TrueNAS SCALETrueNAS SCALE Version Documentation
This content follows the TrueNAS SCALE 24.04 (Dragonfish) releases. Use the Product and Version selectors above to view content specific to different TrueNAS software or major version.

Adding Cloud Credentials

The Cloud Credentials widget on the Backup Credentials screen allows users to integrate TrueNAS with cloud storage providers.

These providers are supported for Cloud Sync tasks in TrueNAS SCALE:

To maximize security, TrueNAS encrypts cloud credentials when saving them. However, this means that to restore any cloud credentials from a TrueNAS configuration file, you must enable Export Password Secret Seed when generating that configuration backup. Remember to protect any downloaded TrueNAS configuration files.

Authentication methods for each provider could differ based on the provider security requirements. You can add credentials for many of the supported cloud storage providers from the information on the Cloud Credentials Screens. This article provides instructions for the more involved providers.

Before You Begin

We recommend users open another browser tab to open and log into the cloud storage provider account you intend to link with TrueNAS.

Some providers require additional information that they generate on the storage provider account page. For example, saving an Amazon S3 credential on TrueNAS could require logging in to the S3 account and generating an access key pair found on the Security Credentials > Access Keys page.

Have any authentication information your cloud storage provider requires on-hand to make the process easier. Authentication information could include but are not limited to user credentials, access tokens, and access and security keys.

Adding Cloud Credentials

To set up a cloud credential, go to Credentials > Backup Credentials and click Add in the Cloud Credentials widget.

  1. Enter a credential name.
  1. Select the cloud service from the Provider dropdown list. The provider required authentication option settings display.

    For details on each provider authentication settings see Cloud Credentials Screens.

  2. Click Verify Credentials to test the entered credentials and verify they work.

  3. Click Save.

Adding Storj Cloud Credentials

The process to set up the Storj-TrueNAS account, buckets, create the S3 access and download the credentials is documented fully in Adding a Storj Cloud Sync Task in the Adding Storj Cloud Credentials section.

Adding Amazon S3 Cloud Credentials

If adding an Amazon S3 cloud credential, you can use the default authentication settings or use advanced settings if you want to include endpoint settings.

Click here for more information

After entering a name and leaving Amazon S3 as the Provider setting:

  1. Open a web browser tab to Amazon AWS.

  2. Navigate to My account > Security Credentials > Access Keys to obtain the Amazon S3 secret access key ID. Access keys are alphanumeric and between 5 and 20 characters.

    If you cannot find or remember the secret access key, go to My Account > Security Credentials > Access Keys and create a new key pair.

  3. Enter or copy/paste the access key into Access Key ID.

  4. Enter or copy/paste the Amazon Web Services alphanumeric password that is between 8 and 40 characters into Secret Access Key

  5. (Optional) Enter a value to define the maximum number of chunks for a multipart upload in Maximum Upload Ports. Setting a maximum is necessary if a service does not support the 10,000 chunk AWS S3 specification.

  6. (Optional) Select Advanced Settings to display the endpoint settings.

    a. Enter the S3 API endpoint URL in Endpoint URL.

    To use the default endpoint for the region and automatically fetch available buckets leave this field blank. For more information refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints.

    b. Enter an AWS resources in a geographic area in Region.

    To detect the correct public region for the selected bucket leave the field blank. Entering a private region name allows interacting with Amazon buckets created in that region.

    c. (Optional) Configure a custom endpoint URL.

    d. (Optional) Select Disable Endpoint Region to prevent automatic detection of the bucket region. Enable only if your AWS provider does not support regions.

    d. (Optional) Select Use Signature Version 2 to force using signature version 2 with the custom endpoint URL. Select only if your AWS provider does not support default version 4 signatures. For more information on using this to sign API requests see Signature Version 2.

  7. Click Verify Credentials to check your credentials for any issues.

  8. Click Save

Adding Cloud Credentials that Authenticate with OAuth

Cloud storage providers using OAuth as an authentication method are Box, Dropbox, Google Drive, Google Photo, pCloud and Yandex.

Click here for more information

After logging into the provider with the OAuth credentials, the provider provides the access token. Google Drive and pCloud use one more setting to authenticate credentials.

  1. Enter the name and select the cloud storage provider from the Provider dropdown list.

  2. Enter the provider account email in OAuth Client ID and the password for that user account in OAuth Client Secret.

  3. Click Log In To Provider. The Authentication window opens. Click Proceed to open the OAuth credential account sign in window.

    Yandex displays a cookies message you must accept before you can enter credentials.

    Enter the provider account user name and password to verify the credentials.

  4. (Optional) Enter the value for any additional authentication method. For pCloud, enter the pCloud host name for the host you connect to in Hostname. For Google Drive when connecting to Team Drive, enter the Google Drive top-level folder ID.

  5. Enter the access token from the provider if not populated by the provider after OAuth authentication. Obtaining the access token varies by provider.

    ProviderAccess Token
    BoxFor more information the user access token for Box click here. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl.
    DropboxCreate an access token from the Dropbox account.
    Google DriveThe authentication process creates the token for Google Drive and populates the Access Token field automatically. Access tokens expire periodically, so you must refresh them.
    Google PhotoDoes not use an access token.
    pCloudCreate the pCloud access token here. These tokens can expire and require an extension.
    YandexCreate the Yandex access token here.
  6. Click Verify Credentials to make sure you can connect with the entered credentials.

  7. Click Save.

Adding BackBlaze B2 Cloud Credentials

BackBlaze B2 uses an application key and key ID to authenticate credentials.

Click here for more information

From the Cloud Credentials widget, click Add and then:

  1. Enter the name and select BackBlaze B2 from the Provider dropdown list.

  2. Log into the BackBlaze account, go to App Keys page and add a new application key. Copy and paste this into Key ID.

  3. Generate a new application key on the BackBlaze B2 website. From the App Keys page, add a new application key. Copy the application Key string Application Key.

  4. Click Verify Credentials.

  5. Click Save.

Adding Google Cloud Storage Credentials

Google Cloud Storage uses a service account json file to authenticate credentials.

Click here for more information

From the Cloud Credentials widget, click Add and then:

  1. Enter the name and select Google Cloud Storage from the Provider dropdown list.

  2. Go to your Google Cloud Storage website to download this file to the TrueNAS SCALE server. The Google Cloud Platform Console creates the file.

  3. Upload the json file to Preview JSON Service Account Key using Choose File to browse the server to locate the downloaded file.
    For help uploading a Google Service Account credential file click here.

  4. Click Verify Credentials.

  5. Click Save.

Adding OpenStack Swift Cloud Credentials

OpenStack Swift authentication credentials change based on selections made in AuthVersion. All options use the user name, API key or password and authentication URL, and can use the optional endpoint settings.

Click here for more information

For more information on OpenStack Swift settings, see rclone documentation.

From the Cloud Credentials widget, click Add and then:

  1. Enter the name and select OpenStack Swift from the Provider dropdown list.

  2. Enter your OpenStack OS_USERNAME from an OpenStack credentials file in User Name.

  3. Enter the OS_PASSWORD from an OpenStack credentials file in API Key or Password.

  4. (Optional) Select the version from the AuthVersion. For more information see rclone documentation.

    If set to Auth(vX), V1 or V2:

    a. (Required) Enter the OS_TENANT_NAME from an OpenStack credentials file in Tenant Name.

    b. Enter the ID in Tenant ID. Required for v2.

    c. (Optional) Enter the alternative authentication token in Auth Token.

    d. Enter a region name in Region Name

    e. (Optional) Enter the URL in Storage URL.

    f. (Required) Select service catalog option from the Endpoint Type dropdown. Options are Public, Internal and Admin. Public is recommended.

    If set to v3 the Advanced Options settings displayed change.

    a. (Optional) Enter the user ID to log into OpenStack. Leave blank to log into most Swift systems.

    b. (Optional) Enter the User Domain.

    c. (Required) Enter the OS_TENANT_NAME from an OpenStack credentials file in Tenant Name.

    d. Enter the ID in Tenant ID. Required for v2 and v3 and (optional) enter a Tenant Domain.

    e. (Optional) Enter the alternative authentication token in Auth Token.

    f. Enter a region name in Region Name

    g. (Optional) Enter the URL in Storage URL.

    h. (Required) Select service catalog option from the Endpoint Type dropdown. Options are Public, Internal and Admin. Public is recommended.

  5. Click Verify Credentials.

  6. Click Save.

Using Automatic Authentication

Some providers can automatically populate the required authentication strings by logging in to the account.

Click here for more information

To automatically configure the credential, click Login to Provider and entering your account user name and password.

AutomaticAuthenticationSCALE

We recommend verifying the credential before saving it.