Contents x
S3cmd Integration with Backblaze B2
    • Print
    • Dark
      Light
    Contents

    S3cmd Integration with Backblaze B2

      • Print
      • Dark
        Light
      Article summary

      S3cmd is a free command-line tool and client for uploading, retrieving, and managing data in Amazon S3 and S3-compatible storage like Backblaze B2 Cloud Storage.

      This article shows you how to configure S3cmd to connect to your Backblaze B2 account.

      Note
      Versions of S3cmd prior to 2.1 are not compatible with Backblaze B2. You can download the latest version of S3cmd here.

      Enable Backblaze B2

      Before you begin: You must have a Backblaze B2 Cloud Storage account. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.

      1. Sign in to the Backblaze web console.
      2. In the user menu in the upper-right corner of the page, select My Settings.
      3. Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
      4. Review the Terms and Conditions, and click OK to accept them. 

      Create an Application Key

      You must have a Backblaze B2 application key ready to set up the connection.

      1. Sign in to the Backblaze web console.
      2. In the left navigation menu under B2 Cloud Storage, click Application Keys.
      3. Click Add a New Application Key, and enter an app key name.
        You cannot search an app key by this name; therefore, app key names are not required to be globally unique. Key names are limited to 100 characters and can contain letters, numbers, and "-", but not I18N characters, such as é, à, and ü.
      4. Select All or select a specific bucket in the Allow Access to Bucket(s) menu.
      5. Optionally, select your access type (Read and Write, Read Only, or Write Only).
      6. Optionally, select Allow List All Bucket Names.
        This option is required for the B2 Native API b2_list_buckets and the S3-Compatible API S3 List Buckets operations.
      7. Optionally, enter a file name prefix to restrict application key access only to files with that prefix.
        Depending on what you selected in step #4, this limits application key access to files with the specified prefix for all buckets or just the selected bucket.
      8. Optionally, enter a positive integer to limit the time, in seconds, before the application key expires.
        The value must be less than 1000 days (in seconds).
      9. Click Create New Key, and note the resulting keyID and applicationKey values.
      Note
      When you create a new app key, the response contains the actual key string, for example N2Zug0evLcHDlh_L0Z0AJhiGGdY. You can always find the keyID on this page, but for security, the applicationKey appears only once. Make sure you copy and securely save this value elsewhere.

      Create a Bucket

      If you use a bucket-restricted application key, the bucket must have the listAllBucketNames capability to work with S3cmd. If you did not select this capability when you created your application key, you must create a new key with the listAllBucketNames capability.

      1. Sign in to the Backblaze web console.
      2. In the left navigation menu under B2 Cloud Storage, click Buckets.
      3. Click Create a Bucket.
      4. Enter a name for your bucket. Bucket names must be at least six characters and globally unique.
        A message is displayed if your bucket name is already in use.
      5. Select a privacy setting: Private or Public.
        Note
        You can change a bucket's privacy settings at any time.
        Files that are in a private bucket require authentication to perform an action, for example, downloading.
        Public buckets do not require authentication so you can easily share files. If this is your first time creating a public bucket, complete the following tasks to ensure that you have the correct permissions to create a public bucket:

        1. Verify your email address.
        2. Have a payment history on file, or use the credit card form to pay a small fee that is credited to your account balance.
      6. If applicable, enable a Backblaze B2 server-side encryption key.
      7. Enable Object Lock to restrict a file from being modified or deleted for a specified period of time.
      8. Click Create a Bucket, and copy the value that is in the Endpoint field; you may need this value later.
      9. Click Lifecycle Settings to control how long to keep the files in your new bucket.

      Configure S3cmd with Backblaze B2

      1. In a terminal window, enter the following command:
        python s3cmd --configure
      2. When prompted, enter the following information:
        • In the Access Key field, enter your Backblaze B2 key ID.
        • In the Secret Key field, enter your Backblaze B2 application key.
        • In the Default Region field, enter the part of your S2 endpoint URL that identifies the region. For example, if your endpoint URL is s3.us-west-004.backblazeb2.com, enter us-west-004.

      The Access Key and Secret Key are the identifiers for Amazon S3. Leave them empty if you use the env variables as in the following example: 

      Access key and Secret key are your identifiers for Amazon S3. Leave them empty for using the env variables.

Access Key: 0xxxxxxxxxxxxxxxx7

Secret Key: KyyyyyyyyyyyyyyyyyyyQ

Default Region [US]: us-west-002

      To target Amazon S3, use "s3.amazonaws.com" for the S3 endpoint and do not modify it as in the following example:

      S3 Endpoint [s3.amazonaws.com]: s3.us-west-002.backblazeb2.com

      Use "%(bucket)s.s3.amazonaws.com" to target Amazon S3. You can use the vars "%(bucket)s" and "%(location)s" if the target S3 system supports DNS-based buckets:

      DNS-style bucket+hostname:port template for accessing a bucket [%(bucket)s.s3.amazonaws.com]: %(bucket)s.s3.us-west-002.backblazeb2.com

      An encryption password is used to protect your files from reading by unauthorized persons while in transfer to S3:

      Encryption password:

Path to GPG program [/usr/bin/gpg]:

      When you use secure HTTPS protocol, all communication with Amazon S3 servers is protected from third-party eavesdropping. This method is slower than plain HTTP, and it can be proxied only with Python 2.7 or newer:

      Use HTTPS protocol [Yes]:

      On some networks, all Internet access must go through a HTTP proxy. You can set it here if you cannot connect to S3 directly:

      HTTP Proxy server name:

      This example provides all of the fields referenced above:

      New settings:

  Access Key: 0xxxxxxxxxxxxxxxx7

  Secret Key: KyyyyyyyyyyyyyyyyyyyQ

  Default Region: us-west-002

  S3 Endpoint: s3.us-west-002.backblazeb2.com

  DNS-style bucket+hostname:port template for accessing a bucket: %(bucket)s.s3.us-west-002.backblazeb2.com

  Encryption password:

  Path to GPG program: /usr/bin/gpg

  Use HTTPS protocol: True

  HTTP Proxy server name:

  HTTP Proxy server port: 0

      If you receive a 403 error when you verify the configuration, you may have created a bucket-restricted key and not enabled the List All Bucket Names permission. Create a new key and ensure that this option is selected.

      Was this article helpful?
      Related articles
      What's Next