Creating Sub-Access Keys to a Workspace or Folder

Transfer and access credentials give admins and workspace managers secure access to content in administratively shared folders, to workspace root folders, transfer service nodes, and cloud storage. These credentials are a separate access method from the permission you set on a shared folder. Therefore, the permissions you set on a shared folder do not restrict actions on folder content when using the access key.

Important:

The sub-access keys you create using procedures in this article are for use only within Aspera on Cloud. Use a sub-access key to delegate certain administrative tasks and contextual content access to another AoC admin or to a workspace manager without having to distribute the primary access key. Be sure to use the proper key type to avoid security implications. For details see Primary Access Keys and Sub-Access Keys.

As an admin with the primary access key, you can generate sub-access key/secret pairs to use as transfer and access credentials for the following:

  • An administratively shared folder on a transfer server attached to Aspera on Cloud. Use an access key to a shared folder to allow:
    • An Aspera High-Speed Transfer Server GUI client to access, browse, and initiate transfers to or from the shared folder.
    • A workspace manager to manage content in a shared folder (including browsing, sharing, deleting, renaming files, folders, and packages), while at the same time prevent the workspace manager from accessing other content on the node.
  • A workspace. Use an access key to a workspace to allow a workspace manager to access and manage content for that workspace.
  • Any folder in your cloud storage.
Note: To complete these procedures, you need the primary access credentials for the node hosting the folder or workspace.

Create a Sub-Access Key to a Shared Folder

Note: A sub-access key is a different access method than the sharing permissions you set on a folder. Access through a sub-access key is not restricted to the permissions you granted when you shared the folder.

To complete this procedure, you need either the secret to the node hosting the shared folder or a valid custom access key and secret.

To create a sub-access key for a shared folder, do the following:

  1. Go to Workspaces > workspaceName > Applications > Files > Shared folders.
  2. On the row of the shared folder, right-click and select Client access keys > Create new.
  3. Provide access credentials and Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • Click Use custom access key, enter the custom access key and secret, and click Log in.
    AoC creates the new sub-access key for the shared folder.
  4. Give this key a name and provide notes to add a description, purpose, expected use, or other info that will be useful to those using this key.
    Note: This step is optional but highly recommended to make key management and use easier. If you add a name and notes, they'll be included in the file you download in a following step.
  5. Save the sub-access key by doing one of the following:
    • Click Download. AoC generates the file KeySecretPair.txt, containing the key and secret. Aspera recommends you rename the file to make it easier to track, and save it to a secure and accessible location.
    • Click Copy for both key and secret, saving them to a secure and accessible location.
    Important: Store the key and secret in a secure and accessible location according to local site security practices. Aspera on Cloud does not store the secret. Once you click OK in the following step, you can no longer retrieve the secret.
  6. Click OK.
  7. Name the key pair file and click Save.
  8. To use this key to set up a connection to this folder in the Aspera GUI client, note the node URL.
  9. Deliver the key pair file to the user of the GUI client according to your local site security practice.
Note: In the Aspera GUI client, create a new connection, and enter data in the fields as follows:
  • Host: Enter the URL of the node hosting the shared folder, captured in step 6 above.
  • User: Enter the access key.
  • Password: Enter the secret.

Refer to the IBM Aspera High-Speed Transfer Server Admin Guide for more information.

Delete a Sub-Access Key to a Shared Folder

To delete an existing sub-access key to a shared folder, do the following:

  1. Go to Workspaces > workspaceName > Applications > Files > Shared folders.
  2. On the row of the shared folder, right-click and select Client access keys.
  3. Right-click Delete, then confirm.

Create a Sub-Access Key to a Workspace

To complete this procedure, you need either the secret to the node hosting the shared folder or a valid custom access key and secret.

To create a sub-access key for a workspace, also sometimes called a client sub-access key, do the following:

  1. Go to Nodes and storage > Nodes > nodeName
  2. Provide access credentials and Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • Click Use custom access key, enter the custom access key and secret, and click Log in. AoC creates the new access key for the shared folder.
  3. Click Workspaces.
  4. On the row of the intended workspace, right-click and select Workspace keys.
  5. Click Create new.
  6. Give this key a name and provide notes to add a description, purpose, expected use, or other info that will be useful to those using this key.
    Note: This step is optional but highly recommended to make key management and use easier. If you add a name and notes, they'll be included in the file you download in a following step.
  7. Save the access key by doing one of the following:
    • Click Download. AoC generates the file KeySecretPair.txt, containing the key and secret. Aspera recommends you rename the file to make it easier to track, and save it to a secure and accessible location.
    • Click Copy for both key and secret, saving them to a secure and accessible location.
    Important: Store the key and secret in a secure and accessible location according to local site security practices. Aspera on Cloud does not store the secret. Once you click OK in the following step, you can no longer retrieve the secret.
  8. Click OK.
  9. Name the key pair file and click Save.

Delete a Workspace Sub-Access Key

  1. Go to Nodes and storage > Nodes > nodeName
  2. Provide access credentials and Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • If you have a custom access key, click Use custom access key, enter the custom access key and secret, and click Log in. AoC creates the new access key for the shared folder.
  3. Click Workspaces.
  4. On the row of the intended workspace, right-click and select Workspace keys.
  5. On the row of the intended key, right-click Delete, then confirm.

Create a Sub-Access Key to a Cloud Storage Folder

You can generate sub-access key/secret pairs to use as transfer and access credentials for a folder in your cloud storage.

  1. Go to Nodes and storage > Nodes > nodeName
  2. Provide access credentials and click Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • If you have a custom access key, click Use custom access key, enter the custom access key and secret, and click Log in. AoC creates the new access key for the shared folder.
  3. Click Folder access keys > Create new.
  4. Select the intended folder:
    1. Click any folder to drill into it.
    2. Click Create folder at any location to make a new folder; name the folder, choosing a name that will be descriptive enough for those who will need to access it. Click OK.
    3. Use the gray bar above the folder list to navigate up and down the folder hierarchy.
    4. Click to select the option button to the left of the folder row, then click Create.
  5. Give this key a name and provide notes to add a description, purpose, expected use, or other info that will be useful to those using this key.
    Note: This step is optional but highly recommended to make key management and use easier. If you add a name and notes, they'll be included in the file you download in a following step.
    Note: If you are creating multiple access keys to the same storage for different users or groups of users, make the name descriptive enough to tell them apart.
  6. Save the access key by doing one of the following:
    • Click Download. AoC generates the file KeySecretPair.txt, containing the key and secret. Aspera recommends you rename the file to make it easier to track, and save it to a secure and accessible location.
    • Click Copy for both key and secret, saving them to a secure and accessible location.
    Important: Store the key and secret in a secure and accessible location according to local site security practices. Aspera on Cloud does not store the secret. Once you click OK in the following step, you can no longer retrieve the secret.
  7. Click OK.
  8. Name the key pair file and click Save.
  9. To use this key to set up a connection to this folder in the Aspera GUI client, note the node URL.
  10. Deliver the key pair file to the user of the client according to your local site security practice.

The folder appears in the list of folder access keys.

Create an Additional Sub-Access Key to a Folder

To create additional sub-access keys to a folder in storage, do the following:

  1. Go to Nodes and storage > Nodes > nodeName
  2. Provide access credentials and Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • If you have a custom access key, click Use custom access key, enter the custom access key and secret, and click Log in. AoC creates the new access key for the shared folder.
  3. Click Folder access keys.
  4. Right-click the row of the intended folder and select Manage access keys > Create new.
  5. Give this key a name and provide notes to add a description, purpose, expected use, or other info that will be useful to those using this key.
    Note: This step is optional but highly recommended to make key management and use easier. If you add a name and notes, they'll be included in the file you download in a following step.
  6. Click Download to download the key and secret or Copy for both key and secret. You must download or copy these credentials to proceed.
    Important: Store the key and secret in a secure and accessible location according to local site security practices. Aspera on Cloud does not store the secret. Once you complete this step, you can no longer retrieve the secret.
  7. Click OK.
  8. Name the key pair file and click Save.
  9. To use this key to set up a connection to this folder in the Aspera GUI client, note the node URL.
  10. Deliver the key pair file to the user of the client according to your local site security practice.

Delete a Folder Sub-Access Key

To delete a sub-access key to a folder in cloud storage, do the following:

  1. Go to Nodes and storage > Nodes > nodeName
  2. Provide access credentials and Log in.
    • Enter the secret for the node hosting this shared folder and click Log in.
    • If you have a custom access key, click Use custom access key, enter the custom access key and secret, and click Log in. AoC creates the new access key for the shared folder.
  3. Click Folder access keys.
  4. Right-click the row of the intended folder and select Manage access keys.
  5. Right-click Delete, then confirm deletion.