Our durable object storage service, Orbit, makes it easy to store many gigabytes or terrabytes of data securely, replicated across our two UK datacentres.
It frees you from having to think about scaling your storage capacity so you can just write whatever size data you need, whenever you need to and just pay for what you use.
It also gives you control over how that data can be accessed by different users or applications.
Orbit separates data within an account using containers. Containers are a bit like filesystem directories - they group together a set of objects and allow you to control access to them as a set.
There are two main types of Orbit authentication, User authentication and “API Client” authentication.
Users are account owners or collaborators and can read and write to all Orbit containers on that account. User authentication is for trusted humans.
API Clients are credentials you can use to authenticate tools and applications, such as a web application storing avatars or a backup tool uploading backups.
So let’s go through setting up an API Client for use with a backup tool that will be limited to accessing just one Orbit storage container.
Click the cog icon at the top left of the page, next to your account name which will display the account menu. Then select the
API access menu option.
This will display your account’s API Clients list. Click the
New API Client button.
As this API Client is going to be used by our backups system, let’s give it the name
By default, API Clients have
Full privileges, which gives them read and write access to all Orbit containers on that account (and to all other cloud resources too).
Here though, we want our backup system to only have access to the backups data, so we’ll set the privileges for this API Client to
Orbit Storage Only. This will limit the API Client to accessing only the Orbit API and limit it’s access to specific containers we define.
When you click
Save, a new API Client will be created with a new identifier, which will look something like
cli-hgtla and a random secret which is displayed in the yellow box at the top. Note them both down (the random secret in particular cannot be displayed again, you’ll have to regenerate it if you lose it).
Now we need to create the container in Orbit. This can be done with Orbit’s OpenStack Swift compatible API, but here we’ll just use the Orbit Storage interface in Brightbox Manager (which uses that same API behind the scenes anyway).
In the main navigation bar on the left, click
Orbit Storage button, which will bring up a list of your Orbit containers (if you have any).
New Container to bring up the new container dialog. Let’s give this container a name of
backups - enter it into the name field.
Now we need to give the API Client permission to read and write to this container. So click the
Permissions tab, and enter the API Client identifier into both the
Read permissions and
Write permissions boxes. You need to prefix the API Client identifier with your account identifier and a colon, so it looks something like like:
That’s the Orbit side all done. The simplest way to test it is via our SFTP service. Just login using the API Client identifier as the username and the secret as the password.
You’ll notice that you can’t see any containers in the list, as the API Client doesn’t have permission to list them. But you can still enter the backups container and upload data to it just fine:
$ sftp email@example.com firstname.lastname@example.org's password: Connected to sftp.orbit.brightbox.com. sftp> ls sftp> cd backups sftp> put today.tar.gz Uploading today.tar.gz to /backups/today.tar.gz sftp> ls -l -rw-r--r-- 1 0 0 7516192768 08 Jan 17:06 today.tar.gz
Now you just need to configure your chosen backup software. Some tools, such as duplicity, natively support the OpenStack Swift API but most others will at least happily integrate via SFTP.
Last updated: 11 Apr 2019 at 12:23 UTC