Added support for BackBlaze B2 Application Keys

fd0 · 2018-07-31 19:45:55 UTC

Hey, I thought it’d be nice to let you know: I’ve just merged a PR which updates the library we’re using for accessing BackBlaze B2 (https://github.com/kurin/blazer) so that restic now supports “Application Keys”. Before, you could just have one set of credentials for accessing B2, which could not be restricted. With Application Keys, you can now create several credentials with different access privileges, e.g. you can restrict an application key to a specific bucket and/or path.

Let us know what you think!

backpack · 2018-08-02 14:06:11 UTC

I was just trying to use application keys and, as it did not seem to work, I searched the internet and found that this feature has been added (what a coincidence). Nevertheless, I have downloaded and compiled the latest version from github but I did not succeed.

What I have done is to use an application key with read and write access to a bucket (only for one bucket) as value for the B2_ACCOUNT_KEY variable but I have only managed to get this error:

b2.NewClient: b2_authorize_account: 401: Invalid authorization

I have double checked the key is correct and even deleted it and created a new one to be sure they key was correct. When I change the value of the B2_ACCOUNT_KEY to the master key everything works as expected.

Am I missing something or did I found a bug ?

fd0 · 2018-08-02 17:16:17 UTC

An application key consists of a B2_ACCOUNT_ID (which is longer than the master account ID) and a B2_ACCOUNT_KEY. Only setting the latter won’t get you access to your data

Did you set both?

backpack · 2018-08-02 17:31:36 UTC

I did set both

B2_ACCOUNT_ID=My_ID
B2_ACCOUNT_KEY=My_Master_key

works, but

B2_ACCOUNT_ID=My_ID
B2_ACCOUNT_KEY=My_App_key

does not work

backpack · 2018-08-02 18:17:27 UTC

OK, my fault. I am a bit ashamed now

Although your reply was very clear I misread it and did not notice the B2_ACCOUNT_ID to be used was different and not the master one.

It is working perfectly and I want to thank you for adding this feature. It came right on time for me.

fd0 · 2018-08-02 19:06:10 UTC

Cool, glad you figured it out! It seems to be a common thing, maybe Backblaze should improve their user interface…

fd0 · 2018-08-02 19:15:50 UTC

I’ve added a bit of text about the application keys here: https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#backblaze-b2

backpack · 2018-08-05 13:10:40 UTC

Great. Now the restic documentation explains the procedure in a very clear way.

I am really not impressed by the related documentation provided by Backblaze. Despite of taking some time to understand how app keys work i got it wrong.

Thank you for your prompt replies

whereisaaron · 2018-08-05 23:50:31 UTC

Now it is in the documentation, could it also be in a 0.9.2 release? Even if only to add this B2 feature?

fd0 · 2018-08-06 09:34:06 UTC

Yep, as soon as I have some spare time I’ll do a new release

fd0 · 2018-08-06 19:38:29 UTC

Tadaa: https://github.com/restic/restic/releases/tag/v0.9.2

stevesbrain · 2018-08-07 04:23:26 UTC

Amazing Thanks so much!

brechmos · 2018-08-07 13:24:22 UTC

I just messed up on that one and got confused. I set the B2_ACCOUNT_ID to the master account ID. :(.