An Access Grant is a security envelope that contains a satellite address, a restricted API Key, and a restricted path-based encryption key - everything an application needs to locate an object on the network, access that object, and decrypt it.
Learn more about Access Management and Access Grants.
The Access Grant screen allows you to create or delete Access Grants, and generate credentials for the Storj DCS S3-compatible Gateway from an Access Grant.
Let's start with creating an Access Grant. Click the Create Access Grant Button.
Give your Access Grant a name:
Set any access restrictions you want encoded into your Access Grant. Through the Satellite Admin Console, you can set basic restrictions on your Access Grant. You can get more sophisticated using the CLI; see Create Access Grant in CLI and Uplink CLI. And learn more granular restrictions at the path prefix level within a Bucket.
Next, enter an Encryption Keys for your Access Grant. Note that this encryption passphrase is handled by the browser and is not stored by the Satellite. You can either Generate Phrase or Enter Phrase.
Do not lose your Encryption Passphrase. Storj DCS does not manage your encryption keys and if you lose your Encryption Passphrase and your Access Grant, you will not be able to decrypt your data. See FAQ.
Copy or download your Access Grant. Do not lose it, you only have one opportunity to do so. If you did not save it, please delete this Access Grant and create a new one and save it on this time.
This Access Grant can now be used to configure tools like the Storj DCS Uplink CLI, libuplink library, or apps like Rclone , FileZilla , or Restic. You can also generate credentials for the Storj DCS S3-compatible Gateway, see AWS SDK and Hosted Gateway MT.
Remember, when you generate credentials for the Storj DCS S3-compatible Gateway from an Access Grant, you are opting in to server-side encryption. See Design Decision: Server-side Encryption
When you generate credentials for the Storj DCS S3-compatible Gateway, the Admin Console will register your Access Grant with the Gateway Auth Service and display the credentials required to configure your client app to work with the Storj DCS S3-compatible Gateway.
To Delete an Access Grant, select an Access Grant and choose Remove Selected:
Then confirm that you want to delete the Access Grant.
Important: If you delete an Access Grant from the Satellite user interface, that Access Grant will immediately cease to function, and all hierarchically derived child Access Grants and Storj DCS gateway access credentials based on that Access Grant will also cease to function. Any data uploaded with that Access Grant will persist on Storj DCS. If you didn't back up the Encryption Passphrase used with the Access Grant you are deleting, you will not be able to decrypt that data without that Encryption Passphrase, and it will be effectively unrecoverable.
You don't need to know everything in the whitepaper about our Access Grants, macaroon-based API Keys or our encryption implementation, but if you understand the general principles, you'll find these are some very sophisticated (but easy to use) tools for creating more secure and private applications.
Next, we'll cover adding and removing other developers to and from your project. See Users.