git-annex/doc/special_remotes/S3.mdwn

This special remote type stores file contents in a bucket in Amazon S3
or a similar service.

See [[tips/using_Amazon_S3]] and
[[tips/Internet_Archive_via_S3]] for usage examples.

## configuration

The standard environment variables `AWS_ACCESS_KEY_ID` and 
`AWS_SECRET_ACCESS_KEY` are used to supply login credentials
for Amazon. You need to set these only when running
`git annex initremote`, as they will be cached in a file only you
can read inside the local git repository.

A number of parameters can be passed to `git annex initremote` to configure
the S3 remote.

* `encryption` - Required. Either "none" to disable encryption (not recommended),
  or a value that can be looked up (using gpg -k) to find a gpg encryption
  key that will be given access to the remote, or "shared" which allows
  every clone of the repository to access the encrypted data (use with caution).

  Note that additional gpg keys can be given access to a remote by
  running enableremote with the new key id. See [[encryption]].

* `embedcreds` - Optional. Set to "yes" embed the login credentials inside
  the git repository, which allows other clones to also access them. This is
  the default when gpg encryption is enabled; the credentials are stored
  encrypted and only those with the repository's keys can access them.

  It is not the default when using shared encryption, or no encryption.
  Think carefully about who can access your repository before using
  embedcreds without gpg encryption.

* `datacenter` - Defaults to "US". Other values include "EU",
  "us-west-1", and "ap-southeast-1".

* `storageclass` - Default is "STANDARD". If you have configured git-annex
  to preserve multiple [[copies]], consider setting this to "REDUCED_REDUNDANCY"
  to save money.

* `host` and `port` - Specify in order to use a different, S3 compatable
  service.

* `bucket` - S3 requires that buckets have a globally unique name, 
  so by default, a bucket name is chosen based on the remote name
  and UUID. This can be specified to pick a bucket name.

* `fileprefix` - By default, git-annex places files in a tree rooted at the
  top of the S3 bucket. When this is set, it's prefixed to the filenames
  used. For example, you could set it to "foo/" in one special remote,
  and to "bar/" in another special remote, and both special remotes could
  then use the same bucket.

* `x-amz-*` are passed through as http headers when storing keys
  in S3.
S3 updates; gpg keys 2011-03-28 17:47:29 +00:00			`This special remote type stores file contents in a bucket in Amazon S3`
cleanup 2011-05-16 06:21:40 +00:00			`or a similar service.`
S3 updates; gpg keys 2011-03-28 17:47:29 +00:00
fix broken links 2011-11-08 16:23:03 +00:00			`See [[tips/using_Amazon_S3]] and`
			`[[tips/Internet_Archive_via_S3]] for usage examples.`
S3 updates; gpg keys 2011-03-28 17:47:29 +00:00
update 2011-03-30 05:45:39 +00:00			`## configuration`
S3 updates; gpg keys 2011-03-28 17:47:29 +00:00
2012-05-30 00:25:22 +00:00			The standard environment variables `AWS_ACCESS_KEY_ID` and
			`AWS_SECRET_ACCESS_KEY` are used to supply login credentials
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes\|no when running initremote. 2012-11-19 21:32:58 +00:00			`for Amazon. You need to set these only when running`
			`git annex initremote`, as they will be cached in a file only you
			`can read inside the local git repository.`
add a few tweaks to make it easy to use the Internet Archive's variant of S3 In particular, munge key filenames to comply with the IA's filename limits, disable encryption, support their nonstandard way of creating buckets, and allow x-amz-* headers to be specified in initremote to set item metadata. Still TODO: initremote does not handle multiword metadata headers right. 2011-05-16 15:20:30 +00:00
generalize special remote configuration storage 2011-03-28 23:08:12 +00:00			A number of parameters can be passed to `git annex initremote` to configure
			`the S3 remote.`

Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes\|no when running initremote. 2012-11-19 21:32:58 +00:00			* `encryption` - Required. Either "none" to disable encryption (not recommended),
generalize special remote configuration storage 2011-03-28 23:08:12 +00:00			`or a value that can be looked up (using gpg -k) to find a gpg encryption`
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes\|no when running initremote. 2012-11-19 21:32:58 +00:00			`key that will be given access to the remote, or "shared" which allows`
			`every clone of the repository to access the encrypted data (use with caution).`

			`Note that additional gpg keys can be given access to a remote by`
To enable an existing special remote, the new enableremote command must be used. The initremote command now is used only to create new special remotes. 2013-04-26 22:22:44 +00:00			`running enableremote with the new key id. See [[encryption]].`
Allow controlling whether login credentials for S3 and webdav are committed to the repository, by setting embedcreds=yes\|no when running initremote. 2012-11-19 21:32:58 +00:00
			* `embedcreds` - Optional. Set to "yes" embed the login credentials inside
			`the git repository, which allows other clones to also access them. This is`
			`the default when gpg encryption is enabled; the credentials are stored`
			`encrypted and only those with the repository's keys can access them.`

			`It is not the default when using shared encryption, or no encryption.`
			`Think carefully about who can access your repository before using`
			`embedcreds without gpg encryption.`
generalize special remote configuration storage 2011-03-28 23:08:12 +00:00
			* `datacenter` - Defaults to "US". Other values include "EU",
			`"us-west-1", and "ap-southeast-1".`

			* `storageclass` - Default is "STANDARD". If you have configured git-annex
			`to preserve multiple [[copies]], consider setting this to "REDUCED_REDUNDANCY"`
			`to save money.`

			* `host` and `port` - Specify in order to use a different, S3 compatable
			`service.`
S3 updates; gpg keys 2011-03-28 17:47:29 +00:00
doc update for S3 2011-03-29 19:12:07 +00:00			* `bucket` - S3 requires that buckets have a globally unique name,
			`so by default, a bucket name is chosen based on the remote name`
			`and UUID. This can be specified to pick a bucket name.`
S3: When encryption is enabled, the Amazon S3 login credentials are stored, encrypted, in .git-annex/remotes.log, so environment variables need not be set after the remote is initialized. 2011-05-01 18:05:10 +00:00
S3: Add fileprefix setting. 2012-08-09 17:54:54 +00:00			* `fileprefix` - By default, git-annex places files in a tree rooted at the
			`top of the S3 bucket. When this is set, it's prefixed to the filenames`
			`used. For example, you could set it to "foo/" in one special remote,`
			`and to "bar/" in another special remote, and both special remotes could`
			`then use the same bucket.`

add a few tweaks to make it easy to use the Internet Archive's variant of S3 In particular, munge key filenames to comply with the IA's filename limits, disable encryption, support their nonstandard way of creating buckets, and allow x-amz-* headers to be specified in initremote to set item metadata. Still TODO: initremote does not handle multiword metadata headers right. 2011-05-16 15:20:30 +00:00			* `x-amz-*` are passed through as http headers when storing keys
			`in S3.`