S3 Piece Storage¶

S3 (Simple Storage Service) and S3-compatible storage services provide cloud-based object storage that can host Automatic Disk Unlock pieces. This method supports AWS S3, MinIO, Backblaze B2, Wasabi, and other S3-compatible providers.

Overview¶

You upload your base64-encoded piece to an S3 bucket. During boot, Automatic Disk Unlock authenticates using access keys and retrieves the piece from the bucket.

Configuration Format¶

:s3,provider=AWS,access_key_id=EXAMPLE,secret_access_key=EXAMPLEKEY,region=us-east-1:bucket-name/path/to/piece.txt

• provider: The S3 provider (e.g., AWS, Minio, Wasabi, Backblaze)
• access_key_id: Your S3 access key ID
• secret_access_key: Your S3 secret access key
• region: The region where the bucket is located (e.g., us-east-1)
• bucket-name/path/to/piece.txt: Bucket name and object path

Setup Instructions¶

AWS S3¶

Step 1: Create an S3 Bucket¶

1. Log in to the AWS Management Console
2. Navigate to S3 and click Create bucket
3. Configure the bucket:
   • Region: Note the region that is being used, this will be needed later (e.g., us-east-1)
   • Bucket name: Choose a unique name (e.g., autounlock-pieces)
   • Object Ownership: Set to ACLs disabled
   • Block Public Access: Keep all public access blocked for security
4. Click Create bucket

Step 2: Upload the Piece File¶

1. Open the bucket you just created
2. Click Upload
3. Create a text file containing your base64-encoded piece and upload it:
   • File name: piece.txt
   • Content: Your base64-encoded piece
4. Click Upload

Step 3: Create an IAM User with Read-Only Access¶

1. Navigate to IAM → Users → Create user
2. Enter a username (e.g., autounlock-reader)
3. Click Next
4. Select Attach policies directly

5. Click Create policy to create a custom policy:

   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "s3:GetObject",
           "s3:ListBucket"
         ],
         "Resource": [
           "arn:aws:s3:::autounlock-pieces",
           "arn:aws:s3:::autounlock-pieces/*"
         ]
       }
     ]
   }
   

   Replace autounlock-pieces with your bucket name.

6. Name the policy (e.g., AutoUnlockReadOnly) and click Create policy

7. Return to the user creation page, refresh the policies, and attach your new policy
8. Click Next and then Create user

Step 4: Create Access Keys¶

1. Open the IAM user you just created
2. Navigate to the Security credentials tab
3. Click Create access key
4. Select Application running outside AWS and click Next
5. Click Create access key
6. Save the Access key ID and Secret access key (you won't be able to see the secret key again)

Step 5: Prepare Location String¶

:s3,provider=AWS,access_key_id=YOUR_ACCESS_KEY_ID,secret_access_key=YOUR_SECRET_ACCESS_KEY,region=us-east-1:autounlock-pieces/piece.txt

Replace:

• YOUR_ACCESS_KEY_ID with your access key ID
• YOUR_SECRET_ACCESS_KEY with your secret access key
• us-east-1 with your bucket's region
• autounlock-pieces/piece.txt with your bucket name and object path

Step 6: Add to Automatic Disk Unlock Configuration¶

1. In the Unraid WebGUI, navigate to Settings → Automatic Disk Unlock

2. Test the location:

   • Paste the location string into the Test Location input field
   • Click Test to verify the piece can be retrieved
   • Confirm the test succeeds

3. Add to configuration:

   • Navigate back to the Configuration section
   • Add the location string to the Download Locations text area
   • Click Save

Security Considerations¶