Connecting Storage
Guide to connecting storage backends in Burning Ash Protocol — Google Drive, Dropbox, OneDrive, AWS S3, and FTP/SFTP.
Connecting Storage
Storage backends hold your encrypted will documents. This guide covers connecting each supported storage type.
Using your own storage credentials? See Configuring user storages for step-by-step setup and links to Google Drive, Dropbox, OneDrive, and S3 guides.
Overview
BAP supports five storage backends:
| Storage | Authentication | Best For |
|---|---|---|
| Google Drive | OAuth 2.0 | Google ecosystem users |
| Dropbox | OAuth 2.0 | Dropbox users |
| OneDrive | OAuth 2.0 | Microsoft ecosystem users |
| AWS S3 | Access keys | AWS users, S3-compatible |
| FTP/SFTP | Username/password or SSH key | Self-hosted, legacy systems |
You must connect at least one storage to create a will.
Adding Storage
Step 1: Navigate to Storage
- Log into the Host Dashboard
- Go to Settings → Storage
- Click "Add Storage"
Step 2: Choose Storage Type
Select the type:
- Google Drive
- Dropbox
- OneDrive
- AWS S3
- FTP/SFTP
Step 3: Configure and Connect
Each type has different configuration (see below).
Step 4: Verify and Save
- Click "Test Connection"
- Select a folder for will documents
- Click "Save Storage"
Google Drive
Prerequisites
- Google account
- Google Cloud project with Drive API enabled
Configuration
For OAuth connections, you don't enter credentials directly:
- Click "Connect with Google"
- Sign in with your Google account
- Grant BAP access to Google Drive
- Select a folder (or use default)
- Connection is established
Google Cloud Setup (If Needed)
If you need to create your own OAuth credentials:
- Go to console.cloud.google.com
- Create new project
- Enable Google Drive API
- Create OAuth credentials (OAuth client ID)
- Set redirect URI
- Note client ID and secret
OAuth Callback
The redirect URL format:
https://yourdomain.com/api/storages/oauth/callbackPermissions
BAP requests:
drive.file— Access to files you create- Not full drive access
Testing
Click "Test Connection" to verify:
- Authentication works
- Can read/write to selected folder
Dropbox
Prerequisites
- Dropbox account
- Dropbox Developer app
Configuration
OAuth-based (similar to Google Drive):
- Click "Connect with Dropbox"
- Sign in to Dropbox
- Grant BAP access
- Select a folder
Creating Your Own App
- Go to dropbox.com/developers
- Create app (Scoped access)
- Choose permissions:
files.content.write,files.content.read - Set redirect URL
- Note App Key and Secret
OAuth Callback
https://yourdomain.com/api/storages/oauth/callbackAWS S3
Prerequisites
- AWS account
- S3 bucket
- IAM user with S3 permissions
Configuration Fields
| Field | Description | Example |
|---|---|---|
| Access Key ID | IAM user access key | AKIA... |
| Secret Access Key | IAM user secret key | ... |
| Bucket Name | Your S3 bucket | my-bap-wills |
| Region | AWS region | us-east-1 |
| Path | Folder path | /wills |
IAM Policy
Create IAM user with this policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket",
"arn:aws:s3:::your-bucket/*"
]
}
]
}S3-Compatible Storage
For S3-compatible providers (MinIO, DigitalOcean Spaces, Wasabi):
{
"access_key_id": "...",
"secret_access_key": "...",
"bucket": "my-bap-wills",
"region": "us-east-1",
"endpoint": "https://nyc3.digitaloceanspaces.com",
"path_style": true
}Testing
Click "Test Connection" to verify:
- Credentials are valid
- Bucket exists and is accessible
FTP/SFTP
Prerequisites
- FTP or SFTP server
- Server credentials
Configuration Fields
| Field | Description | Example |
|---|---|---|
| Host | Server hostname | sftp.example.com |
| Port | 21 (FTP) or 22 (SFTP) | 22 |
| Username | FTP/SFTP username | bap |
| Password | FTP password | ... |
| SSH Key | (Optional) Private key | -----BEGIN... |
| Path | Target directory | /wills |
SFTP Key Authentication
For SFTP with SSH keys:
{
"host": "sftp.example.com",
"port": 22,
"username": "bap",
"ssh_key": "-----BEGIN OPENSSH PRIVATE KEY-----\n...\n-----END OPENSSH PRIVATE KEY-----"
}Security Notes
- SFTP (SSH) is encrypted
- FTP transmits in plaintext (not recommended)
- Use SSH key authentication over password
Testing
Click "Test Connection" to verify:
- Server is reachable
- Credentials work
- Directory exists/is writable
Managing Storage
Viewing Storage
Storage page shows:
| Field | Description |
|---|---|
| Name | Display name |
| Type | Storage backend type |
| Status | Connected/Disconnected |
| Last Verified | Last successful test |
| Path | Storage folder |
Testing Storage
- Click "Test" on a storage entry
- System verifies:
- Authentication
- Read access
- Write access
Reconnecting OAuth
For Google Drive or Dropbox:
- Click "Reconnect"
- Complete OAuth flow again
- May be needed if token expired/revoked
Browsing Storage
To browse files in connected storage:
- Click "Browse" on storage entry
- View files and folders
- Select folder for will documents
Deleting Storage
- Click "Delete" on storage entry
- Confirm deletion
Constraint: Cannot delete storage that contains active will documents.
File Handling
How BAP Uses Storage
- Upload: Encrypted documents uploaded to storage
- Download: Documents downloaded and decrypted for access
- Delete: Encrypted blobs deleted when will is removed
File Naming
In storage, files are stored with opaque names:
/BAP/will/
12345678-1234-1234-1234-123456789abc.enc
87654321-4321-4321-4321-abcdef123456.encOriginal filenames are stored in database metadata, not in storage.
Folder Structure
Recommended structure:
/BAP/
/wills/
/{will-id}/
document1.enc
document2.encBest Practices
For Production
- Use dedicated bucket/folder for BAP
- Enable versioning for backup (but understand retention)
- Use S3-compatible for cost-effective storage
Security
- SFTP preferred over FTP
- OAuth tokens encrypted at rest
- Files always encrypted before upload
Redundancy
- Connect multiple storage options
- If one fails, system can use backup
- Regular testing recommended
Troubleshooting
"Authentication failed"
- Verify credentials are correct
- Check API keys haven't expired
- Ensure bucket/server is accessible
"OAuth token expired"
- Click "Reconnect" to refresh
- Check redirect URL matches
"Permission denied"
- Verify bucket/folder permissions
- Check IAM policy includes required actions
"Storage disconnected"
- Network connectivity issue
- Provider outage
- Re-authenticate if needed
"Upload failed"
- Check disk space
- Verify write permissions
- Try again or use different storage
API Reference
Storage can also be managed via API:
GET /api/storages - List storages
POST /api/storages - Create storage
GET /api/storages/:id - Get storage
PUT /api/storages/:id - Update storage
DELETE /api/storages/:id - Delete storage
GET /api/storages/:id/browse - Browse files
POST /api/storages/:id/connect - OAuth flowSee API Reference - Storage for details.
Next Steps
- Creating a Will — Upload and seal will
- Liveness Settings — Configure checks
- Configuration — Full config reference
WhatsApp message templates
Required WhatsApp Business API message templates for BAP notifications — register these in your Meta Business Manager before using WhatsApp as a connector.
Configuring user storages
Step-by-step setup for your own Google Drive, Dropbox, OneDrive, S3, and FTP/SFTP storage in BAP — with links to detailed provider guides.