Cloud Storage
S3-compatible object storage with per-bucket access keys, usable from any S3 client.
Cloud Storage
Hep.gg Cloud Storage is S3-compatible object storage. Any S3 client works (aws-cli, the AWS SDKs, boto3, rclone, and anything else that speaks AWS Signature V4) as long as you point it at the matching instance endpoint, pass the matching region, and use path-style addressing. Each bucket carries its own access key and secret key, scoped to that one bucket.
Instances
A bucket lives on exactly one instance, chosen when the bucket is created. The per-bucket key only works against that instance's endpoint and region.
| Instance | Endpoint | Region | Notes |
|---|---|---|---|
| Primary | https://s3.hep.gg | ca-central-hydra-1 | Backed up. Premium tier and purchased storage. |
| Secondary | https://ca-east-hydra-1.s3.hep.gg | ca-east-hydra-1 | Best-effort, not backed up. Use for cache / regenerable data only. |
Authentication
Every bucket has its own S3 service-account credentials (an access key + secret key pair), scoped to that bucket only. You mint and view them in the dashboard, on the bucket's key page:
- The access key and secret key are both visible in the dashboard at any time. You can copy your secret again whenever you need it.
- Rotate the key from the dashboard if it is compromised. Rotation revokes the old pair and issues a new one.
- There is no public endpoint to create a bucket or a key. Provisioning happens in the dashboard.
Requests are authenticated with AWS Signature V4. Strict clients must also be given the instance region (ca-central-hydra-1 for primary, ca-east-hydra-1 for secondary). A missing or mismatched region is the most common failure. See Connecting.
Quickstart
List a bucket on the primary instance with the AWS CLI. Replace the credentials with your bucket's key from the dashboard.
export AWS_ACCESS_KEY_ID=<your-bucket-access-key>
export AWS_SECRET_ACCESS_KEY=<your-bucket-secret-key>
aws --endpoint-url https://s3.hep.gg \
--region ca-central-hydra-1 \
s3 ls s3://my-bucket/import { S3Client, ListObjectsV2Command } from "@aws-sdk/client-s3";
const s3 = new S3Client({
endpoint: "https://s3.hep.gg",
region: "ca-central-hydra-1",
forcePathStyle: true,
credentials: {
accessKeyId: "<your-bucket-access-key>",
secretAccessKey: "<your-bucket-secret-key>",
},
});
const out = await s3.send(new ListObjectsV2Command({ Bucket: "my-bucket" }));
console.log(out.Contents);