WebGUI buckets and CLI buckets not in sync

  • I have created two buckets public and private in the WebGUI.
  • Then I set up uplink on my terminal.
  • Added folders and files to the public bucket using uplink
  • Set up Filezilla access to my node
  • Filezilla cannot see the folders or files created using uplink
  • WebGUI cannot see the folders or files created using uplink

My question is maybe related to how the service works. Am I missing something fundamental about how this works? Maybe I am not understanding how access tokens work?

Why does the CLI/uplink version of my storage node and the Filezilla/GUI versions not stay in sync?

1 Like

Hello @therealvirtual ,
Welcome to the forum!

You should use exactly the same encryption phrase used during upload, otherwise objects cannot be decrypted and your buckets will look like empty.
If you do not remember your encryption phrase, you can only remove these objects.
Using UI:

  1. In your dashboard, navigate to Buckets
  2. Click on three vertical dots on the right side of the bucket
  3. Select Delete, confirm deletion

Alternately, using Uplink CLI:

  1. Create an access grant
  2. Setup an uplink with that access grant

To list buckets:

uplink ls

To list objects which uses the current encryption phrase:

uplink ls sj://my-bucket

If list of objects is empty - there is no objects with current encryption phrase. If you lost the previous encryption passphrase, you can only delete the previous objects or even the buckets.

To list objects in encrypted form:

uplink ls --encrypted sj://my-bucket

To remove object in encrypted form:

uplink rm --encrypted sj://my-bucket/An1LhSLauz-ROF8oLgLV1UrafXZVUm3HEtU8irR8il4oFI9Xqzc=

To remove buckets where you lost an encryption phrase:

uplink rb --force sj://my-bucket

There is no concept of “public”/“private” bucket. They all private by default.
But you can share any bucket(s)/prefix(es)/object(s): Sharing Your First Object | Storj Docs or with the linksharing service: share | Storj Docs
The bucket/prefix/object become “public” only when you give the generated access grant or URL to someone or publish somewhere.

1 Like

I think I see your point. I was able to reconfigure uplink using the same access grant as I used in Filezilla and things look to be in sync. Just to be clear on how the juggling of access grants and encryption phrases work:

  • a single access grant is created from a unique encryption phrase
  • the access grant is similar to a hashed version of the encryption phrase
  • use the access grant as a password in uplink/Filezilla to access objects encrypted using the associated encryption passphrase

This means to me:

  • that I can have a bucket and grant access to various objects within that same bucket which are created/encrypted using various access grants coming from a unique encryption key
  • the encryption passphrase acts as the decrypting passphrase
  • in the online object browser I am browsing only objects in the bucket based on the unique encryption passphrase that I used to create them
  • theoretically there could be dozens of objects in a single bucket and users with various encryption phrases and access grants would only be able to see the objects created with the corresponding encryption phrase and no other
  • this works to control access to various objects as a kind

Could you please correct my understanding on these points as it would help me to understand how your technology works better? Thank you for your help!

I think I see your point. I was able to reconfigure uplink using uplink setup and use the same access grant that I used with Filezilla. Now everything looks to be in sync. I can even use the same encryption passphrase in the web object browser and see those same objects and buckets. Just to be clear on how this system works:

  • a unique encryption passphrase is used to generate a single access grant
  • multiple encryption passphrases can be used to control access to objects within the same bucket by creating multiple access grants
  • a user with one encryption passphrase cannot see the objects encrypted/created with separate encryption passphrases

Could you check my understanding on these points?

Also, how is the API key any different than the access grant? Is it recommended to use one over the other when simply managing the file system? Is the API key only used when using libraries such as libuplink for application development?

Thank you for your help!

Your assumptions almost correct, except hashes of encryption phrase. The access grant is more complicated object - it’s macaroon and contains API key, SatelliteID@SatelliteURL, encryption key derived from the encryption phrase and caveats (permissions).
So, when you share your access grant you basically give a derived credentials with limited permissions. However, if you share your root access grant you will give full permissions to your project.
See Access Management | Storj Docs and Encryption Keys | Storj Docs

API key is a key to access to the satellite, but it’s not enough to get or put your objects, you also need an encryption key. The encryption key usually derived from your encryption phrase.
The access grant consist of API key, SatelliteID@Satellite URL, encryption key and caveats.
See API Key | Storj Docs

2 Likes

Hi guys!

It is possible to create a web gui that uploads the data directly and publishes it if the user wants, something like a fansly but simpler and not for that purpose.