# Storage Endpoints
A storage endpoint represents all settings and credentials needed to connect to a cloud providers object storage API. You can add an unlimited number of endpoint configurations, but each user can only be configured to connect to one endpoint at a time.
# Configuring Endpoints
To add a new endpoint,
- Click Endpoints in the sidebar.
- Click the Add button.
- Enter your desired settings, then click Save.
To modify an existing endpoint:
- Click Endpoints in the sidebar.
- Click on the Edit icon.
- Enter your desired settings, then click Save.
To delete a endpoint:
- Click Endpoints in the sidebar.
- Click on the Delete icon.
- Click Confirm on the popup.
# Configuring an Azure Blob Storage Endpoint
In the Endpoint Name field, specify a label used to identify the endpoint in the interface.
In the Storage Account Name field, enter the name of the Azure storage account which holds the blob container you want to connect to.
In the Blob Container field, enter the name of the blob container to use.
To configure authentication, do one of the following. It is recommend to use a System-assigned managed identity.
In the Storage Account Access Key field, enter one of the access keys for the Azure Storage account you specified above.
Check the box for Use Managed System Identity if you have assigned a System-assigned managed identity to the VM with permissions to access the blob container or storage account.
You must check the box for Data Lake Storage Gen2 Hierarchical Namespace if your blob container was created with the hierarchical namespace option.
Press Save. You may see a error message if the application was not able to connect or authenticate to the blob container.
# Configuring an Google Cloud Storage Endpoint
In the Endpoint Name field, specify a label used to identify the endpoint in the interface.
In the Bucket Name field, enter the name of the storage bucket to use.
To configure authentication, do one of the following. It is recommend to use a instance service account.
In the Service Account Credentials File field, upload a JSON formatted service account key file. You may use drag-and-drop or the browser file selection dialog.
Check the box for Use VM Instance Service Account if the service account assigned to the VM has permissions to access the bucket.
Press Save. You may see a error message if the application was not able to connect or authenticate to the storage bucket.
# Configuring an Amazon Web Services S3 Endpoint
In the Endpoint Name field, specify a label used to identify the endpoint in the interface.
In the Bucket Name field, enter the name of the S3 bucket to use.
In the AWS Access Key ID field, enter the access key to use.
In the AWS Secret Key field, enter the corresponding secret key.
To use the IAM instance role attached to the instance instead of using access key, you may check the Use Instance IAM Role option.
# Configuring an IBM Cloud COS Endpoint
In the Endpoint Name field, specify a label used to identify the endpoint in the interface.
In the IBM COS Bucket Name field, enter the name of the COS bucket to use.
In the IBM Cloud Object Storage API Endpoint field, enter the IBM COS service endpoint you want to use. This endpoint will differ depending on the region of your COS bucket and if you want to use the public, direct, or private endpoints.
In the IBM Cloud API Key field, enter an IBM Cloud API key with permissions to access the COS bucket.
# Workspace HMAC Keys
The workspace portal uses pre-signed URLs to allow user to download and upload files directly to the COS bucket from their browser. In order for this to work, you must add a HMAC Access Key ID and HMAC Secret Key to your IBM endpoint configuration. See Using HMAC credentials for more information. These fields can be left blank but are required when using the workspace portal.
If you use a direct or private service endpoint URL, but want to generate public URLs for the workspace portal, check the Use public COS bucket endpoint for workspace access checkbox.
Press Save. You may see a error message if the application was not able to connect or authenticate to the storage bucket.