How to connect Cloudflare R2 to Telsium Drive
This tutorial will guide you through creating an S3 bucket storage with Cloudflare R2 and connect it to your Telsium account to be used as a storage for Telsium Drive.1
Difficulty: easy
We will refer to End-to-End Encryption as E2EE throughout this tutorial.
IMPORTANT
Because Telsium does not manage your Cloudflare R2 storage bucket infrastructure, you are ultimately responsible for the security or other issues that may occur with it.
You are also responsible for the fees that Cloudflare may charge for your storage service. You can check for Cloudflare R2 pricing here: https://developers.cloudflare.com/r2/pricing/.
You are also responsible for storing your bucket access keys in a safe place like a password manager. Actually our recommendation is to don’t store them at all, once you’ve entered them in Telsium, don’t store them yourself, as you can always generate new ones if needed following step 6 of this tutorial.
We strongly recommend that the storage buckets you use for Telsium, use them only for Telsium.
IMPORTANT
Telsium servers need access to your bucket unencrypted credentials in order to be able to sign the urls needed for secure file sharing.
Your storage access and secret keys will be stored encrypted with Telsium managed keys.
Telsium servers DO NOT have access to your storage files underlying data, as they are protected by E2EE.
Telsium servers will never directly interact with your bucket, as the credentials are only used to sign urls.
1. Create a Cloudflare account
Go to https://www.cloudflare.com/plans/ and create an account, at the moment of writing it is not necessary to enter a payment method in order to create an account. Cloudflare has a free tier that you can explore.
2. Create an S3 bucket
Go to your Cloudflare dashboard and on the menu on the left click in the menu item “R2 Object Storage”, then in the R2 dashboard overview click “Create bucket”, then in the create bucket form enter the following:
In “Bucket name” enter your bucket name like this: “my-bucket-name“ (please enter your actual bucket name and not “my-bucket-name“).
In “Location” select “Automatic”.
In “Default storage class” select “Standard”.
Then click in “Create bucket”.
3. Create an access key
Go to your Cloudflare R2 dashboard overview and click the button “{} API“ > “Manage API Tokens”, then in the API Tokens menu click in “Create API Token“. In the create API token form enter the following:
In “Token name” enter your access key name, it could be something like this: “my-bucket-name-key“ (please enter your actual key name and not “my-bucket-name-key“).
In “Permissions“ select “Object Read & Write“.
In “Specify bucket(s)” select “Apply to specific buckets only“ and in the dropdown, select the bucket you created in step 2.
Optional. In “TTL“ set an expiration time for your key. Important, when the key has expired, you will no longer be able to access your bucket and you will need to regenerate this key.
Advanced. In “Client IP Address Filtering“ if you have a fixed IP where you will be accessing Telsium, you can define it here under “Include“ to make sure your bucket is only being accessed from that location. Also under “exclude“ you can define a list of IPs that you don’t want your bucket to be accessed from. Only use this if you know what you’re doing.
Then click in “Create Access Key”. Then a message will appear with your generated keys. Copy your “Access Key ID” and “Secret Access Key” as you will need to enter them in Telsium. Also under “Use jurisdiction-specific endpoints for S3 clients:“ copy the url that is shown, this url will be your bucket endpoint.
4. Set a CORS policy in your bucket
In your Cloudflare R2 dashboard overview under “Buckets“, select the bucket you created in the step 2. Then navigate to the settings tab and in “CORS Policy“ click “Add CORS policy“.
In the CORS policy editor enter the following (you can copy paste this):
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"DELETE"
],
"AllowedOrigins": [
"https://app.telsium.com"
],
"ExposeHeaders": [
"Access-Control-Allow-Origin"
]
}
]Then click “Save”.
5. Link your bucket to Telsium
Go to your Telsium account dashboard, you can find it clicking your avatar in top right corner of the app.
In the account dashboard, select the “Storage” item on the left (desktop) or below your avatar in mobile.
In the “Storage” settings under “Storages“ click “Add”, then in the “Add storage“ form enter your bucket credentials as it follows:
In “Name” enter the name you want this storage to identified with, it could be whatever you want, this is in order for you to identify the storage.
In “Storage” enter the following:
In “Endpoint” enter the bucket endpoint you copied in step 3, it should look something like this.
https://some-random-number.r2.cloudflarestorage.comLeave “Region” empty.
In “Bucket name” enter the bucket name you created in step 2.
Leave “Use bucket as path” unchecked.
Under “Keys” enter the “Access Key ID“ and “Secret Access Key” you created in step 3.
Then click “Test bucket credentials“.
Optional. In “Capacity” > “Quota capacity“ enter the maximum amount of storage in GB (GigaBytes) you want to allow for this storage. Enter “0” (cero) for unlimited storage.
Upon validation success of your credentials click “Submit“ in the lower right of the form.
6. Enjoy!
That’s it!, you’ve just created a bucket storage with Cloudflare R2 and linked it to your Telsium account to be used with Telsium Drive, start enjoying your files privately with absolute confidence in our E2EE architecture, with this neither Cloudflare or us (Telsium) know what your files contain.
Enjoy true privacy, enjoy Telsium.
Get access right now at the Telsium App or visit our website.
An active Telsium Plus subscription is required to link your own S3 storages to Telsium Drive.