Object Storage (S3)

S3-compatible object storage for unstructured data, backups, media assets, and application integration.

Overview

Xelon HQ Object Storage provides an S3-compatible API for storing and retrieving unstructured data. It is ideal for static assets, backups, logs, and any data that benefits from HTTP-based access. Objects are organized into buckets and accessed via standard S3 tooling and SDKs.

S3 compatibility

Xelon Object Storage is compatible with the AWS S3 API. You can use the AWS CLI, Terraform S3 backend, or any S3-compatible SDK to interact with your storage.

Creating an S3 User

Before you can create buckets or upload objects, you need an S3 user associated with your organization.

Navigate to Object Storage

Open Virtual Datacenter > S3 Object Storage in the sidebar.

Create an S3 user

Click Create S3 User. Enter an S3 user name (e.g., app-prod), select the Owner tenant (if applicable), choose a Region (with or without replication), and select a Storage Quota. The user will be provisioned with access to the object storage endpoint for that region. An initial access key pair will be generated automatically.

Generating Access Keys

Each S3 user requires access keys (an access key and a secret key) to authenticate API requests.

Open the key management dialog

From the Access Management tab, click the key icon on the S3 user to open Manage S3 Access Keys.

Create a new key

Click Create New Key and confirm with your password. A new access key pair will be created and displayed.

Copy and store securely

Copy the Access key and Secret key immediately using the copy buttons. The secret key is only shown once and cannot be retrieved later.

Store your secret key safely

The secret access key is displayed only at creation time. If lost, you must delete the token and generate a new one.

Managing Access Keys

You can manage existing keys from the Manage S3 Access Keys dialog:

  • View keys: All active access keys are listed with their creation date.
  • Delete a key: Click Delete next to any key and confirm with your password to revoke it. Applications using that key will immediately lose access.
  • Rotate keys: Create a new key before deleting the old one to avoid downtime during key rotation.

Creating a Bucket

Open bucket management

From the S3 user detail page, navigate to the Buckets tab.

Create a bucket

Click Create Bucket and enter a unique bucket name. Bucket names must be globally unique within the storage cluster, lowercase, and between 3-63 characters.

Configure versioning and object lock

When creating a bucket, two additional options are available:

  • Enable Versioning — Enabled by default. Keeps multiple versions of objects in the bucket, protecting against accidental overwrites and deletions.
  • Enable Object Lock — When enabled, a Retention period (days) input appears (minimum: 1, default: 10). Object Lock uses COMPLIANCE mode, which ensures that object versions cannot be overwritten or deleted for the specified retention period.
Object Lock and retention are permanent

Object Lock and the retention period can only be configured at bucket creation time. They cannot be changed after the bucket is created. Versioning, however, can be toggled on or off at any time from the bucket list.

Bucket List Columns

The bucket list table includes an Object Lock column (showing Enabled or Disabled) and a Versioning column with a dropdown toggle that allows you to enable or disable versioning on existing buckets.

Bucket naming rules

Bucket names must be lowercase, start with a letter or number, and can contain hyphens. They cannot contain underscores, periods, or uppercase characters.

Deleting a Bucket

Bucket must be empty

A bucket must be completely empty before it can be deleted. Remove all objects and incomplete multipart uploads first.

To delete a bucket, select it from the bucket list and click Delete. Confirm the deletion when prompted.

Connecting with S3 Tools

Configure the AWS CLI to work with Xelon Object Storage by setting up a named profile:

aws configure --profile xelon
# AWS Access Key ID: <your-access-key-id>
# AWS Secret Access Key: <your-secret-access-key>
# Default region name: us-east-1
# Default output format: json

Then use the --endpoint-url flag to direct requests to the Xelon S3 endpoint:

# List buckets
aws --profile xelon --endpoint-url https://<s3-endpoint> s3 ls

# Upload a file
aws --profile xelon --endpoint-url https://<s3-endpoint> s3 cp ./backup.tar.gz s3://my-bucket/

# Download a file
aws --profile xelon --endpoint-url https://<s3-endpoint> s3 cp s3://my-bucket/backup.tar.gz ./

# Sync a directory
aws --profile xelon --endpoint-url https://<s3-endpoint> s3 sync ./data/ s3://my-bucket/data/
Endpoint URL

The S3 endpoint URL is shown in your S3 user details page. It varies by cloud location.

Best Practices

  • Use separate S3 users per application to isolate access and simplify key rotation.
  • Rotate access keys regularly by generating a new token, updating your applications, then deleting the old token.
  • Use meaningful bucket names that reflect the project and environment (e.g., myapp-prod-assets).
  • Enable versioning for buckets containing critical data to protect against accidental overwrites.
  • Set lifecycle policies for temporary data such as logs to automatically expire old objects.
  • Avoid storing secrets in object storage. Use a dedicated secrets manager instead.

Related Pages

Persistent Storage

Block storage volumes for direct attachment to virtual machines.

Backup Jobs

Automate backup scheduling to protect your VM data.