cuno-creds#

Synopsis#

cuno creds [<global options>] import [-f|--force] [-b <ID>|--billing <ID>] <file>

cuno creds [<global options>] purge <file>

cuno creds [<global options>] pair [-f|--force] [-b <ID>|--billing <ID>] <URI> public|<shared-access-signature>|<file>

cuno creds [<global options>] unpair <URI>

cuno creds [<global options>] list [pairings|creds] [s3|gs|az]

cuno creds [<global options>] setposix <URI> [true/false/permissive/metadata/permissive-with-metadata/unset]

cuno creds [<global options>] info <URI> [<options>]

cuno creds [<global options>] billing $ [<options>]

cuno creds [<global options>] upgrade [<options>]

cuno creds [<global options>] activate [file]

cuno creds [<global options>] deactivate

cuno creds [<global options>] help [import | purge | pair | unpair | billing | upgrade]

Description#

To support streaming to/from multiple cloud solutions at the same time, cunoFS includes cuno creds as a credential manager utility tool to import and manage users’ cloud storage credentials.

Options#

-c, --color

Enable color in output.

-i, --interactive

Ask for permission to replace entries and pairings.

-f, --force

Create new pairings replacing any existing ones.

-b, --billing <ID>

Set a billing project ID (for Google Storage only).

-p, --progress

Print progress of the request.

-h, --help

Show help.

-v, --version

Print the version.

Commands#

import [<command options>] <file>

Import a credential file for accessing a remote bucket/container.

Specify a credential file that CUNO will use to access remote cloud services such as Amazon S3, Google Storage and Azure.

purge <file>

Remove a credential file that CUNO uses to access remote cloud services such as Amazon S3, Google Storage and Azure.

pair [<command options>] <URI> public|<shared-access-signature>|<file>

Specify what credentials to use when accessing a remote URI.

Link a remote URI with specific credentials. If the keyword public is provided, the remote URI will be added into the store as a public access bucket. The credential file must be already imported into the credentials store. The only exception is when pairing an az URI with a Shared Access Signature (SAS). When second argument is left blank then a list of the available credentials is printed for selection.

unpair <URI>

Unlink a remote URI from a specific credential file/SAS. The URI must exist inside the credentials store. If no URI is provided then a selection list is printed to stdout.

list [pairings|creds] [s3|gs|az]

Displays imported credential files and pairings

If keyword “parings” is provided, shows all paired buckets and their associated credentials file. If keyword “creds” is provided, shows all imported credentials files. If “pairings” or “creds” is provided, and any of the filters “s3”, “az”, “gs” is provided, then only shows entries for that object storage provider (s3 includes S3-compatible).

setposix <URI> [true | false | permissive | metadata |permissive-with-metadata | unset]

This setting toggles POSIX mode on for the bucket and takes precedence over the CUNO_POSIX environment variable.

Valid options:

  • true - enable posix in enforcing mode, preventing unauthorized access.

  • false - disable posix

  • permissive - enable posix in permissive mode, where object attributes like uid, gid, mode, timestamps are stored but user access privilege is not checked

  • metadata - enable posix in enforcing mode and store posix attributes as object metadata (only on S3)

  • permissive-with-metadata - enable posix in permissive mode and store posix attributes as object metadata

  • unset - remove posix configuration from the bucket

The cuno creds setposix command writes a tag to the bucket’s metadata on the bucket store. The setting set by this command applies to all users using the bucket through cunoFS.

To unset the bucket-level setting and allow controlling POSIX mode using either the CUNO_POSIX environment variable or the --posix command line flag, use cuno creds setposix with a setting of unset:

cuno creds setposix s3://examplebucket unset
info <URI>

Display information about a remote URI that exists inside the credentials store. If the URI is not paired, no information is available.

billing

Display billing information on pairings of ‘requester pays’ buckets.

Currently only Amazon S3 and Google Storage support ‘requester pays’ buckets.

upgrade

Upgrade internal credentials store if required.

Performs the necessary updates to the internal persistent credentials store that had remained unchanged across software updates.

activate [file]

Activates cunoFS (for the current user) to use a given licence key.

Optionally provide a file containing the key, pipe the key in as input, or use this command interactively.

If run as root, you also have the option to allow other users access.

For more information, see the Licenses and Activation section of the User Guide.

deactivate

Removes the licence key from this installation, deactivating access to cunoFS.

help [<command>]

Show a list of commands or help for the specified command.

Environment#

CUNO_CREDENTIALS

The location of imported cunoFS credentials. The default location is $XDG_CONFIG_HOME/cuno/creds (if unset, $XDG_CONFIG_HOME defaults to ~/.config). If the CUNO_CREDENTIALS environment variable is set but the path does not exist, cunoFS will next examine the default location. If that does not exist either, cunoFS will try to fall back to the path cuno-config/creds adjacent to the cunoFS installation directory; that is, /opt/cuno-config/creds or ~/.local/opt/cuno-config/creds for the default system or user local installation, respectively.

Files#

~/.config/cuno/creds

The default cunoFS credentials configuration directory.

See also#

cuno(1), cuno-mount(1), cuno.so(8)