aboutsummaryrefslogtreecommitdiff
path: root/doc/book/src/getting_started/bucket.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/book/src/getting_started/bucket.md')
-rw-r--r--doc/book/src/getting_started/bucket.md57
1 files changed, 32 insertions, 25 deletions
diff --git a/doc/book/src/getting_started/bucket.md b/doc/book/src/getting_started/bucket.md
index 8b05ee23..b22ce788 100644
--- a/doc/book/src/getting_started/bucket.md
+++ b/doc/book/src/getting_started/bucket.md
@@ -1,71 +1,78 @@
# Create buckets and keys
-First, chances are that your garage deployment is secured by TLS.
-All your commands must be prefixed with their certificates.
-I will define an alias once and for all to ease future commands.
-Please adapt the path of the binary and certificates to your installation!
+*We use a command named `garagectl` which is in fact an alias you must define as explained in the [Control the daemon](./daemon.md) section.*
-```
-alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key"
-```
-
-Now we can check that everything is going well by checking our cluster status:
-
-```
-grg status
-```
+In this section, we will suppose that we want to create a bucket named `nextcloud-bucket`
+that will be accessed through a key named `nextcloud-app-key`.
Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples:
```
-grg help
-grg bucket allow --help
+garagectl help
+garagectl bucket allow --help
```
+## Create a bucket
+
Fine, now let's create a bucket (we imagine that you want to deploy nextcloud):
```
-grg bucket create nextcloud-bucket
+garagectl bucket create nextcloud-bucket
```
Check that everything went well:
```
-grg bucket list
-grg bucket info nextcloud-bucket
+garagectl bucket list
+garagectl bucket info nextcloud-bucket
```
+## Create an API key
+
Now we will generate an API key to access this bucket.
Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket.
Now, let's start by creating a key only for our PHP application:
```
-grg key new --name nextcloud-app-key
+garagectl key new --name nextcloud-app-key
```
You will have the following output (this one is fake, `key_id` and `secret_key` were generated with the openssl CLI tool):
-```
-Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] }
+```javascript
+Key {
+ key_id: "GK3515373e4c851ebaad366558",
+ secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34",
+ name: "nextcloud-app-key",
+ name_timestamp: 1603280506694,
+ deleted: false,
+ authorized_buckets: []
+}
```
Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!):
```
-grg key list
-grg key info GK3515373e4c851ebaad366558
+garagectl key list
+garagectl key info GK3515373e4c851ebaad366558
```
+## Allow a key to access a bucket
+
Now that we have a bucket and a key, we need to give permissions to the key on the bucket!
```
-grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558
+garagectl bucket allow \
+ --read \
+ --write
+ nextcloud-bucket \
+ --key GK3515373e4c851ebaad366558
```
You can check at any times allowed keys on your bucket with:
```
-grg bucket info nextcloud-bucket
+garagectl bucket info nextcloud-bucket
```