TrueNAS Nightly Development DocumentationThis content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.
Adding Cloud Credentials
12 minute read.
The Cloud Credentials screen, accessed from the Backup Credentials screen allows users to integrate TrueNAS with cloud storage providers.
These providers are supported for Cloud Sync tasks in TrueNAS SCALE:
- Amazon S3
- Backblaze B2
- Box
- Dropbox
- File Transfer Protocol (FTP)
- Google Cloud Storage
- Google Drive
- Google Photos
- Hypertext Transfer Protocol (HTTP)
- Hubic (closed to new accounts)
- Mega
- Microsoft Azure Blob Storage
- OpenStack Swift
- pCloud
- SSH File Transfer Protocol (SFTP)
- Storj iX*
- WebDAV
- Yandex
*TrueCloud backup tasks streamline functionality for Storj iX cloud backups and restoration.
To maximize security, TrueNAS encrypts cloud credentials when saving them. However, this means that to restore any cloud credentials from a TrueNAS configuration file, you must enable Export Password Secret Seed when generating that configuration backup. Remember to protect any downloaded TrueNAS configuration files.
Authentication methods for each provider could differ based on the provider security requirements. You can add credentials for many of the supported cloud storage providers from the information on the Cloud Credentials Screens. This article provides instructions for the more involved providers.
We recommend users open another browser tab to open and log into the cloud storage provider account you intend to link with TrueNAS.
Some TrueNAS providers credentials require entering additional information generated while creating the provider account. For example, the Storj iX account produces an access and secret key that must be entered in the Cloud Credential screen to create the credential.
Have the authentication information required by your cloud storage provider on hand to make the process easier. Authentication information can include but is not limited to user credentials, access tokens, and access and security keys.
To add a cloud credential:
Select the cloud service from the Provider dropdown list. The provider required authentication option settings display.
For details on each provider authentication settings see Cloud Credentials Screens.
Enter a name for the credential.
Enter the required authentication credentials, such as access token, access key and/or secret keys, and user credentials for the account into the appropriate fields.
Click Verify Credentials to test the entered credentials and verify they work.
Click Save.
Storj iX is the default cloud storage provider in TrueNAS.
The instructions in this section cover adding the Storj iX account and configuring the cloud service credentials in SCALE and Storj. The process includes going to Storj to create a new Storj iX account and returning to SCALE to enter the S3 credentials provided by Storj.
Go to Credentials > Backup Credentials and click Add on the Cloud Credentials widget. The Cloud Credentials screen opens with Storj displayed as the default provider in the Provider field.
Enter a descriptive name to identify the credential in the Name field.
Click Signup for account to create your Storj iX account. This opens the Storj new account screen for TrueNAS.
You must use this link to create your Storj account to take advantage of the benefits of the Storj iX pricing!After setting up your Storj iX account, create your Storj bucket and the Storj S3 access for the new bucket.
Enter the authentication information provided by Storj in the Access Key ID and Secret Access Key fields.
Click Verify Credentials and wait for the system to verify the credentials.
Click Save.
You can create your Storj iX cloud service account using two methods:
- Go to the TrueNAS Storj web page and click Sign Up & Log in - iX-Storj.
- Go to Credentials > Backup Credentials and click Add. Select Storj iX as the Provider on the Cloud Credentials screen, then click Sign up for account.
The Storj Create your Storj account web page opens. Enter your information in the fields, select the I agree to the Terms of Service and Privacy Policy, and click the button at the bottom of the screen. The Storj main dashboard opens.
Now you can add the storage bucket you want to use in your Storj iX account and SCALE TrueCloud Backup task.
From the Storj main dashboard:
Click Browse on the navigation panel on the left side of the screen to open the Browse Buckets screen. Click New Bucket to open the New Bucket window.
Enter a name in Bucket Name using lowercase alphanumeric characters, with no spaces between characters, then click Create Bucket. Your new bucket displays on the Browse Buckets screen.
Click on the new bucket to open the Enter passphrase window and configure encryption. Enter a secure passphrase in Encryption Passphrase.
Click Continue to complete the process and open the Browse Files screen with your new bucket.
After creating your bucket, add S3 access for the new bucket(s) you want to use in your Storj iX account and the SCALE TrueCloud Backup task.
Click Access Keys to open the Access Keys dashboard, then click New Access Key.
The New Access window opens.
Enter the name you want to use for this credential. Select S3 Credentials for access type, then click Next.
Select the permissions you want to allow this access key. Choose Full Access to allow permanent full permissions to all buckets and data then click Create Access or select Advanced then click Next to customize access configuration.
If you want to use the SCALE option to add new buckets in SCALE, set the access configuration to Full Access.(Optional) If configuring advanced access options:
a. Select the permissions to allow. Choose one or more of Read, Write, List, Delete, or choose All Permissions. Click Next.
b. Select the buckets to allow access to. Click All Buckets or click Select Buckets and use the Buckets dropdown to select one or more bucket(s). Click Next.
c. Select an expiration date if you want to set the duration or length of time to allow this credential to exist. You can select a preset period, click Set Custom Expiration Date to use the calendar to set the duration, or select No expiration. Click Next to open the Access Encryption window.
d. Review access details and then click Create Access.
Use Copy All or Download All to obtain the access key, secret key, and endpoint. Keep these in a safe place where you can back up the file.
Click Close.
This completes the process of setting up Storj buckets and S3 access. Enter these keys in the Authentication fields in TrueNAS SCALE on the Cloud Credentials screen to complete setting up the SCALE cloud credential.
When adding an Amazon S3 cloud credential, you can either use the default authentication settings or advanced settings if you want to include endpoint settings.
To add a cloud credential for Amazon S3, select Amazon S3 in Provider, enter a name and then:
Open a web browser tab to Amazon AWS.
Navigate to My account > Security Credentials > Access Keys to obtain the Amazon S3 secret access key ID. Access keys are alphanumeric and between 5 and 20 characters.
If you cannot find or remember the secret access key, go to My Account > Security Credentials > Access Keys and create a new key pair.
Enter or copy/paste the access key into Access Key ID.
Enter or copy/paste the Amazon Web Services alphanumeric password that is between 8 and 40 characters into Secret Access Key
(Optional) Enter a value to define the maximum number of chunks for a multipart upload in Maximum Upload Ports. Setting a maximum is necessary if a service does not support the 10,000-chunk AWS S3 specification.
(Optional) Select Advanced Settings to display the endpoint settings.
a. Enter the S3 API endpoint URL in Endpoint URL.
To use the default endpoint for the region and automatically fetch available buckets leave this field blank. For more information refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints.
b. Enter an AWS resources in a geographic area in Region.
To detect the correct public region for the selected bucket leave the field blank. Entering a private region name allows interaction with Amazon buckets created in that region.
c. (Optional) Configure a custom endpoint URL.
d. (Optional) Select Disable Endpoint Region to prevent automatic detection of the bucket region. Enable only if your AWS provider does not support regions.
d. (Optional) Select Use Signature Version 2 to force using signature version 2 with the custom endpoint URL. Select only if your AWS provider does not support default version 4 signatures. For more information on using this to sign API requests see Signature Version 2.
Click Verify Credentials to check your credentials for any issues.
Click Save
Cloud storage providers using OAuth as an authentication method are Box, Dropbox, Google Drive, Google Photos, pCloud, and Yandex. Some providers like Google Drive and pCloud use additional settings to authenticate credentials.
Open the Cloud Credentials screen, select the name of the cloud storage provider on the Provider dropdown list, enter a name for the credential, and then:
Enter the provider account email in OAuth Client ID and the password for that user account in OAuth Client Secret.
Click Log In To Provider. The Authentication window opens. Click Proceed to open the OAuth credential account sign-in window.
Yandex displays a cookies message you must accept before you can enter credentials.
Enter the provider account user name and password to verify the credentials.
(Optional) Enter the value for any additional authentication method. For pCloud, enter the pCloud host name for the host you connect to in Hostname. For Google Drive when connecting to Team Drive, enter the Google Drive top-level folder ID.
Enter the access token from the provider if not populated by the provider after OAuth authentication. Obtaining the access token varies by provider.
Provider Access Token Box For more information on the user access token for Box click here. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl. Dropbox Create an access token from the Dropbox account. Google Drive The authentication process creates the token for Google Drive and populates the Access Token field automatically. Access tokens expire periodically, so you must refresh them. Google Photo Does not use an access token. pCloud Create the pCloud access token here. These tokens can expire and require an extension. Yandex Create the Yandex access token here. Click Verify Credentials to make sure you can connect with the entered credentials.
Click Save.
BackBlaze B2 uses an application key and key ID to authenticate credentials.
Open the Cloud Credentials screen, select BackBlaze B2 in Provider, enter a name and then:
Log into the BackBlaze account, go to the App Keys page, and add a new application key. Copy and paste this into Key ID.
Generate a new application key on the BackBlaze B2 website. From the App Keys page, add a new application key. Copy the application Key string Application Key.
Click Verify Credentials.
Click Save.
Google Cloud Storage uses a service account JSON file to authenticate credentials.
Open the Cloud Credentials screen, select Google Cloud Storage in Provider, enter a name and then:
Go to your Google Cloud Storage website to download this file to the TrueNAS SCALE server. The Google Cloud Platform Console creates the file.
Click Choose File to browse the server to locate the downloaded JSON file and upload it. The file populates Preview JSON Service Account Key For help uploading a Google Service Account credential file click here.
Click Verify Credentials.
Click Save.
OpenStack Swift authentication credentials change based on selections made in AuthVersion. All options use the user name, API key or password, and authentication URL, and can use the optional endpoint settings. For more information on OpenStack Swift settings, see rclone documentation.
Open the Cloud Credentials screen, select OpenStack Swift Cloud in Provider, enter a name for the credential and then:
Enter your OpenStack OS_USERNAME from an OpenStack credentials file in User Name.
Enter the OS_PASSWORD from an OpenStack credentials file in API Key or Password.
(Optional) Select the version from the AuthVersion. For more information see rclone documentation. Select the desired option based on your use case.
Click Verify Credentials.
Click Save.
Some providers can automatically populate the required authentication strings by logging in to the account.
To automatically configure the credential, click Login to Provider and enter your account user name and password.
We recommend verifying the credential before saving it.