Configuring S3-Compatible Storage for Decrypted Payloads
Last updated
Last updated
Qtap can send decrypted payloads directly to your S3-compatible storage service. This keeps sensitive data within your infrastructure and never passes through our servers.
Any S3-compatible storage service, including:
Amazon S3
Google Cloud Storage
MinIO
DigitalOcean Spaces
Backblaze B2
Wasabi
Ceph
And other S3-compatible services
Qtap requires two environment variables for authentication into your object storage:
S3_ACCESS_KEY: Your storage service access key
S3_SECRET_KEY: Your storage service secret key
These credentials must be supplied to Qtap at launch time using your preferred secrets management solution.
Always use HTTPS in production environments
Ensure your storage bucket exists before configuring Qtap
Credentials should have appropriate permissions to write to the bucket
The storage service must be accessible from your Qtap deployment
| Parameter | Description | Example |
|---|---|---|
name
Identifier for your storage configuration
"my-storage"
description
Human-readable description
"Production S3 Bucket"
endpoint
S3-compatible service endpoint URL
"s3.amazonaws.com"
bucket
Name of the storage bucket
"my-qtap-bucket"
region
Region where the bucket is located. Can be set to us-east-1 if using something regionless.
"us-east-1"
insecure
Whether to skip SSL verification (not recommended for production)
false
