Bring Your Own Storage (BYOS) with Backblaze B2 Cloud Storage

Camio provides the option to read and write video, images, and metadata using Backblaze B2 Cloud Storage.

Camio BYOS enables your team to control the storage policies, retention, permissions, backups, capacity, and billing directly from your own Backblaze account. 

This article describes:

How BYOS works

BYOS with Backblaze B2 Cloud Storage

Backblaze B2 Cloud Storage (B2) supports signed URLs, which provide limited permission and time to make a request to your storage. These enable the Camio Box gateway to write directly to your bucket(s). Signed URLs also enable Camio to serve video, images, and metadata in your buckets securely and directly from Backblaze to your Web Browser via the Camio Web App. Another benefit of signed URLs is that the credentials to access your encrypted content are never stored on client devices.

To configure B2 storage with Camio, you will need to provide information about the buckets you would like to connect with Camio, such as the name of the bucket, as well as credentials to read and write to those buckets through signed URLs.

Configure the amount of buckets and credentials as needed

The amount of buckets, as well as the amount of credentials per bucket, to use with Camio are configurable. At a maximum, Camio allows up to three separate buckets, for storage of Video, Images, and Metadata, and two separate credentials for each bucket, for Read and Write access. 

The amount of separate buckets and credentials provided can be reduced as needed, so long as the provided credential(s) allow the minimum required access to read or write to the provided bucket(s) as specified.

Creating storage buckets

If you do not already have storage buckets prepared for use with Camio, the following will provide basic instructions on how to create storage buckets with B2.

To create a storage bucket in Backblaze B2 Cloud Storage:

  1. Log into your account and select Buckets from the left navigation.
  2. Click the Create a Bucket button, where a form will appear to configure your new bucket before creation.
  3. Fill in the prompted information on your new bucket, including the Bucket Type, Public or Private, the bucket’s unique Bucket Name, and various security options, before confirming your choices by clicking the Create a Bucket button at the bottom of the form. 
  4. Once you confirm your choices, your bucket will now appear in the Buckets page of your account, where you can view information on the bucket, including the unique Bucket Name and Endpoint, and configure the bucket’s settings.

You will need to provide the unique Bucket Name, as well as the Endpoint for each bucket you intend to use with your Camio account when you configure your BYOS settings.

The Bucket Name and Bucket Type will also be required for setting CORS Rules on the given bucket.

Creating credentials to access your storage

In order for Camio to access the specific B2 storage bucket(s) you've chosen to use with Camio, you need to create and provide non-master App Keys, granting limited read and write access to your specified bucket(s), to your Camio Account.

Before beginning, you must create the B2 storage bucket(s) you would like to provide Camio access to, if they do not already exist, before creating credentials for their access. 

To create App Keys with permissions to access your provided storage:

  1. From the App Key page of your Backblaze account, under the Account section of the left navigation, click the Add New Application Key button to configure and create a new non-master App Key. 
  2. Configure up to two App Keys per bucket as desired, assigning the minimum required access to your given bucket(s):
    • The minimum access required for Camio to read from bucket(s) is Read Only access to the desired bucket(s)
    • The minimum access required for Camio to write to a bucket(s) is Write Only access to the desired bucket(s)
    • When granting access to a specific bucket, bucket name listing permissions are not required.
  3. Upon the creation of each App Key, copy and save the provided Key ID (keyID) and Application Key (applicationKey) for each App Key you will use with Camio, making sure to retain the associated keyName with each pair of Key ID and Application Key
    • The Application Key  of your new App Key will only appear once after creation, so make sure to copy and save it somewhere secure, as you will need to provide it to your Camio Account for access to these credentials.
    • In the case an applicationKey is lost before saving to your Camio Account storage settings, you will need to delete the App Key associated with the missing applicationKey, and create a new App Key as instructed in the previous step.

You will need to provide the Key ID and Application Key associated with the App Key(s) granted read and write permissions for each bucket you intend to use with your Camio account when you configure your BYOS settings.

Configuring CORS rules to allow the Camio Web App access to your storage

B2 allows configuring Cross-origin resource sharing (CORS) rules on a per bucket basis. Enabling CORS for the Camio domain(s) allows the Camio Web App to display your content such as video and images. If you choose not to enable CORS, some of your content will not be available for viewing in the app. 

The following instructions are for updating the CORS rules for a given bucket to allow access of resources by Camio domain(s).

  1. Install the B2 command line tool
    1. You can confirm installation of the tool by running 'b2' from the command line.
  2. Run the below command from the command line, replacing the following components with the information of the bucket being configured:
    • BUCKET_NAME: The Bucket Name of the bucket you would like to configure
    • BUCKET_TYPE: The Bucket Type of this bucket, either allPublic for a Public bucket, or allPrivate for a Private bucket.
    b2 update_bucket BUCKET_NAME BUCKET_TYPE --corsRules '[{"corsRuleName": "downloadFromCamio", "allowedOrigins": ["https://camio.com", "https://*.camio.com"], "allowedHeaders": ["Content-Type", "X-Csrf-Token", "Access-Control-Allow-Origin"], "allowedOperations": ["b2_download_file_by_id", "b2_download_file_by_name", "s3_get"], "exposeHeaders": [], "maxAgeSeconds": 3600}]'

Providing the access credentials to Camio

To provide Camio access to your B2 storage buckets, you will need to provide the B2 storage bucket and access credential information you've retrieved above to the Camio settings page: https://camio.com/settings/storage

By selecting Backblaze B2 Cloud Storage from the dropdown menu for Storage Provider, the following sections will be listed to fill in per bucket:

  • Bucket Information
  • Read Credentials Information
  • Write Credentials Information

If you would like to only configure one bucket for storage of videos, images, and metadata, check the checkbox for Use the same storage settings for videos, images, and metadata underneath the dropdown menu for Storage Provider.

The following storage and credentials information needs to be provided per bucket for use of Backblaze B2 Cloud Storage with Camio:

  • Bucket Information: The Bucket Name (e.g. "acmeproject1_camio_video") and Endpoint URL (e.g. "s3.us-west-004.backblazeb2.com") for storage.
  • Read Credentials Information: The Key ID and Application Key of the App Key with read permissions to the provided bucket.
  • Write Credentials Information: The Key ID and Application Key of the App Key with write permissions to the provided bucket.

After filling in the required information, navigate to the bottom of the page and click the Save button to save any storage setting changes to your Camio Account. 

When the Save button is clicked, Camio begins immediately storing and serving your video, images, and metadata to and from your own bucket(s).

Have more questions? Submit a request

Comments