-touch) | Contact sales for help with large deployments. | | [Storj Blog](https://www.storj.io/blog) | Fresh posts from our team. | * * * [FAQ & Support](https://storj.dev/support#faq-and-support) ----------------------------------------------------------- If you can't find what you're looking for in the Community Forum, contact Support. [Storj Support](https://supportdcs.storj.io/hc/en-us) ------------------------------------------------------ FAQ, articles, and support [Storage Node Support](https://support.storj.io/hc/en-us) ---------------------------------------------------------- FAQ, troubleshooting, and support Our support process, responsibilities, and hours are published in our [Terms of Service](https://www.storj.io/terms-of-service) . Our support hours are: * Between 9:00 A.M. to 8:00 P.M. Eastern Time on Business Days for Severity Level 1 Errors * Between 9:00 A.M. to 5:00 P.M. Eastern Time on Business Days for other Support Requests You can submit a ticket via our Support Portals or via our Twitter [@StorjSupport](https://twitter.com/storjsupport) . Next [Billing](https://storj.dev/support/account-management-billing/billing) --- # Storj Engineering Blog | Storj Engineering Blog Storj Engineering Blog ---------------------- Learn about the latest developments in the Storj network and the technology that powers it. [![](https://storj.dev/images/gopher-math.jpeg)\ \ 2/28/2025\ \ ### Two mul or not two mul: how I found a 20% improvement in ed25519 in golang\ \ Low level optimizations are tricky and sometimes unintuitive. We'll take a look at a story of optimizing ed25519 signing and verification.\ \ Egon Elbre](https://storj.dev/blog/two-mul-or-not-two-mul) [![](https://storj.dev/images/hero-integration-tests.jpeg)\ \ 3/20/2023\ \ ### Go Integration Tests with Postgres\ \ When writing server side projects in Go, at some point you will also need to test against a database. Let's take a look at different ways of using Postgres with different performance characteristics. The final approach shows how you can set up a clean database in 20ms (there are a few caveats).\ \ Egon Elbre](https://storj.dev/blog/go-integration-tests-with-postgres) [![](https://storj.dev/images/hero.png)\ \ 10/13/2022\ \ ### Finding and Tracking Resource Leaks in Go\ \ Forgetting to close a file, a connection, or some other resource is a rather common issue in Go. Usually you can spot them with good code review practices, but what if you wanted to automate it and you don't have a suitable linter at hand?\ \ Egon Elbre](https://storj.dev/blog/finding-and-tracking-resource-leaks-in-go) [![](https://storj.dev/images/hero-production-concurrency.jpeg)\ \ 7/29/2022\ \ ### Production Ready Go Concurrency\ \ Concurrency is one of those things that's easy to get wrong, even with Go concurrency features. Let's review things you should consider while writing a concurrency production code.\ \ Egon Elbre](https://storj.dev/blog/production-concurrency) [![](https://storj.dev/images/hero-lensm.jpeg)\ \ 7/18/2022\ \ ### Lensm, A Tool for Viewing Disassembly\ \ I couldn’t find a great tool for viewing disassembly, so I wrote it myself over the weekend.\ \ Egon Elbre](https://storj.dev/blog/lensm) [![](https://storj.dev/images/69c628262ae22ee5.png)\ \ 3/31/2022\ \ ### Storj Open Development -Part 2\ \ In October 2021, Storj announced we were going to adopt an open development strategy for the storage node development efforts. The goal was to enable our community—and the wider open source community—to contribute to the development of the network. We started this effort by moving all node issues...\ \ Brandon Iglesias](https://storj.dev/blog/storj-open-development-part-2-whats-new) [![](https://storj.dev/images/hero-leak.jpeg)\ \ 3/7/2022\ \ ### Finding Goroutine Leaks in Tests\ \ A leaked goroutine at the end of a test can indicate several problems. Let's first, take a look at the most common ones before tackling an approach to finding them.Problem: DeadlockFirst, we can have a goroutine that is blocked. As an example:func LeakySumSquares(c...\ \ Egon Elbre](https://storj.dev/blog/finding-goroutine-leaks-in-tests) [![](https://storj.dev/images/344a9e476aa2b1ea.png)\ \ 3/7/2022\ \ ### Use Storj DCS from Cloud-native Environments Using the Sidecar Pattern\ \ Data stored in Storj Decentralized Cloud Storage can be accessed in multiple ways:With native “uplink” protocol, which connects directly to the nodes where the data is storedWith using S3 compatible REST API, using an S3 gateway:Either the hosted S3 gateway, operated by Storj LabsOr with running ...\ \ Marton Elek](https://storj.dev/blog/use-storj-dcs-from-cloud-native-environments-using-sidecar-pattern) [![](https://storj.dev/images/hero-tech-debt.png)\ \ 10/14/2021\ \ ### Demystifying Technical Debt\ \ Technical debt has been bothering me for a while. It looks like a scary monster in the closet. It seems somehow a catchall for different design mistakes, code worsening over time, legacy codebases, and intentional design mistakes due to time constraints.\ \ Egon Elbre](https://storj.dev/blog/demystifying-technical-debt) [![](https://storj.dev/images/10fb6f750e522e1c.png)\ \ 10/1/2021\ \ ### Storj Open Development Announcement\ \ Storj Open Development Announcement\ \ Clement Sam](https://storj.dev/blog/storj-open-development-announcement) [![](https://storj.dev/images/9ccdc75d22b6993e.png)\ \ 8/31/2021\ \ ### Using Storj DCS with GitHub Actions\ \ GitHub Actions is their system to automate, customize, and execute software development workflows in the GitHub repository. This article will inform you how to upload files to a Storj DCS bucket from a GitHub Actions workflow.The Storj DCS Public Network Stats is one of the projects at Storj wher...\ \ Kaloyan Raev](https://storj.dev/blog/using-storj-dcs-with-github-actions) [![](https://storj.dev/images/20487c1035ee937f.jpeg)\ \ 8/24/2021\ \ ### Open Source and Open Data: Storj DCS Network Statistics\ \ We recently began publicly exposing more data about the network in a way that could be used on-demand and programmatically. If you missed it, we have started publishing what we think is the most important network statistics on our new Storj DCS Public Network Statistics page. Now, if you’re a non-technical person, this may not be what you expected. Here’s an explanation of why we took this approach.\ \ Brandon Iglesias](https://storj.dev/blog/open-source-and-open-data-storj-dcs-network-statistics) [![](https://storj.dev/images/a5d148aee871d9eb.png)\ \ 8/10/2021\ \ ### A Tale of Two Copies\ \ It was the best of times, it was the worst of times. That's when I hit a performance mystery that sent me down a multi-day rabbit hole of adventure. I was writing some code to take some entries, append them into a fixed size in-memory buffer, and then flush that buffer to disk when it was full.\ \ Jeff Wendling](https://storj.dev/blog/a-tale-of-two-copies) [![](https://storj.dev/images/94ca9aa0a874a87b.png)\ \ 6/15/2021\ \ ### Automatically Store Your Tesla Sentry Mode and Dashcam Videos on the Decentralized Cloud\ \ You can automatically transfer Sentry Mode and Dashcam video clips over WiFi to cloud storage and make room for more videos the next day. We used a Raspberry Pi (a small, low cost, low power computer about the size of an Altoids tin) plugged into the USB port in the dashboard to store the video files. When the Tesla pulls into the garage at night, the Raspberry Pi connects via WiFi and uploads all the videos to Storj DCS cloud storage, then clears off the drive for use the next day. This will also work for videos recorded in Track Mode if you have one of the performance models, making it easy to share any of the videos with your friends.\ \ Krista Spriggs](https://storj.dev/blog/automatically-store-your-tesla-sentry-mode-and-dashcam-videos-on-the-decentralized-cloud) [![](https://storj.dev/images/e2c929baac38fe20.png)\ \ 4/27/2021\ \ ### Introducing DRPC: Our Replacement for gRPC\ \ In 2016, Google launched gRPC, which has overall taken the systems programming community by storm. gRPC stands for something with a G, Remote Procedure Call; it's a mechanism for easily defining interfaces between two different remote services. Building a new decentralized storage platform from the ground up in Go, obviously, we considered using gRPC to simplify our development process in peer-to-peer remote procedure calling. In fact, I'm not even sure we really considered anything else. Fast forward to the latter half of 2019, and we had 170k lines of Go, a beta network of over 4 PB, real live active users, and it turns out the gRPC bed we made for ourselves was not all roses. So we rewrote gRPC and migrated our live network. DRPC is an open-source, drop-in replacement that handles everything we needed from gRPC (and most likely, everything you need) in under 3000 lines of Go. It now powers our full network of tens of thousands of servers and countless clients.\ \ JT Olio and Jeff Wending](https://storj.dev/blog/introducing-drpc-our-replacement-for-grpc) [![](https://storj.dev/images/6371747a59800613.jpeg)\ \ 10/21/2020\ \ ### Visualizing Decentralized Data Distribution with the Linksharing Object Map\ \ At Storj Labs we're distributed system junkies. We enjoy building highly distributed, ridiculously resilient software. The Storj Network is currently spread across over 10,000 uncorrelated endpoints, and that number is growing fast.The global substrate of diverse, uncorrelated endpoints across wh...\ \ Brandon Iglesias](https://storj.dev/blog/visualizing-decentralized-data-distribution-with-the-linkshare-object-map) [![](https://storj.dev/images/hero-crdb-scale.png)\ \ 8/11/2020\ \ ### Choosing Cockroach DB for Horizontal Scalability\ \ Here at Storj Labs we just migrated our production databases from PostgreSQL to CockroachDB. We want to share why we did this and what our experience was. TL;DR Our experience has convinced us that CockroachDB is the best horizontally scalable database choice in 2020.\ \ Krista Spriggs and Jessica Grebenschikov](https://storj.dev/blog/choosing-cockroach-db-for-horizontal-scalability) [![](https://storj.dev/images/71499072b0db295f.jpeg)\ \ 5/3/2019\ \ ### Flexible File Sharing With Macaroons\ \ Sharing is a vital piece of any online storage system. Or, to be more precise, access control is a vital piece of such systems. When you store a file, you need to be able to designate whether other people or automated agents are allowed to retrieve the data, delete it, or put something else in it...\ \ Paul Cannon](https://storj.dev/blog/flexible-file-sharing-with-macaroons) [![](https://storj.dev/images/14f72bac7573e10c.png)\ \ 3/25/2019\ \ ### Our 3-Step Interview Process for Engineering Candidates\ \ In case you hadn't heard, Storj Labs is building a decentralized cloud object storage service. Why would we do such a challenging thing? At a basic level, it's because we believe the internet can be better than it currently is and we see how to improve it. We believe your data is worse off being ...\ \ JT Olio](https://storj.dev/blog/our-3-step-interview-process-for-engineering-candidates) --- # Adding Users to a Project Team - Storj Docs [Introduction](https://storj.dev/support/users#introduction) ------------------------------------------------------------- Collaborate with other developers and give them access to work with your project. If you need to collaborate with other developers on a project, you can add other developers who have an account on the same Satellite as your project. When you add another user to your project, that user will have full access to the Project Dashboard, Object Browser, and access Grants for your Project. Navigate to the **Team** screen. Select the **Add Member** button Type in the email addresses that the users have registered with their Satellite Accounts. The Users will be added to the Project Team and notified via email. Previous [Object Browser](https://storj.dev/support/object-browser) Next [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) --- # Requesting and Understanding Usage Limit Increases - Storj Docs If the default Project Limits do not appear to be appropriate for your use case, you may request a [Project Limit Increase form](https://supportdcs.storj.io/hc/en-us/requests/new?ticket_form_id=360000683212) . Increases in Project Limits may result in increased costs associated with your usage of Storj. [Free Trial](https://storj.dev/support/usage-limit-increases#free-trial) ------------------------------------------------------------------------- The Free Trial is not eligible for Project Limit Increases. [Object Storage](https://storj.dev/support/usage-limit-increases#object-storage) --------------------------------------------------------------------------------- When you request an increase to the Object Storage Project Limit, there is no additional fee beyond the cost for any incremental Object Storage utilized on Storj. [Egress Bandwidth](https://storj.dev/support/usage-limit-increases#egress-bandwidth) ------------------------------------------------------------------------------------- When you request an increase to the Egress Bandwidth Project Limit, there is no additional fee beyond the cost for any incremental Egress Bandwidth utilized on Storj. [Project, Bucket, and API Rate Limits](https://storj.dev/support/usage-limit-increases#project-bucket-and-api-rate-limits) --------------------------------------------------------------------------------------------------------------------------- When you request an increase to the Project, Bucket, and API Rate Limits, there are no additional fees at this time. Before requesting Rate Limit Increases for Projects or Buckets, please review the [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) section of this Documentation under Concepts. [Segment Limit](https://storj.dev/support/usage-limit-increases#segment-limit) ------------------------------------------------------------------------------- When you request an increase to the Per Segment Project Limit, you may be charged a Per Segment Fee for all Segments over the Segment Project Limit. Distributed object storage is optimized for large files (several MB or larger in size - the larger the better). Very small objects generate more overhead due to storage of the metadata for the file. This matters more than the actual size of the object stored when it comes to overhead. Consequently, we charge a nominal Per Segment Fee to account for that overhead. If a user is storing even large numbers of big files, the per segment fee will be inconsequential. If a user streams millions of small files, or configures an application to use Multipart Upload with a small part size, the Per Segment Fee will offset the cost associated with the greater metadata overhead and may significantly increase the overall fees charged. Data stored on Storj ordinarily does not incur any additional fees other than fees for Static Object Storage and Download Bandwidth. If you receive an increase in your Segment Project Limit, a Per Segment Fee will be applied to data stored on Storj for all Segments above the default Segment Limit. Previous [Users](https://storj.dev/support/users) Next [FAQ](https://storj.dev/support/faqs) --- # Managing Projects on the Storj Console - Storj Docs [Introduction](https://storj.dev/support/projects#introduction) ---------------------------------------------------------------- Manage your projects and limits. When you log into the Satellite Admin Console, you start on the [Dashboard](https://storj.dev/support/dashboard) for your default Project. A Project is the basic unit for aggregating usage, calculating billing, invoicing fees, collecting payment, and handling access management. Users can create multiple Projects and projects are invoiced separately. Within a Project, usage is tracked at the Bucket level and aggregated for invoicing to the Project. Project names are not client-side encrypted so that they may be rendered in the Satellite user interface. There are two main drivers for creating multiple Projects: access management and billing. Learn more about Projects in [Key Architecture Constructs](https://storj.dev/learn/concepts/key-architecture-constructs) under Concepts. To select, create or **Manage Projects** you can click the name of your project on the left side toolbar above Dashboard. [Create a new Project](https://storj.dev/support/projects#create-a-new-project) -------------------------------------------------------------------------------- On **_Projects_** screen to create a new Project select the **Create Project**. On Project **Dashboard** you can click the name of the current project and select **Create Project**. The availability of this function depends on your account tier. Please check [Usage Limits](https://storj.dev/learn/concepts/limits) for details. Specify the **Project Name**, optional **Description** and confirm the creating with the **Create Project** button. [Modify the existing Project](https://storj.dev/support/projects#modify-the-existing-project) ---------------------------------------------------------------------------------------------- To modify the existing Project on the **_Projects_** screen you can select a needed project and modify its name or description. [Changing Project Limits](https://storj.dev/support/projects#changing-project-limits) -------------------------------------------------------------------------------------- If your account tier allows you to change your [Usage Limits](https://storj.dev/learn/concepts/limits) , you will have more options than a free plan. Select **Edit** to the right of the limit to change it. However, it will not allow to increase limits greater than your available maximum. To change the maximum you need to file a support request to change your limits, see [Usage Limit Increases](https://storj.dev/support/usage-limit-increases) . [Delete the existing Project](https://storj.dev/support/projects#delete-the-existing-project) ---------------------------------------------------------------------------------------------- At the moment the Satellite Admin Console will not allow you to delete a Project. But you can delete all buckets and Access Grants from it and rename it to something like "not used". The empty project costs nothing. If you believe that you need to remove it anyway, then please remove all data and Access Grants from it before [file a support request](https://supportdcs.storj.io/hc/en-us) . We do not have an access to your data and Access Grants, because they are encrypted, and cannot remove your data on your behalf. So, please, remove them yourself before file a support request. We will ask you to do so anyway. [Manage Passphrase](https://storj.dev/support/projects#manage-passphrase) -------------------------------------------------------------------------- You may manage your [Passphrase](https://storj.dev/learn/concepts/key-architecture-constructs#encryption-key) used for [Buckets](https://storj.dev/support/object-browser) view. The **Manage Passphrase** window will allow you to: * [Create a new Passphrase](https://storj.dev/support/projects#create-a-new-passphrase) * [Switch current Passphrase](https://storj.dev/support/projects#switch-the-current-passphrase) * [Clear saved Passphrase](https://storj.dev/support/projects#clear-the-saved-passphrase) ### [Create a new Passphrase](https://storj.dev/support/projects#create-a-new-passphrase) After click the **Continue** button you will have a choice how do you want to provide your Encryption Passphrase: * [Generate a 12-words Encryption Passphrase](https://storj.dev/support/projects#generate-12-word-passphrase) * [Enter your own Encryption Passphrase](https://storj.dev/support/projects#enter-a-new-passphrase) #### [Generate 12-word passphrase](https://storj.dev/support/projects#generate-12-word-passphrase) Now you may: * **Copy** the generated Passphrase * **Download** the generated Passphrase * **Show Passphrase** You need to select a checkbox **\[ \] Yes, I saved my encryption passphrase** to **Continue** #### [Enter a new passphrase](https://storj.dev/support/projects#enter-a-new-passphrase) You should enter your own Encryption Passphrase (or a previously used), select a checkbox **\[ \] Yes, I saved my encryption passphrase** to **Continue** ### [Switch the current Passphrase](https://storj.dev/support/projects#switch-the-current-passphrase) You should enter your own Encryption Passphrase (or a previously used) to **Continue** ### [Clear the saved Passphrase](https://storj.dev/support/projects#clear-the-saved-passphrase) Click the **Continue** button to clear your currently saved Encryption Passphrase Previous [Storj Console](https://storj.dev/support/storj-console) Next [Dashboard](https://storj.dev/support/dashboard) --- # Managing Billing and Payments - Storj Docs [Introduction](https://storj.dev/support/account-management-billing/billing#introduction) ------------------------------------------------------------------------------------------ Manage your Billing, Invoices and Payment methods The Billing screen allows you to see all your projects and their **Total Estimated Charges** for the current Billing Period and **Available Balance** on the **Overview** tab. You can check **Transactions** for your STORJ deposit address on the **Payment Methods** tab. Your invoices you can see on the **Billing History** tab, your coupons and [Promotional Credits](https://storj.dev/support/account-management-billing/payment-methods/promotional-credits) you can see and add on the **Coupons** tab. You can expand any Project to see details of the charge. See [Pricing](https://storj.dev/dcs/pricing) for details. [Add a Payment Method](https://storj.dev/support/account-management-billing/billing#add-a-payment-method) ---------------------------------------------------------------------------------------------------------- To add a [Payment Methods](https://storj.dev/support/account-management-billing/payment-methods) you can switch to the **Payment Methods** tab and select **Add STORJ Tokens** or Add New Payment Method. Please read the [Pricing](https://storj.dev/dcs/pricing) section for details. ### [Adding STORJ tokens](https://storj.dev/support/account-management-billing/billing#adding-storj-tokens) You can select to **Add STORJ Tokens** on the **_Billing - Payment Methods_** screen, the deposit address will be automatically generated for you. If you click **Add funds** button, you will see a screen with QR code and your deposit address where you can send your STORJ tokens. When you will pay the needed amount of STORJ, they will be added automatically to your **Available Balance** in USD value. This deposit address supports only L1 ERC20 STORJ transactions on the Ethereum network and L2 ERC20 STORJ transactions on the zkSync Era network. zkSync Lite, Polygon and other Layer 2 protocols are not supported at this time. Please note, the payment will be accounted only after some amount of confirmations on the Ethereum network and then StorjScan will send them to your balance. This could take from minutes and up to 4 hours. If it took longer, please [contact support](https://supportdcs.storj.io/) . #### [Viewing transactions](https://storj.dev/support/account-management-billing/billing#viewing-transactions) You can click the **See transactions** button in the **Billing - Payment Methods** section to see your transactions: ### [Adding a Card](https://storj.dev/support/account-management-billing/billing#adding-a-card) You can select to **Add New Payment Method** to add a Card to your account on the **_Billing - Payment Methods_** screen. You will be prompted to specify Card details. Please provide a valid Card number, expiration date and CVC, then confirm adding a Card with the **Add Credit Card** button. We do not store your card details, they are used to register your Card on [Stripe](https://stripe.com/) . There you can use a Google Pay payment method, if you logged in to your Google Account with enabled Google Pay. The Apple Pay payment method is available only in the Safari browser. You can also use a Bank payment method (availability varies by region). [View a Previous Billing Period and Invoices](https://storj.dev/support/account-management-billing/billing#view-a-previous-billing-period-and-invoices) -------------------------------------------------------------------------------------------------------------------------------------------------------- If you select the **Billing History** tab, you will see all previous invoices: You can click on **Invoice PDF** link on the right side of the invoice to see details. [Add Coupons](https://storj.dev/support/account-management-billing/billing#add-coupons) ---------------------------------------------------------------------------------------- You can see your coupons on the **_Coupons_** tab of the **_Billing_** screen. You can **Apply New Coupon**: The added Coupon will be added as another tile. Previous [Help Center](https://storj.dev/support) Next [Create Your Account](https://storj.dev/support/account-management-billing/creating-your-account) ---