Huawei OBS
Connect your Huawei Object Storage Service (OBS) bucket to store GitSec backups.
Prerequisites
- A Huawei Cloud account with OBS access.
- An OBS bucket created in your desired region.
- An IAM user with programmatic access and the required OBS permissions.
- The Access Key ID and Secret Access Key for the IAM user.
Setup Steps
- Navigate to Storage in the sidebar.
- Click Add Storage Provider.
- Select the Huawei OBS card.
- Fill in the connection form:
| Field | Description |
|---|---|
| Connection Name | A unique, friendly name to identify this storage provider (e.g., "Production Huawei OBS Mexico"). |
| Bucket Name | The name of your OBS bucket. Cannot be changed after creation. |
| Region | The Huawei Cloud region where the bucket is located. Cannot be changed after creation. |
| Access Key ID | The access key for your Huawei Cloud IAM user. |
| Secret Access Key | The secret key for your Huawei Cloud IAM user. |
- Click Test Connection to verify GitSec can access the bucket.
- If the test succeeds, click Add Storage to complete the setup.
tip
Click Show Huawei OBS Instructions on the form for step-by-step guidance.
Create an OBS Bucket
- Go to Huawei Cloud Console > Object Storage Service (OBS).
- Click Create Bucket.
- Enter a unique bucket name.
- Select your preferred region.
- You can leave other settings at their default values.
IAM User and Access Key Setup
Step 1: Create a Policy
- Go to Huawei Cloud Console > IAM > Permissions > Policies/Roles > Create Custom Policy.
- Set the policy name (e.g.,
OBSBackupPolicy). - Use the JSON editor and configure the following policy:
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"obs:bucket:CreateBucket",
"obs:object:PutObject",
"obs:object:GetObject",
"obs:object:DeleteObject",
"obs:bucket:ListBucket"
]
}
]
}
Specify the correct bucket name in resources if you want to restrict access to specific buckets.
info
You can also use the built-in OBS Administrator policy, but it has more permissions than needed. Creating a custom policy with least privilege is recommended.
Step 2: Create a User Group (Recommended)
- Go to IAM > User Groups > Create User Group.
- Set the group name (e.g.,
BackupUsers). - Attach the policy you created above to this group. The selected permissions will take effect after 15 to 30 minutes.
- Click OK to create.
Huawei recommends managing policies through user groups for easier permission management across multiple users.
Step 3: Create an IAM User
- Go to IAM > Users > Create User.
- Set the username (e.g.,
backup-service-user). - Set Access Type to Programmatic access.
- Set Credential Type to Access Key.
- Add the user to the group you created.
- Click Next and complete the creation.
Step 4: Create Access Key
- Go to the user details page.
- Navigate to the Security Settings tab.
- Click Create Access Key in the Access Keys section.
- Confirm the checkbox about reading recommendations.
- Save your Access Key ID and Secret Access Key immediately.
caution
Access keys are only shown once. Download and store them securely before closing the dialog.
Security Best Practices
- Access keys are only shown once — download and store them securely.
- Never share your secret access key.
- Rotate your access keys regularly.
- Use separate IAM users for different applications.
For more details, see the Huawei Cloud OBS Documentation and Huawei Cloud IAM Best Practices.