How to create new buckets using uplink CLI and set differents passphrases for each of them?

Hello,

using uplink mb -h command I haven’t found an answer to my question does anyone know how to do it?
I created an accees grant for CLI and performed the setup “uplink -setup”, during this phase I was asked to enter a passphrase and now all buckets creates by CLI uses this passphrase, I know that I can create new bucket with different passphrase via web interface but if I understand correctly in this way I lose end to end encryption because the passphrase is saved in storj’s servers in encrypted form for 3 days.

thanks for answer

If you create a new access grant for cli, you can also specify another passphrase.

3 Likes

Hi @q.a

The team phrased it this way

Encryption phrases are not set per bucket.

You can have files in the same bucket uploaded with different passphrases, in which case you just wont see the other files when you list bucket contents with the other phrase.

But if you then list with the first phrase access grant, you only see the files uploaded with that one.

3 Likes

@tylkomat @bre thanks for clarifications / suggestions.

So in both cases: create buckets with different passphrases or use same bucket by uploading files protected with different passphrases, i have to create different access grants (CLI uplinks in my case) for each passphrase I want to use.

Is this correct or is there another way?

1 Like

If I’m understanding your goal correctly, yes you can give each file in a bucket a unique passphrase.

my intention was to understand if there is a way to create buckets with different passphrases via the CLI, I seem to have understood that the only way to use different passphrases is to create many CLI access grant then create a bucket from cli and set the passphrase, repeat this step for every bucket with different passphrase

You can name the access grant. I think uplink setup will ask you for a name at some point. All of you access grants are stored on disk in a config file.

I would make sure there is no default config set so that uplink ls will complain about the missing access grant. Just to avoid me missing to name the access grant I would like to use.

Now if you would like to use a named access grant you can use uplink ls --access myaccess. This works with any uplink command. So you can also create a bucket, upload files or any other command you can think of. They would use the access grant with the name myaccess.

This leaves one possible user error on the table. I could use the wrong access grant in combination with the wrong bucket. Lets say I want to use myaccess only for mybucket and secondaccess for secondbucket. Well there is a way to make sure I never mix them. When creating these access grants I would restrict them to the corresponding bucket. That way an uplink cp --access myaccess s3://secondbucket will violate the restriction and error out.

So with these 2 tricks you should be able to make your dream work. One access grant per bucket and error messages in case you try something that is against your own rules. @q.a let me know if you need any help.

3 Likes

@littleskunk thank you, that’s confirmed what I thought, I’ll try with this approach