Access & secret specifications

[Guigouu]

Hello,

I have some issue to implement this plugin. I would like to know some specifications about this following command:

velero install --provider tardigrade \
    --plugins storjlabs/velero-plugin:latest \
    --bucket $BUCKET \
    --backup-location-config accessGrant=$ACCESS \
    --no-secret

May I ask you to confirm:

• The variable $ACCESS refers to the serialized access from "uplink share sj:/// ". Which can also be remplace by one access key generated from WEB UI.
• --no-secret refers to the bucket passphrase, so we need to use --secret-file with the bucket passphrase stored in file or it refers to a k8s secret ?

Thank you

[ifraixedes]

Hi @Guigouu

The variable $ACCESS refers to the serialized access from "uplink share sj:/// ". Which can also be remplace by one access key generated from WEB UI.

Yes, that's correct, it's the serialized access grant that you can get from uplink or in the Web UI and whatever else that you constraint with uplink share ....

--no-secret refers to the bucket passphrase, so we need to use --secret-file with the bucket passphrase stored in file or it refers to a k8s secret ?

No, an access grant is self-contained, there is no concept of a secret as other providers like AWS S3, hence, the --no-secret flag tells Velero that this plugin doesn't require one.

Whenever you could verify my answers and if they resolve your doubts, please close the ticket, thank you.

[Guigouu]

Thank you for the clarification, I currently have default permission issues with API key. I am trying to figuring out how to revoke default root access with this thread https://forum.storj.io/t/how-do-you-revoke-an-access-grant-using-uplink-cli-with-examples/16320.