Access Grant vs S3 Credentials

It’s quite clear what the API key is for. The S3 Credentials are for the S3 gateway - that also makes sense. But I am failing to understand the connection between the S3 Credentials and the Access Grant.

I’ve seen an introduction where STORJ is being used via the S3 Gateway. That’s why the S3 Credentials were used. But in that video (and also in some documentation) it says to also create an Access Grant.

Since both don’t seem to be related - why?

Hello @tcurdt,
Welcome to the forum!

S3 credentials are generated by Gateway, when you register your access grant. You may do so from the UI, or from the uplink CLI.

See also Design Decision: Server-side Encryption | Storj Docs

Thanks, @Alexey

So - creating the S3 credentials implicitly also creates the access grant and it is not (despite what is described in the linked docs) necessary to create an access grant manually.

If I understood that correctly - it suddenly makes much more sense.

Wait - no you wrote it the other way around.
But these docs do not seem to be up-to-date.

Storj-hosted S3 Compatible Gateway | Storj Docs

There is no “continue in browser”.

The Access Grant groups all the attributes necessary to fetch and decrypt your data.

The S3 Credentials are a key used to lock and unlock an Access Grant which is saved in the Gateway.

(specifically the Access Grant is saved in a separate web service called the Auth Service).

I hope this clears it up.

1 Like

Yes, you understand it correctly, the S3 credentials based on Access Grant, just now this creation is happening under the hood.

You may create an access grant and register it from the uplink CLI, the result will be the same. But if you prefer UI, then yes, you should use the Create S3 Credentials wizard.

Just this flow has changed recently and we implemented a Create S3 Credentials wizard, but you may also choose the S3 Credentials option when you create an Access Grant

our product is changing faster than our documentation :slight_smile:
You may see a Billing on the left side in the screenshot from documentation, but it is recently moved to My Account.

1 Like

Thanks for the explanations!
I guess once these docs are updated it makes things much easier.

Arq Integration Guide | Storj Docs
Backup to Storj with Arq - Arq Backup Blog : Arq Backup Blog

As a side note - if I maybe add some UX/UI observations:

Using the same wizard from all 3 buttons is a bit confusing.
I know the access type gets pre-selected, but yet I can click on “API Access” and switch it to create “S3 Credentials”. I suggest to either have one button to open the dialog or remove/disable the type selection in the box.

Also the “Name” placeholder is confusing. The title says “Name”, the placeholder is “Input Access Name”. While in hindsight it’s clear, better stay consistent between the title and the placeholder. It should be either “Name” and “(Input) Name” or “Access Name” and “(Input) Access Name”. Everything else is confusing - at least during onboarding of new users.

Maybe check this with your UX team.

1 Like

Hi @tcurdt, thanks for your feedback!

The placeholders are helpers, where we can give users examples, instructions, and guidance. It’s good practice to provide more information about the input field in the placeholders, because good labels are usually short and most users can benefit from this “extra” help.

I hear the confusion you reported. I’ll test your suggestions and see what users in general think. We’re testing our assumptions in all these iterations, so we’ll certainly be able to change them.

Keep the feedback coming!

1 Like

Indeed - that’s what they are for :slight_smile:

An option could be to make the placeholder maybe a bit more clear.
Instead of “Input Access Name” try “Enter (a) Name for (the) Access/Grant/Credentials/Key”.

The naming here becomes a bit of a problem as you have the same dialog but a different naming. One time it’s “credentials” the other one is a “grant” or “key”.

Anyway - enough from me. Thanks for listening.
Happy user testing :slight_smile:

1 Like

Love it. Thanks, @tcurdt!

Would you like to be part of our selected group of testers? I’m frequently testing our design iterations before they go live through unmoderated tests on the Usertesting platform. It would be great to have your input before implementing our ideas! If yes, shoot me an email at, and we’ll set up your participation.