diff options
Diffstat (limited to 'doc/special_remotes/S3.mdwn')
-rw-r--r-- | doc/special_remotes/S3.mdwn | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/doc/special_remotes/S3.mdwn b/doc/special_remotes/S3.mdwn index 79a8e584a..5a7ecc25b 100644 --- a/doc/special_remotes/S3.mdwn +++ b/doc/special_remotes/S3.mdwn @@ -8,21 +8,29 @@ See [[tips/using_Amazon_S3]] and The standard environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` are used to supply login credentials -for Amazon. When encryption is enabled, they are stored in encrypted form -by `git annex initremote`. Without encryption, they are stored in a -file only you can read inside the local git repository. So you do not -need to keep the environment variables set after the initial -initalization of the remote. +for Amazon. You need to set these only when running +`git annex initremote`, as they will be cached in a file only you +can read inside the local git repository. A number of parameters can be passed to `git annex initremote` to configure the S3 remote. -* `encryption` - Required. Either "none" to disable encryption - (not recommended), +* `encryption` - Required. Either "none" to disable encryption (not recommended), or a value that can be looked up (using gpg -k) to find a gpg encryption - key that will be given access to the remote. Note that additional gpg - keys can be given access to a remote by rerunning initremote with - the new key id. See [[encryption]]. + key that will be given access to the remote, or "shared" which allows + every clone of the repository to access the encrypted data (use with caution). + + Note that additional gpg keys can be given access to a remote by + rerunning initremote with the new key id. See [[encryption]]. + +* `embedcreds` - Optional. Set to "yes" embed the login credentials inside + the git repository, which allows other clones to also access them. This is + the default when gpg encryption is enabled; the credentials are stored + encrypted and only those with the repository's keys can access them. + + It is not the default when using shared encryption, or no encryption. + Think carefully about who can access your repository before using + embedcreds without gpg encryption. * `datacenter` - Defaults to "US". Other values include "EU", "us-west-1", and "ap-southeast-1". |