I am having trouble understanding how access to Storj buckets works. I’ve created a bucket with the browser and made an access grant with full permissions to the bucket. I generated s3 creds and uploaded many files to the bucket with the s3 creds (using a Linux backup tool called restic). But I cannot delete any files from the bucket.
So, assuming I accidentally disallowed deletes, I’ve created a new access grant with full permissions and associated that access grant with uplink like so:
uplink share --readonly=false sj://<bucketname>
uplink import <paste in access grant from previous command>
But when I try to ls the bucket with the new access grant creds, the bucket appears to be empty. When I ls the bucket using the first access grant creds, it shows many files but rm just says:
Error: uplink: permission denied (metainfo error: Unauthorized API credentials)
Can files created with one access grant not be deleted by another access grant? If so, how can I delete these files if the access grant that created them does not have delete permissions?
I think I have some kind of fundamental misunderstanding about access grants and Storj.
When you created the second access grant you should use the same encryption phrase as in the first one, if you want to ever decrypt uploaded objects.
If you do not remember the encryption phrase, and the first access grant is deleted - then you will be forced to delete those objects, because there is no way to decrypt them without encryption phrase used during upload.
You can also use different encryption phrase for each object, the system allows that too. As result you will see only objects uploaded with that encryption phrase.
However, you can see (and remove) objects in encrypted form:
uplink ls --encrypted sj://my-bucket
To remove the encrypted object with lost encryption phrase:
To have an access to objects uploaded with the first access grant and add deletion permissions - you need to create a new access grant with the same encryption phrase and full access.
After import to the uplink with a different name
Thank you. I wasn’t getting how encryption phrases were working. I created a new access with the encryption phrase which I had saved and am now able to delete files created with the initial access.
I was looking through the docs on this last night but wasn’t finding anything. Where is this documented?