Backup Credentials
11 minute read.
Last Modified 2022-05-17 08:02 EDTThe Backup Credentials section lets users integrate TrueNAS with Cloud Storage providers and set up SSH Connections and Keypairs.
The Cloud Credentials window allows users to integrate TrueNAS with Cloud Storage providers.
We recommend users open another browser tab open and log in to the Cloud Storage Provider account you intend to link with TrueNAS. Some providers require additional information that they generate on the storage provider account page. For example, saving an Amazon S3 credential on TrueNAS could require logging in to the S3 account and generating an access key pair on the Security Credentials > Access Keys page.
To set up a Cloud Credential, go to Credentials > Backup Credentials and click Add in the Cloud Credentials window.
Enter a credential Name and choose a Provider. The rest of the options change according to the chosen Provider:
Dolor sit, sumo unique …
Name | Description |
---|---|
Access Key ID | Amazon Web Services Key ID. This is found on Amazon AWS by going through My account > Security Credentials > Access Keys (Access Key ID and Secret Access Key). Must be alphanumeric and between 5 and 20 characters. |
Secret Access Key | Amazon Web Services password. If the Secret Access Key cannot be found or remembered, go to My Account > Security Credentials > Access Keys and create a new key pair. Must be alphanumeric and between 8 and 40 characters. |
Maximum Upload Ports | Define the maximum number of chunks for a multipart upload. Setting a maximum is necessary if a service does not support the 10,000 chunk AWS S3 specification. |
Amazon S3 Advanced Options
Name | Description |
---|---|
Endpoint URL | S3 API endpoint URL. When using AWS, the endpoint field can be empty to use the default endpoint for the region and automatically fetch available buckets. Refer to the AWS Documentation for a list of Simple Storage Service Website Endpoints. |
Region | AWS resources in a geographic area. Leave empty to detect the bucket’s correct public region. Entering a private region name allows interacting with Amazon buckets created in that region. For example, enter us-gov-east-1 to discover buckets created in the eastern AWS GovCloud region. |
Disable Endpoint Region | Skip automatic detection of the Endpoint URL region. Set this when configuring a custom Endpoint URL. |
User Signature Version 2 | Force using Signature Version 2 to sign API requests. Set this when configuring a custom Endpoint URL. |
Name | Description |
---|---|
Key ID | Alphanumeric Backblaze B2 Application Key ID. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the application keyID string to this field. |
Application Key | Backblaze B2 Application Key. To generate a new application key, log in to the Backblaze account, go to the App Keys page, and add a new application key. Copy the applicationKey string to this field. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | A User Access Token for Box. An access token enables Box to verify a request belongs to an authorized session. Example token: T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | Access Token for a Dropbox account. You must create a token from the Dropbox account before adding it here. |
Name | Description |
---|---|
Host | FTP Host to connect. Example: ftp.example.com. |
Port | FTP Port number. Leave blank to use the default port 21. |
Username | A username on the FTP Host system. This user must already exist on the FTP Host. |
Password | Password for the user account. |
Name | Description |
---|---|
Preview JSON Service Account Key | Contents of the uploaded Service Account JSON file. |
Choose File | Upload a Google Service Account credential file. The Google Cloud Platform Console creates the file. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | Token created with Google Drive. Access Tokens expire periodically, so you must refresh them. |
Team Drive ID | Only needed when connecting to a Team Drive. The Team Drive’s top-level folder ID. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Name | Description |
---|---|
URL | HTTP host URL. |
Name | Description |
---|---|
Access Token | Access Token generated by a Hubic account. |
Name | Description |
---|---|
Username | MEGA account username. |
Password | MEGA account password. |
Name | Description |
---|---|
Account Name | Microsoft Azure account name. |
Account Key | Base64 encoded key for Azure Account. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | Microsoft Onedrive Access Token. Log in to the Microsoft account to add an access token. |
Drives List | Drives and IDs registered to the Microsoft account. Selecting a drive also fills the Drive ID field. |
Drive Account Type | Type of Microsoft account. Logging in to a Microsoft account selects the correct account type. Options: Personal, Business, Document_Library |
Drive ID | Unique drive identifier. Log in to a Microsoft account and choose a drive from the Drives List drop-down to add a valid ID. |
Name | Description |
---|---|
User Name | Openstack user name (OS_USERNAME) from an OpenStack credentials file. |
API Key or Password | Openstack API key or password. This is the OS_PASSWORD from an OpenStack credentials file. |
Authentication URL | Authentication URL for the server. This is the OS_AUTH_URL from an OpenStack credentials file. |
Auth Version | AuthVersion - optional - set to (1,2,3) if your auth URL has no version (rclone documentation). |
Advanced Options
Name | Description |
---|---|
Tenant Name | This is the OS_TENANT_NAME from an OpenStack credentials file. |
Tenant ID | Tenant ID - optional for v1 auth, this or tenant required otherwise (rclone documentation). |
Auth Token | Auth Token from alternate authentication - optional (rclone documentation). |
Endpoint Advanced Options
Name | Description |
---|---|
Region Name | Region name - optional (rclone documentation). |
Storage URL | Storage URL - optional (rclone documentation). |
Endpoint Type | Endpoint type to choose from the service catalogue. Public is recommended, see the rclone documentation. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | pCloud Access Token. These tokens can expire and require an extension. |
Hostname | Enter the hostname to connect to. |
Name | Description |
---|---|
Host | SSH Host to connect to. |
Port | SSH port number. Leave empty to use the default port 22. |
Username | SSH Username. |
Password | Password for the SSH Username account. |
Private Key ID | Import the private key from an existing SSH keypair or select Generate New to create a new SSH key for this credential. |
Name | Description |
---|---|
URL | URL of the HTTP host to connect to. |
WebDav Service | Name of the WebDAV site, service, or software being used. |
Username | WebDAV account username. |
Password | WebDAV account password. |
Name | Description |
---|---|
OAuth Client ID | The public identifier for the cloud application. |
OAuth Client Secret | The secret phrase known only to the cloud application and the authorization server. |
Access Token | Yandex Access Token. |
Enter the required Authentication strings to enable saving the credential.
Some providers can automatically populate the required Authentication strings by logging in to the account. To automatically configure the credential, click Login to Provider and entering your account username and password.
We recommend verifying the credential before saving it.
The SSH Connections window in the Backup Credentials screen allows users establish Secure Socket Shell (SSH) connections.
To begin setting up a SSH Connection, navigate to Credentials > Backup Credentials and click the Add button in the SSH Connections window.
Semi-automatic simplifies setting up an SSH connection with another FreeNAS or TrueNAS system without logging in to that system to transfer SSH keys. This requires an SSH keypair on the local system and administrator account credentials for the remote TrueNAS. You must configure the remote system to allow root access with SSH. You can generate the keypair as part of the semiautomatic configuration or a manually created one in Backup Credentials.
Name and Method
Name | Description |
---|---|
Name | Name of this SSH connection. SSH connection names must be unique. |
Setup Method | Manual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system. Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys. |
Authentication
Name | Description |
---|---|
TrueNAS URL | Hostname or IP address of the remote system. A valid URL scheme is required. Example: https://10.231.3.76 |
Username | Username for logging in to the remote system. |
Password | User account password for logging into the remote system. |
Private Key | Choose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection. |
More Options
Name | Description |
---|---|
Cipher | Standard is most secure, but has the greatest impact on connection speed. Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed. Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network. |
Connect Timeout | Time (in seconds) before the system stops attempting to establish a connection with the remote system. |
Be sure to use a valid URL scheme for the remote TrueNAS URL. Leave the username as root and enter the account password for the remote TrueNAS system. You can import the private key from a previously created SSH keypair or create one with a new SSH keypair.
Saving the new configuration automatically opens a connection to the remote TrueNAS and exchanges SSH keys.
To manually set up an SSH connection, you must copy a public encryption key from the local system to the remote system. A manual setup allows a secure connection without a password prompt.
Log in to the TrueNAS system that generated the SSH keypair and go to Credentials > Backup Credentials. Click the more_vert. Open the keypair for the SSH connection and copy the text of the public SSH key or download the public key as a text file.
Log in to the TrueNAS system you want to register the public key on and go to Credentials > Local Users.
Edit the root account.
Paste the SSH public key text into the SSH Public Key field.
Start by generating a new SSH keypair in Credentials > Backup Credentials. Copy or download the value for the public key. Add the public key to the remote NAS. If the remote NAS is not a TrueNAS system, please see the documentation for that system for instructions on adding a public SSH key.
Log back in to the local TrueNAS system. Go to Credentials > Backup Credentials and add a new SSH connection. Change the setup method to Manual.
Name and Method
Name | Description |
---|---|
Name | Name of this SSH connection. SSH connection names must be unique. |
Setup Method | Manual requires configuring authentication on the remote system. This can include copying SSH keys and modifying the root user account on that system. Semi-automatic only works when configuring an SSH connection with a remote TrueNAS system. This method uses the URL and login credentials of the remote system to connect and exchange SSH keys. |
Authentication
Name | Description |
---|---|
Host | Hostname or IP address of the remote system. A valid URL scheme is required. Example: https://10.231.3.76 |
Port | Port number on the remote system to use for the SSH connection. |
Username | Username for logging in to the remote system. |
Private Key | Choose a saved SSH Keypair or select Generate New to create a new keypair and use it for this connection. |
Remote Host Key | Remote system SSH key for this system to authenticate the connection. When all other fields are properly configured, click DISCOVER REMOTE HOST KEY to query the remote system and automatically populate this field. |
Discover Remote Host Key connects to the remote host and attempts to copy the key string to the related TrueNAS field.
More Options
Name | Description |
---|---|
Cipher | Standard is most secure, but has the greatest impact on connection speed. Fast is less secure than Standard but can give reasonable transfer rates for devices with limited cryptographic speed. Disabled removes all security in favor of maximizing connection speed. Disabling the security should only be used within a secure, trusted network. |
Connect Timeout | Time (in seconds) before the system stops attempting to establish a connection with the remote system. |
Select the private key from the SSH keypair that you used to transfer the public key on the remote NAS.