NOTE: The Vault is in development

Getting Started with Elastx The Vault

Welcome to Elastx The Vault — a secure, S3-compatible object storage service, now available for testing. Built with compliance, security, and flexibility at its core, The Vault is ideal for secondary storage and long-term data retention.

Overview of The Vault

The Vault combines scalable object storage with enterprise-grade security:

• S3-Compatible Object Storage – Easily integrate with existing tools and workflows
• Geographically and Physically Isolated – Hosted in an isolated, dedicated and physically protected region within the Elastx Cloud Platform
• Encryption at Rest – Your data is always secured with encryption
• Immutable Storage – Safeguard against deletion or tampering including Ransomware
• Integrated with Elastx IDP – Centralized identity and access management with MFA
• Purpose-Built for Secondary Storage – Designed for archiving, backups, and compliance-driven storage

Getting Access to The Vault

Before using Elastx The Vault, your organization must designate at least one Customer Admin User.

1. Request an Admin Account
   An authorized manager can use Elastx Support Page or email support@elastx.se to request access for your first admin user.

2. Activate Your User
   Once provisioned follow the instructions to activate your Elastx Identity Provider (IDP) account and setup MFA.

Accessing The Console

Use the Elastx The Vault Console to manage your The Vault configuration (only Customer Admin Users): Elastx The Vault Console

From the console you can setup and manage:

• Buckets and objects for the whole organization
• Your access keys and their policies for users and applications to access The Vault securely
• Immutable settings etc

Note: Access keys are bound to the customer admin who creates them. It’s important to note that in an organization with multiple customer admins, these admins cannot view each other’s keys.

Creating Access Keys and access the API

To enable other users, applications, services to access the The Vault api.

1. Log in to the console as an admin
2. Create Access Keys for your organization’s users or services
3. Store the secret key securely — it is only shown once
4. Access the api via: https://vault.elastx.cloud

Start using MinIO - i.e. create a new bucket with Minio Client

Note! Your buckets always need to be named with your organisations unique prefixed uid. I.e. <uid.bucketname> which is provided by Elastx Support to your Authorized manager

   mc alias set <alias> https://vault.elastx.cloud <accesskey> <secret>
   mc mb <alias>/<uuid>.<bucketname>

Additional User Roles

You may also request WriteOnly and ReadOnly users/accounts via support@elastx.se. These users are pre-assigned with limited policies suitable for:

• WriteOnly – I.e. to upload data into The Vault
• ReadOnly – I.e when the need is only to read from storage

Technical details

The S3 API is rate-limited with max 128 active sessions and 1k requests per second per source IP. This limit is quite low on purpose as the main usage of the system should be to stream large backup/archive objects and not to store millions of small objets. Hitting the limit will trigger a HTTP 429 response which most S3 clients can handle gracefully with exponential backoff.

Learn More

For more complete documentation including how to manage immutability, refer to official documentation, i.e.:

• MinIO Docs on Github
• MinIO S3 Compatible API Documentation