Getting Started with the Blobstore Service
Creating a Blobstore Service Instance
You must create a Blobstore service instance before you can attach an application.
About This Task
Note: If you are registered on the Predix Azure domain, you must use the command-line instructions to create your service.
Procedure
Creating a Blobstore Instance Using the Command Line
You can create a new service instance from the Cloud Foundry command line. Alternatively, you can create the service by using Predix Console from the New Service Instance page.
About This Task
Procedure
Note: If you are registered on the Predix Azure domain, you must use the command-line instructions to create your service.
Configuring Access and Sample Applications
Blobstore allows both internal and external application access.
Before You Begin
Application | Version | Encryption |
---|---|---|
Java AWS | aws-java-sdk-s3 v1.11.14 | Supports AES256 |
Go (v1.75) | aws-go-sdk v.-s3 version v1.4.3 | Supports AES256 |
JCloud | jclouds-blobstore version 2.0.0 | Not supported |
About This Task
- Add a new object (single object or multi-part upload).
- List all objects in the store.
- Download objects.
- Delete objects.
- Configure or disable external access to Blobstore.
- Use a generated set of key credentials to allow external access to Blobstore.
- Close the application when not accessing Blobstore.
- Generate a new set of service key credentials for each external device.
- Recycle the keys when your tasks are complete.
Procedure
Enabling Data at Rest Encryption
Applications using Blobstore can enable encryption for their data at rest.
The sample application declares the type of encryption as follows:
- The Go sample application header with AES256 support.
uploadInput.ServerSideEncryption = AES256
- The AWS sample application header with AES256 support.
objectMetadata.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
Additional notes on encrypting data at rest.
- Blobstore uses 256-bit Advanced Encryption Standard (AES-256) to encrypt data at rest.
- Amazon tracks the key and encrypts the key with a regularly rotated master key.
- Encryption is invisible to the end user.
- The user does not have to worry about key management or security. When data is retrieved from Blobstore, AWS automatically decrypts the data for the user.
- If the
ENABLE_SERVER_SIDE_ENCRYPTION
environment variable is changed, usecf restart
to instantiate the change.
Note: Client side encryption is also achieved using your keys and encrypting your data before uploading and before upgrading to Blobstore.