Access Grant Revocation Question

Hi,

I was looking over the documentation regarding access grants and had a few questions:

  1. The Create S3 Credentials section mentions “5. Click Next to provide Access encryption Information” – this option does not appear for me when I create S3 credentials. I did find the options to create or switch encryption passphrases in the “Project” menu. Was the option updated at some point after the documentation was written?
  2. A section at the bottom of the page says, “If you delete an Access Grant from the Satellite user interface, that Access Grant will immediately cease to function, and all hierarchically derived child Access Grants and Storj gateway access credentials based on that Access Grant will also cease to function. Any data uploaded with that Access Grant will persist on Storj. If you didn’t back up the Encryption Passphrase used with the Access Grant you are deleting, you will not be able to decrypt that data without that Encryption Passphrase, and it will be effectively unrecoverable.” This statement seems like one could easily make a mistake and lose access to data. My questions regarding that statement are:
  • Does this mean that if I generate an S3 credential, upload a bunch of data with that S3 credential, and later delete the credential, all information uploaded with it is inaccessible?

  • What if I create an Access Grant, import it into Uplink, upload a bunch of data, and then delete the Access Grant in the web UI? Is all information uploaded with that Access Grant inaccessible?

  • How would one go about regaining access to that data, assuming they are using the same encryption passphrase? Simply create a new Access Grant and import that into Uplink?

I did some tests and will answer some of my own questions in case others had the same question:

Answer: No. Deleting the S3 credential does not render files uploaded with it inaccessible. The files remain accessible in the web interface. Generating a new S3 credential (or using an previously-existing, not-deleted one) allows a client to access files uploaded with a now-deleted S3 credential.

Answer: Yes, but it can be easily accessed. See below.

If you generate an Access Grant using the web UI for a specific encryption passphrase (selected in the Project–>Manage Passphrase menu), import it into Uplink, upload data, then delete the Access Grant, files uploaded with the now-revoked Access Grant are accessible on the web UI with the same encryption passphrase, S3 clients generated using the same passphrase on the web UI, etc. If you switch to use a different passphrase, or use an Access Grant generated while using a different encryption passphrase, the files are inaccessible using that Access Grant.

If you generate an API key using the web UI, import it into Uplink (including setting an encryption passphrase), and upload a file, that file is only accessible using the encryption passphrase. You can enter that passphrase into the web UI and then access files created using that API key + passphrase (be sure to switch back to your main encryption passphrase later!) on the web UI. If you delete the API key in the web UI and generate a new one, you’ll need to use the encryption passphrase you chose for the previous API key in order to access files uploaded with the previous API key + passphrase.

In short: everything depends on the encryption passphrase. If you recall the encryption passphrase, you can use it to generate S3 credentials, Access Grants, and API keys in order to access files uploaded with Access Grants and API keys you’ve deleted. That’s a relief!

If you don’t remember the encryption passphrase, you’re hosed.

3 Likes