Overview of how to use file repositories.

Preamble

File repositories are external storage provider (e.g. Google Cloud Storage) that can be used to store encrypted data. The data is encrypted in the browser, and then uploaded to the repository. The data is uploaded directly to the repository without passing through the psono server. The file repository provider has no way to gain access to the decrypted files.

Permissions

File repository configuration can be shared with other users to allow them to upload something to the providers themself, without the hassle that every use has to configure the repository. The possibility to download a file is controlled similar to the capabilities to access secrets by the share permissions.

The permissions in detail:

Shared Read Write Grant Resulting Rights
No - - - Can only download a file (if the share permissions allow him that)
Yes No No No Can upload files to this file repository, yet no administrative capabilities like accessing the config or sharing it with others
Yes Yes No No Can read the configuration of the external storage provider e.g. access secrets
Yes No Yes No Can update the configuration of the external storage provider
Yes No No Yes Can change the rights of himself and other users and share it with other users
Edit me
Tags: