CyberDuck
CyberDuck
Getting started
-
Create a service account.
-
Assign the required role to the service account, e.g.,
storage.editor
. For more information about roles, see Managing access with Yandex Identity and Access Management.To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the
storage.configurer
role:kms.keys.encrypter
: To read the key, encrypt and upload objects.kms.keys.decrypter
: To read the key, decrypt and download objects.kms.keys.encrypterDecrypter
: This role includes thekms.keys.encrypter
andkms.keys.decrypter
permissions.
For more information, see Key Management Service service roles.
Tip
You can assign a role for a folder or a bucket to a service account. A role for a folder gives the GUI client access to all the buckets in the folder. A role for a bucket gives the client access only to this particular bucket. For granular access, assign a role for a particular bucket.
-
As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:
key_id
: Static access key IDsecret
: Secret key
Save
key_id
andsecret
: you will not be able to get the key value again.
Note
A service account is only allowed to view a list of buckets in the folder it was created in.
A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.
Installation
Download
Connection
- Run CyberDuck.
- Click Open Connection.
- Select the Amazon S3 connection type.
- Specify the connection parameters:
-
Server:
storage.yandexcloud.net
.To connect to a particular bucket, open the More options tab and specify the bucket name in the Path field.
-
Port:
443
. -
Access key ID: Static key ID you got previously.
-
Secret Access Key: Static key contents you got previously.
-
- Click Connect.
- Run CyberDuck.
- Click Open Connection.
- Select the Amazon S3 connection type.
- Specify the connection parameters:
-
Server:
storage.yandexcloud.net
.To connect to a particular bucket, specify
<bucket_name>.storage.yandexcloud.net
in the Server field. This method only works with buckets with no dot in their names. For buckets with a dot in their names, follow the alternative guide below. -
Port:
443
. -
Access key ID: Static key ID you got previously.
-
Secret Access Key: Static key contents you got previously.
-
- Click Connect.
To connect to a bucket with a dot in its name, e.g., example.com
:
-
Download the Deprecated path style requests
configuration file (for more information, see the Cyberduck documentation ).Some browsers automatically open the configuration file in a new tab. To download the configuration file, right-click the download link, select Download Linked File As..., and click Save.
-
Open the configuration file.
-
Specify the connection parameters the same as in the standard method.
-
Expand the More options section and specify the name of your bucket in the Path field.
-
Close the parameter window.
-
Double-click the new connection to open it.
Once the connection is established, the bucket you created earlier will open.
Note
CyberDuck treats Object Storage as a hierarchical file system. This means that the keys of objects uploaded via CyberDuck will look like file paths, e.g., prefix/subprefix/picture.jpg
.
Learn more about using CyberDuck with S3-compatible storages in the CyberDuck documentation