Setting up cloud storage buckets

To allow you to share documents with Upvest, we require a cloud storage bucket that is securely accessible by both you and us.

Prerequisites

 ✓   Know your cloud provider and policies
Details

If you do not know what options are available within your organisation, and what policies exist around these platforms, please involve a member of your cloud platform and/or IT security teams in this process.


   (Optionally) Choose to use our default bucket in sandbox

As it can sometimes take some time to work through the following stages, we offer you use of our "Default Bucket" in the Sandbox environment. This will allow you to get started exchanging files in the Sandbox environment for testing purposes.

If you choose this option, you can omit the cloud storage credentials from the initial setup form that you'll fill out later in the "Getting Started" tutorial, please remember to indicate that this is your wish during the completion of the "Investment API credentials request".

   Identify the cloud provider you'd like to use

You will need to identify your organisation's Public Cloud of choice and arrange for a Bucket. As this may require working with other departments in your organisation, we strongly recommend that you set up download buckets for your organisation as early as possible, as you will want to test these mechanisms prior to going live with your product.

We currently support the following cloud storage providers:

  • Amazon AWS
  • Microsoft Azure
  • Google Cloud

Access to storage objects is usually facilitated via service accounts. Upvest requires a shared service account that has the correct permissions to read file metadata and content. Make sure the service account has the following permissions before you provide us with its credentials:

  • for GCP it is storage.objects.get, more details can be found here.

  • for AWS GetObject and GetObjectAttributes, more details can be found here and here.

   Gather bucket credentials

Once you've established which compatible cloud storage provider you'd like to use, you will have to create the bucket. The exact process required to do this will depend on the cloud you choose and the policies of your own cloud platform team. At the end of this process you will need a file containing access credentials for that bucket that you can share securely with Upvest.

To ensure you have the right data, please check that you have a JSON file with the structure below, that matches the cloud provider you chose:

Amazon AWS
{
  "bucket": "...",
  "region": "...",
  "access_key_id": "...",
  "secret_access_key": "...",
}
Microsoft Azure
{
  "query_sign": "..."
}
Google Cloud
{
  "bucket": "...",
  "json_key": "..."
}

   Encrypt credentials

For the secure exchange of bucket credentials we use public-private PGP keys as we do for all other Upvest secret exchanges.

Please read our Secure communication with Upvest document. There you will find our public PGP key, which you should import into your PGP encryption tool. Once you have done that, you can use it to encrypt your credentials file ready for transfer to Upvest.

   Provide a dummy file for testing

In order for us to test connectivity and correct integration of your bucket with the Investment API, we will require a dummy file to be uploaded to the bucket that we can try to access.

Please upload a file to your bucket and keep a copy of the URL for accessing this file in the bucket so that you can submit it to us later in the process.

   Cloud Storage Bucket Created!

You should now have encrypted credentials for a public cloud storage bucket, ready to be transferred to Upvest later.

Next step

Return to the Getting Started Tutorial and continue at Submit Credentials Request.