Write only credentials



I read about the C14 cli, it could be a great tool, but in my case only if I can give write only credentials.

If I want to use C14 to archive important data, and schedule the backup from the backuped server, I don’t want it to be able to delete these archives. If it can open an archive, it’s possible to rsync /dev/null/ on it and erase all the archived data.

So a write only credential would be a really nice feature (create then write then archive).

A better feature would be a write only account

  • I buy a 1 year container
  • I push archives in it, then all the data are recoverable but no more writable
  • after 1 year the container is deleted by online, but my account can’t delete anything

With such a feature, each 3 month I buy a new 1 year container and push everything on it. In such scenario, my data are safe even in the case my online account is compromised or a server with credentials is compromised. It’s for me the only way to have a « safe archive ».


That post has several good ideas:

  • Write-only credentials, either whole archive is 100% write-only or there can be ACLs like with Amazon EBS.

  • Being able to make a 1 year payment is great. Backup is to guard against external failures and a common type of failure is a credit card problem interfering with a monthly payment. When that happens there’s a semi-emergency to fix the problem before the service is stopped. So it should be possible to pay for c14 separately from monthly servers, and pay it well in advance. Or maybe pay it monthly, but also place a 6 month advance payment in case something goes wrong with the monthly payment.

  • I like letting Online delete a container if the customer cancels it or it expires. Right now there’s a 0.01/GB charge to erase data, that counts as a data operation, presumably because securely wiping all the disk sectors is the same cpu and i/o load as archiving or unarchiving. But if the customer encrypts the data before archiving, they might not require secure erasure.

  • So if there was an “abandon” operation that just freed up the disk space (updated some metadata) without overwriting it then I hope that could cost less than a full erase operation. I’ve never heard of anyplace else charging to throw away data.