summaryrefslogtreecommitdiff
path: root/doc/special_remotes/S3.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'doc/special_remotes/S3.mdwn')
-rw-r--r--doc/special_remotes/S3.mdwn28
1 files changed, 18 insertions, 10 deletions
diff --git a/doc/special_remotes/S3.mdwn b/doc/special_remotes/S3.mdwn
index 79a8e584a..5a7ecc25b 100644
--- a/doc/special_remotes/S3.mdwn
+++ b/doc/special_remotes/S3.mdwn
@@ -8,21 +8,29 @@ See [[tips/using_Amazon_S3]] and
The standard environment variables `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` are used to supply login credentials
-for Amazon. When encryption is enabled, they are stored in encrypted form
-by `git annex initremote`. Without encryption, they are stored in a
-file only you can read inside the local git repository. So you do not
-need to keep the environment variables set after the initial
-initalization of the remote.
+for Amazon. You need to set these only when running
+`git annex initremote`, as they will be cached in a file only you
+can read inside the local git repository.
A number of parameters can be passed to `git annex initremote` to configure
the S3 remote.
-* `encryption` - Required. Either "none" to disable encryption
- (not recommended),
+* `encryption` - Required. Either "none" to disable encryption (not recommended),
or a value that can be looked up (using gpg -k) to find a gpg encryption
- key that will be given access to the remote. Note that additional gpg
- keys can be given access to a remote by rerunning initremote with
- the new key id. See [[encryption]].
+ key that will be given access to the remote, or "shared" which allows
+ every clone of the repository to access the encrypted data (use with caution).
+
+ Note that additional gpg keys can be given access to a remote by
+ rerunning initremote with the new key id. See [[encryption]].
+
+* `embedcreds` - Optional. Set to "yes" embed the login credentials inside
+ the git repository, which allows other clones to also access them. This is
+ the default when gpg encryption is enabled; the credentials are stored
+ encrypted and only those with the repository's keys can access them.
+
+ It is not the default when using shared encryption, or no encryption.
+ Think carefully about who can access your repository before using
+ embedcreds without gpg encryption.
* `datacenter` - Defaults to "US". Other values include "EU",
"us-west-1", and "ap-southeast-1".
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 09:48:38 +0000