Create write-only keys for Backblaze B2

English
,

As far as I remember, you can’t create a write-only key via Backblaze’s dashboard without also giving read access to the key. I want to use this specifically for uploaders in servers, so, if compromized, an attacker can’t read data out of the bucket.

1
2
3
4
5
$ curl https://api.backblazeb2.com/b2api/v2/b2_authorize_account -u "MASTER_KEY_ID:MASTER_KEY_SECRET"
{
  "apiUrl": "https://api003.backblazeb2.com",
  "authorizationToken": ".....",
}

Replace apiUrl and authorizationToken in the next command:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$ curl https://$apiUrl/b2api/v2/b2_create_key -d '{"capabilities": ["listBuckets","writeFiles"],"keyName":"key-name","accountId":"MASTER_KEY_ID"}' -H 'Authorization: $authorizationToken'
{
  "accountId": "0f0f0f0f0f0f",
  "applicationKey": "K....",
  "applicationKeyId": "00....",
  "bucketId": null,
  "capabilities": [
    "listBuckets",
    "writeFiles"
  ],
  "expirationTimestamp": null,
  "keyName": "key-name",
  "namePrefix": null,
  "options": [
    "s3"
  ]
}

That’s all.