2 KiB
Create buckets and keys
We use a command named garagectl which is in fact an alias you must define as explained in the Control the daemon section.
In this section, we will suppose that we want to create a bucket named nextcloud-bucket
that will be accessed through a key named nextcloud-app-key.
Don't forget that help command and --help subcommands can help you anywhere, the CLI tool is self-documented! Two examples:
garagectl help
garagectl bucket allow --help
Create a bucket
Fine, now let's create a bucket (we imagine that you want to deploy nextcloud):
garagectl bucket create nextcloud-bucket
Check that everything went well:
garagectl bucket list
garagectl bucket info nextcloud-bucket
Create an API key
Now we will generate an API key to access this bucket. Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket.
Now, let's start by creating a key only for our PHP application:
garagectl key new --name nextcloud-app-key
You will have the following output (this one is fake, key_id and secret_key were generated with the openssl CLI tool):
Key {
key_id: "GK3515373e4c851ebaad366558",
secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34",
name: "nextcloud-app-key",
name_timestamp: 1603280506694,
deleted: false,
authorized_buckets: []
}
Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!):
garagectl key list
garagectl key info GK3515373e4c851ebaad366558
Allow a key to access a bucket
Now that we have a bucket and a key, we need to give permissions to the key on the bucket!
garagectl bucket allow \
--read \
--write
nextcloud-bucket \
--key GK3515373e4c851ebaad366558
You can check at any times allowed keys on your bucket with:
garagectl bucket info nextcloud-bucket