Mounting buckets
Mounting buckets (MB) is a Hasty feature that allows you to:
Use Hasty on the images you keep in your storage;
And fetch the data from your storage directly to Hasty.
As for the motivation we had when developing this feature, it is pretty much straightforward. First, Hasty is always up to improving its security and privacy policies, so with MB, we allow you to keep complete control over your data, not store it in Hasty, and work with your images that never leave your storage. Second, with the Mounting Buckets feature, we continue to improve the user experience by making the data upload process less painful.
How does the Mounting buckets feature work?
In general, the pipeline is simple, so let’s quickly get through it step by step.
Signed URLs
To give you a little peak on how Hasty works, we have never worked with images as files. Hasty always saw an image as a URL pointing to it. Therefore, whenever Hasty manipulates an image, it downloads it using the URL beforehand. As for the URLs, Hasty uses so-called signed URLs.
If you are unfamiliar with the topic, a signed URL is a way for the cloud storage providers to grant access to a specific file to certain people for a certain amount of time. Such an approach makes signed URLs a secure way to access files in cloud storage at any given point.
As you can see, such an approach means that it is not important for Hasty wherever your data is stored. As long as we can get a URL to an image and sign it, it can be stored anywhere.
So far, we have done as follows, we stored images as files in our cloud storage and created signed URLs to the image whenever we needed to access them. With a slight modification of this system, we made the Mounting buckets feature that allows you to store the data in your place.
Credentials
Even with such a system, Hasty needs a way to access the images' URLs. You should provide credentials that will allow us to get all the necessary information for a successful operation. In the Mounting buckets scenario, it looks as follows:
- You store the images in your bucket. For example, let’s say it is the AWS S3 bucket;
- You generate a specific IAM role for an AWS bucket for Hasty to connect to it.
That is it.
Credentials' security
We understand that these credentials are sensitive information. To secure them, we designed a separate service that stores the credentials encrypted and uses them to sign URLs. This service never sends the credentials to any other component of Hasty. This way, the encrypted credentials rest securely and isolatedly in the service. So, you can be sure no stranger will get access to your data.
Still, since Hasty does not manipulate the credentials and they are encrypted, those credentials can not be updated. However, Hasty allows you to create a new set of credentials and assign it to an already created bucket.
Fetching the data from your storage
After you pass the credentials to Hasty, there are two approaches you can take. The first way makes the manual drag-n-drog upload process a thing of the past and allows you to fetch the data from your storage directly to Hasty.
If you choose to do that, we will make a copy of your images and store them at Hasty cloud storage. You can work with Hasty as usual when the import process is done. You can delete credentials, restrict access to the bucket, delete images from the bucket, etc. It will not break anything on the Hasty side, as at that point, we will already have the copied versions of each image.
Storing the data in your own bucket
The other approach is to store the data in your bucket. In such a case, we will not copy the data but link it when needed. So, the data will never leave your storage. For example, when you annotate, an image will be displayed from your bucket using a signed URL.
Still, this approach comes with several natural limitations. To fully support you, we need consistent access to the files, so please do not:
Delete the credentials;
Modify files on the bucket (do not move, change paths, delete);
Restrict access to the bucket.
In other words, please keep the bucket credentials and images the same way they were during the import. Otherwise, you might not be able to work the data as intended.
If you want to learn how to apply the Mounting buckets in practice, check out our tutorial.