(408) 943-4100               V   Commercial Support

Cloud Credentials

  7 minute read.

Last Modified 2021-07-07 12:07 EDT

The Cloud Credentials window in the Backup Credentials screen allows users integrate TrueNAS with Cloud Storage providers.

To maximize security, TrueNAS encrypts cloud credentials when saving them. However, this means that to restore any cloud credentials from a TrueNAS configuration file, you must enable Export Password Secret Seed when generating that configuration backup. Remember to protect any downloaded TrueNAS configuration files.

We recommend users have another browser tab open and logged in to the Cloud Storage Provider account you intend to link with TrueNAS. Some providers require additional information that is generated on the storage provider account page. For example, saving an Amazon S3 credential on TrueNAS could require logging in to the S3 account and generating an access key pair on the Security Credentials > Access Keys page.

To begin setting up a Cloud Credential, navigate to Credentials > Backup Credentials and click the Add button in the Cloud Credentials window.

CloudCredentialsSCALE

Enter a credential Name and choose a Provider. The rest of the options change according to the chosen Provider:

NameDescription
Access Key IDAmazon Web Services Key ID. This is found on Amazon AWS by going through My account > Security Credentials > Access Keys (Access Key ID and Secret Access Key). Must be alphanumeric and between 5 and 20 characters.
Secret Access KeyAmazon Web Services password. If the Secret Access Key cannot be found or remembered, go to My Account > Security Credentials > Access Keys and create a new key pair. Must be alphanumeric and between 8 and 40 characters.
Maximum Upload PortsDefine the maximum number of chunks for a multipart upload. This can be useful if a service does not support the 10,000 chunk AWS S3 specification.

Amazon S3 Advanced Options

NameDescription
Endpoint URLS3 API endpoint URL. When using AWS, the endpoint field can be empty to use the default endpoint for the region, and available buckets are automatically fetched. Refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints.
RegionAWS resources in a geographic area. Leave empty to automatically detect the correct public region for the bucket. Entering a private region name allows interacting with Amazon buckets created in that region. For example, enter us-gov-east-1 to discover buckets created in the eastern AWS GovCloud region.
Disable Endpoint RegionSkip automatic detection of the Endpoint URL region. Set this when configuring a custom Endpoint URL.
User Signature Version 2Force using Signature Version 2 to sign API requests. Set this when configuring a custom Endpoint URL.
NameDescription
Key IDAlphanumeric Backblaze B2 Application Key ID. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the application keyID string to this field.
Application KeyBackblaze B2 Application Key. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the applicationKey string to this field.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenA User Access Token for Box. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenAccess Token for a Dropbox account. A token must be generated by the Dropbox account before adding it here.
NameDescription
HostFTP Host to connect to. Example: ftp.example.com.
PortFTP Port number. Leave blank to use the default port 21.
UsernameA username on the FTP Host system. This user must already exist on the FTP Host.
PasswordPassword for the user account.
NameDescription
Preview JSON Service Account KeyContents of the uploaded Service Account JSON file.
Choose FileUpload a Google Service Account credential file. The file is created with the Google Cloud Platform Console.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenToken created with Google Drive. Access Tokens expire periodically and must be refreshed.
Team Drive IDOnly needed when connecting to a Team Drive. The ID of the top level folder of the Team Drive.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
NameDescription
URLHTTP host URL.
NameDescription
Access TokenAccess Token generated by a Hubic account.
NameDescription
UsernameMEGA account username.
PasswordMEGA account password.
NameDescription
Account NameMicrosoft Azure account name.
Account KeyBase64 encoded key for Azure Account.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenMicrosoft Onedrive Access Token. Log in to the Microsoft account to add an access token.
Drives ListDrives and IDs registered to the Microsoft account. Selecting a drive also fills the Drive ID field.
Drive Account TypeType of Microsoft acount. Logging in to a Microsoft account automatically chooses the correct account type. Options: Personal, Business, Document_Library
Drive IDUnique drive identifier. Log in to a Microsoft account and choose a drive from the Drives List drop-down to add a valid ID.
NameDescription
User NameOpenstack user name for login. This is the OS_USERNAME from an OpenStack credentials file.
API Key or PasswordOpenstack API key or password. This is the OS_PASSWORD from an OpenStack credentials file.
Authentication URLAuthentication URL for the server. This is the OS_AUTH_URL from an OpenStack credentials file.
Auth VersionAuthVersion - optional - set to (1,2,3) if your auth URL has no version (rclone documentation).

Advanced Options

NameDescription
Tenant NameThis is the OS_TENANT_NAME from an OpenStack credentials file.
Tenant IDTenant ID - optional for v1 auth, this or tenant required otherwise (rclone documentation).
Auth TokenAuth Token from alternate authentication - optional (rclone documentation).

Endpoint Advanced Options

NameDescription
Region NameRegion name - optional (rclone documentation).
Storage URLStorage URL - optional (rclone documentation).
Endpoint TypeEndpoint type to choose from the service catalogue. Public is recommended, see the rclone documentation.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenpCloud Access Token. These tokens can expire and require extension.
HostnameEnter the hostname to connect to.
NameDescription
HostSSH Host to connect to.
PortSSH port number. Leave empty to use the default port 22.
UsernameSSH Username.
PasswordPassword for the SSH Username account.
Private Key IDImport the private key from an existing SSH keypair or select Generate New to create a new SSH key for this credential.
NameDescription
URLURL of the HTTP host to connect to.
WebDav ServiceName of the WebDAV site, service, or software being used.
UsernameWebDAV account username.
PasswordWebDAV account password.
NameDescription
OAuth Client IDThe public identifier for the cloud application.
OAuth Client SecretThe secret phrase known only to the cloud application and the authorization server.
Access TokenYandex Access Token.

Enter the required Authentication strings to enable saving the credential.

Automatic Authentication

Some providers can automatically populate the required Authentication strings by logging in to the account. To automatically configure the credential, click Login to Provider and entering your account username and password.

AutomaticAuthenticationSCALE

We recommend verifying the credential before saving it.