External storage and server key encypt(FEK)

I added external storage via mount directory „data” and now my storage s3 works and users can be able to upload file to external storage. I enabled encypt from server side and everything works but when I logged to Amazon storage I see all files from local direcory „data” and files with server keyuse to encypt users files.

Is exist solution to chane dafault catalog to server private files? or except these files after mount directory „data”?

Can you try rephrasing your question? I’m unclear what you’re asking, sorry.

Also, are you actually using S3 via External Storage or are you using S3 via Primary Storage?

It would be helpful if you provide the output of occ config:list system.

I have used script from this page https://cindercloud.com/index.php?rp=/knowledgebase/17/How-to-mount-S3-Bucket-in-Linux.html but I changed mount point to /var/www/html/nextcloud/data and I seted chown mount point to apache. As you know that directory has files with encypt server keys and now my sotrage providera is can be able to look them.

Technically the key file itself is encrypted:


That said, you may want to consider using Nextcloud’s native S3 support, as previously mentioned. If you use integrate S3 into Nextcloud as External Storage it avoids the matter entirely. Hiding the underlying use of Object Storage from Nextcloud is a recipe for unexpected behavior.

I can’t use s3 as a external storage because users can be able to show files in bucket another user. Second problem is quota. In my option, external storage doesn’t possibilities to manage quotas.