🎉 Announcing new lower pricing — up to 40% lower costs for Cloud Servers and Cloud SQL! Read more →

New Orbit Storage Authentication Options

It’s no secret that our object storage system, Orbit, runs Openstack Swift under the hood. The Openstack Swift storage API is widely supported so it’s easy to integrate Orbit into your systems and applications.

And as of today, we now support the Swift v3 keystone authentication API, which widens support further. Here’s a few examples:

Swift CLI tool

swift’s own CLI tool obviously works nicely:

$ swift --os-auth-url https://orbit.brightbox.com --auth-version 3 --os-project-name acc-xxxxx --os-username jason.null@brightbox.com --os-password passwordhere list


restic is a tool which will manage encrypted deduplicated backups for you while handle things like retention periods etc.

$ OS_AUTH_URL=https://orbit.brightbox.com/v3 OS_USERNAME=jason.null@brightbox.com OS_PASSWORD=passwordhere OS_PROJECT_NAME=acc-xxxxx restic -r swift:mybackups:/ backup recipes

enter password for repository: ******************

repository 74e435a9 opened successfully, password is correct
no parent snapshot found, will read all files

Files:       27485 new,     0 changed,     0 unmodified
Dirs:         4291 new,     0 changed,     0 unmodified
Added to the repo: 423.645 MiB

processed 27485 files, 575.490 MiB in 2:48
snapshot 49e71f99 saved


rclone is an amazing tool: it’s basically rsync but works with remote storage APIs too, including Orbit. It still uses the tenant terminology rather than the newer project but it works fine:

$ rclone --swift-auth https://orbit.brightbox.com/v3 --swift-tenant acc-xxxxx  --swift-user jason.null@brightbox.com --swift-key passwordhere lsd :swift:


cyberduck is graphical client with support for various storage backends, including Swift:


The activestorage-openstack gem brings Swift support to Ruby/Rails applications and uses v3 auth by default. You’ll want to use API client credentials here, not user credentials, and you’ll need to create a temp url key for the container too:

in config/storage.yml:

  service: OpenStack
  container: myfiles
    openstack_auth_url: https://orbit.brightbox.com
    openstack_username: cli-xxxxx
    openstack_api_key: keyhere
    openstack_project_name: acc-xxxxx
    openstack_region: gb1
    openstack_temp_url_key: tempurlkey

Authentication methods

User authentication

These examples use user authentication. If your user has two factor authentication enabled then you’ll need to use an access token in place of your password, which you can obtain using the brightbox command line tool:

$ brightbox token create

access_token: 286755fad04869ca523320acce0dc6a4
   refresh_token: 10b222970537b97919db36ec757370d2
      token_type: Bearer

Users can belong to several accounts, so you specify which account you want to work with using the project parameter (sometimes referred to as tenant).

API Client authentication

You can also authenticate using API client credentials which can also be used to restrict access to specific containers, and control read/write privileges - perfect for using with automated systems. API Clients only every belong to one account, but you still need to specify the project parameter when using them.

Try Brightbox for free

To try out Orbit, you can sign up in a minute and get £50 free credit. After that, you just pay per gigabyte.

Get started with Brightbox Sign up takes just two minutes...