Tracking your node access credentials

Edit online

Logging in to a transfer server node with access credentials gives the user full access to the content there. AoC never stores the credentials, so it is imperative that you track and store them according to your site's established security practices.

AoC access credentials take the form of access keys, each of which is composed of two parts:

Key ID. For example, N26Y-pfC33hcsOw24keUlzSR
Secret. For example, Yppsv_iXH5pyFBKe5cvA2nTIaXStd4NYpgjxWA0239_3

Built-in node access credentials

The credentials for the built-in node that is included with your initial AoC subscription are delivered in a digital package to the AoC admin who first created the AoC organization, as described in Secure the access credentials for your built-in node.

Additional access credentials

Over the course of your AoC subscription, you may have reason to create several access keys. For example, you may want to:

Give a workspace manager access only to specific content on the transfer server rather than all content.
Give an API client access to specific folders on the transfer server.
Attach your existing cloud storage to your AoC organization and allow AoC users to access content in it.
Attach an Aspera server that you manage to your AoC organization and allow AoC users to access content in it.

For procedures, see Access keys.

Recommended practices

Each time you create an access key, you have the option to name it and add descriptive notes. This step is optional but highly recommended to make key management and use easier. If you add a name and notes, they'll be included in the file you download in a following step.

You can add or edit a name and notes for your existing keys. To edit both name and notes, click the node row to open the key details. To edit notes only, right-click the key row and select Edit.

Each time you create an access key, AoC requires you to download or copy it to complete the creation process. When you download the key, AoC generates a text file that is always called KeySecretPair.txt.

IBM Aspera recommends that you rename this file with a meaningful label and save it to a secure and accessible location according to your local site security practices.

Important: Once you close the window that displays your key and secret, you can no longer retrieve the secret. Be sure to save the key and secret in a secure and accessible location according to local site security practices. Aspera on Cloud does not store the secret.

Recovering a lost key

If however, you do not rename the file, you may have to search for the file by the default name. If you've created multiple access credentials without renaming them, you may need to rely on the timestamp to identify each file, doing your best to recall which credentials you created on which days and times. You can combine the timestamp information with the key ID that displays in the AoC interface when you right-click the row of the transfer server, shared folder, etc., and select View access key.

Simply cannot find your credentials?

If you cannot locate your credentials after a thorough search as described in this article, try the following, based on the type of node.

For a transfer server that you manage, use your node user name and password to change the secret; see Tether Your Aspera Transfer Server to Aspera on Cloud.
For cloud storage that you have attached to your AoC organization, use the storage credentials to create a new access key; see Attach your existing cloud storage.