Manage buckets and users
Our customer interface Cockpit allows you to create and manage our "Object Storage" product in a self service fashion.
Terms
Bucket: A bucket represents a container in which you store your data.
Bucket User: Each user created can be granted access to multiple buckets. Each user has an "access key" and a "secret key". This information is required to log in to the system.
Which "Location" should I choose?
The choice of the "Location" plays an important role if you want to use your bucket for backups. In this case, it is advisable not to create the bucket in the same data center where your systems are located.
On the other hand, if you want to mount the bucket directly on your systems via a network protocol, it would be advisable to choose the "Location" where your systems are located due to lower latencies.
Manage Users
Users can be managed via the Cockpit, nctl, or the API.
A user can only be granted access to buckets that are created in the same Location.
- Cockpit
- nctl
You can create users under the Bucket Users tab in our Self-Service Portal.
Update Users
- Cockpit
- nctl
You can update users under the Bucket Users tab in our Self-Service Portal.
-
Examples:
Reset credentials:
nctl update bucketuser <name> --reset-credentials
Delete Users
You can delete users via the Cockpit or using nctl.
Please note that users who still have access to buckets may need to be removed from those first.
- Cockpit
- nctl
You can delete users under the Bucket Users tab in our Self-Service Portal.
-
Example:
nctl delete bucketuser <name>
Manage buckets
Create buckets
Buckets can be managed via the Cockpit, nctl, or the API.
When creating a bucket, you must always provide a unique name and a location.
The following settings are optional:
Versioning: The files are stored versioned. This takes up more storage space, but protects the data from being overwritten. Public readable: The bucket's data can be accessed or downloaded without authentication. Public list: A list of the files in the bucket can be retrieved using the specified public URL. The option requires that "Public readable" has been enabled. Location: Defines the location of the data.
All options, except for "Location", can be adjusted later as needed.
After creating a bucket, you can specify which users should have access to the new bucket. Users can be granted read access or write access.
Only users from the same "Location" where the bucket was created can be selected.
- Cockpit
- nctl
You create buckets under the Bucket tab.
-
Make sure that you have
nctlinstalled. -
Authenticate with our API using
nctl:nctl auth login -
Once nctl is ready, you can create your first bucket. For a minimal example, the only required flag is the bucket location.
nctl create bucket my-bucket --location=nine-cz41 -
For a full description of available flags and options, run:
nctl create bucket --helpnoteSome flags like
--permissionsand--corscan be repeated and are always merged in a deterministic way with duplicates automatically removed. Lifecycle policies behave differently because each--lifecycle-policyflag creates its own separate policy.The general rule is that keys are separated with
;and multiple values with,. -
Examples
Permissions:
# Multiple flags with one permission each (merged deterministically, duplicates deduped)
# Result:
# reader=frontend,analytics,john
# writer=ingest
nctl create bucket my-bucket --permissions reader=frontend,analytics \
--permissions writer=ingest \
--permissions reader=john
# Multiple permissions in one flag (merged deterministically, duplicates deduped)
# Result:
# reader=frontend,analytics,john
# writer=ingest
nctl create bucket my-bucket --permissions reader=frontend,analytics;writer=ingest;reader=john
# Mixed usage: multiple flags, each with single or multiple permissions
# Result:
# reader=frontend,analytics,john,guest1,guest2
# writer=ingest
nctl create bucket my-bucket --permissions reader=frontend,analytics;writer=ingest;reader=john \
--permissions reader=guest1,guest2Lifecycle Policy:
# One policy
# Result: policy for `logs/`
nctl create bucket my-bucket --lifecycle-policy prefix=logs/;expire-after-days=7;is-live=true
# Multiple policies (repeat the flag)
# Result: two policies: `tmp/` and `archive/`
nctl create bucket my-bucket --lifecycle-policy prefix=tmp/;expire-after=72h;is-live=true \
--lifecycle-policy prefix=archive/;expire-after-days=365;is-live=falseCORS:
# Single flag (merged deterministically, duplicates deduped)
# Result:
# origins: https://example.com,https://app.example.com
# response-headers: X-My-Header,ETag
# max-age: 3600
nctl create bucket my-bucket --cors origins=https://example.com,https://app.example.com;response-headers=X-My-Header,ETag;max-age=3600
# Or with duplicated keys (merged):
nctl create bucket my-bucket --cors origins=https://example.com;response-headers=X-My-Header;max-age=3600;origins=https://app.example.com;response-headers=ETag
# Multiple flags (merged deterministically, duplicates deduped)
# Result:
# origins: https://example.com,https://app.example.com
# response-headers: X-My-Header,ETag
# max-age: 3600
nctl create bucket my-bucket --cors origins=https://example.com;response-headers=ETag \
--cors origins=https://app.example.com;response-headers=X-My-Header \
--cors max-age=3600
Update buckets
You can update most bucket settings, but the bucket location cannot be changed after creation. If you need a different location, create a new bucket and migrate your data.
- Cockpit
- nctl
You update buckets under the Bucket tab.
-
For a full description of available flags and options, run:
nctl update bucket --help -
Examples
Permissions:
# Mixed usage: add more readers
# Result:
# reader=frontend,analytics,john,guest1,guest2
# writer=ingest
nctl update bucket my-bucket \
--permissions reader=frontend,analytics;writer=ingest;reader=john \
--permissions reader=guest1,guest2
# Remove specific role/users
# Removes reader=john and writer=ingest (others stay)
nctl update bucket my-bucket \
--delete-permissions reader=john;writer=ingestLifecycle policies:
# Remove a specific policy by exact definition
nctl update bucket my-bucket \
--delete-lifecycle-policy prefix=tmp/;expire-after=72h;is-live=true
# Clear all policies, then add two fresh ones in a single run
nctl update bucket my-bucket \
--clear-lifecycle-policies \
--lifecycle-policy prefix=logs/;expire-after-days=7;is-live=true \
--lifecycle-policy prefix=archive/;expire-after-days=365;is-live=falseCORS:
# Multiple flags (merged deterministically)
nctl update bucket my-bucket \
--cors origins=https://example.com;response-headers=ETag \
--cors origins=https://app.example.com;response-headers=X-My-Header \
--cors max-age=3600
# Delete specific CORS entries (by key/value)
nctl update bucket my-bucket \
--delete-cors origins=https://app.example.com;response-headers=ETagCustom hostnames:
# Remove one hostname
nctl update bucket my-bucket \
--delete-custom-hostnames assets.example.com
# Clear all and set a new one in a single run
nctl update bucket my-bucket \
--clear-custom-hostnames \
--custom-hostnames media.example.com
Getting bucket details
A bucket's configuration can be checked anytime through the Cockpit, nctl or the API.
- Cockpit
- nctl
Bucket details are available under the Bucket tab.
-
Use get to inspect a bucket's configuration and status. By default, it prints a summary (name, location, tier, public flags, versioning, etc.). You can also display specific details with the
--print-*flags.nctl get bucket <name> [flags] -
For a full description of available flags and options, run:
nctl get bucket --help
How do I access my buckets?
Buckets can be accessed via the S3-compatible API or via HTTP. Various open source tools and framework integrations are available for this purpose.
Pricing
| per GB | v1 | v2 |
|---|---|---|
| Storage | 0,09 CHF | 0,03 CHF |
| Outbound traffic | 0,02 CHF | 0,02 CHF |
The storage space is billed per started gigabyte. If you need more than 1 TB of storage, please contact us to adjust your quota.