---
myst:
html_meta:
"description lang=en": "Create Custom Storage Providers in Kasm Workspaces."
"keywords": "Storage Mapping, Storage Providers, Custom, Docker Volumes, Volume Drivers, Volume Driver Options"
"property=og:locale": "en_US"
---
```{title} Custom Storage Provider Setup
```
(custom-storage-mapping)=
## Custom Storage Provider Setup
Custom storage providers give administrators the ability to create free-form configurations that create docker volumes
and then map them into containers.
Configuration is largely instrumented through the **Volume Config** and **Mount Config** options in accordance with any
desired docker volume plugin and driver options.
Unlike the other providers, Storage Mappings for Custom Storage Providers may only be configured by administrators. No
settings are exposed on the Storage Mappings for Custom Storage Providers, so they only service as an association by the admin
to a Workspace, Group, or User.
- **S3 Example**
In this example, we take advantage of the {ref}`storage-provider-variable-substitution` in order for each user to get their own storage location.
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom-{username}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (S3 Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "s3", |
| | "path" : "bucket-name/folder/{user_id}", |
| | "vfs-cache-mode": "off", |
| | "dir-cache-time": "10s", |
| | "s3-provider" : "AWS", |
| | "s3-env-auth" : "false", |
| | "s3-access-key-id": "--redacted--", |
| | "s3-secret-access-key": "--redacted--", |
| | "s3-region" : "us-east-1", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
- **S3 + File Based Encryption Example**
In this example, we leverage the rclone storage driver's ability to utilize [Crypt Remote](https://rclone.org/crypt/) as a wrapper around the S3 example from above. This builds
on the previous example by implementing file based encryption on each user's files. Files are transparently encrypted/decrypted when utilized in the
Kasm session. Files are obfuscated and encrypted when viewed from the S3 console.
```{figure} /images/storage_mapping/custom/encrypted_file.png
:align: center
**Encrypted File**
```
```{figure} /images/storage_mapping/custom/obfuscated_filename.png
:align: center
**Obfuscated Filename of Encrypted File**
```
```{eval-rst}
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom-{username}` |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (S3 Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "crypt", |
| | "vfs-cache-mode": "off", |
| | "dir-cache-time": "10s", |
| | "crypt-filename-encryption": "standard", |
| | "crypt-password": "{user_crypt_password}", |
| | "crypt-password2": "{user_crypt_salt}", |
| | "crypt-remote": |
| | ":s3,provider=AWS,env_auth=false,access_key_id=--redacted--,secret_access_key=--redacted--,region=us-east-1:bucket-name/folder/{user_id}" |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------+
```
- **Azure Blob Example**
- The Azure Blob Storage Account Name and Key can be found in the **Security + networking** -> **Access keys** section.
More info on the Azure Blob paremeters can be found in the [Rclone Azure blob documentation](https://rclone.org/azureblob/)
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (Azure Blob Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "azureblob", |
| | "path" : "container-name", |
| | "azureblob-account" : "storage-account-name", |
| | "azureblob-key" : "storage-key", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
```{figure} /images/storage_mapping/custom/azure_blob.png
:align: center
**Add Storage Mapping**
```
- **SMB/CIFS Example**
- More info on the SMB parameters can be found in the [Rclone SMB documentation](https://rclone.org/smb/)
- The `smb-pass` option needs to be obscured value produced via the [Rclone Obscure](https://rclone.org/commands/rclone_obscure/) utility. Install the latest version of
rclone on a separate system and utilize the `rlone obscure` utility to generate the obscured password to use in the configuration.
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (SMB Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "smb", |
| | "path" : "optional/share/path", |
| | "smb-host" : "192.168.1.2", |
| | "smb-user" : "username", |
| | "smb-pass" : "--obscured-pass-with-rclone-obscure--", |
| | "smb-domain" : "WORKGROUP", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
```{include} /guide/storage_providers/rclone.md
```
- **Digital Ocean Spaces Example**
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (S3 Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "s3", |
| | "path" : "bucket-name/folder/", |
| | "vfs-cache-mode": "off", |
| | "dir-cache-time": "10s", |
| | "s3-provider" : "DigitalOcean", |
| | "s3-env-auth" : "false", |
| | "s3-access-key-id": "--redacted--", |
| | "s3-secret-access-key": "--redacted--", |
| | "s3-endpoint": "fra1.digitaloceanspaces.com", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
- **Google Cloud Storage Example**
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`Custom Provider` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`Custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/custom` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| (S3 Example) | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "s3", |
| | "path" : "bucket-name/folder/", |
| | "vfs-cache-mode": "off", |
| | "dir-cache-time": "10s", |
| | "s3-provider" : "GCS", |
| | "s3-env-auth" : "false", |
| | "s3-access-key-id": "--redacted--", |
| | "s3-secret-access-key": "--redacted--", |
| | "s3-endpoint": "https://storage.googleapis.com", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
### Create Storage Mapping
Storage Mappings for Custom Storage Providers can only be configured by Administrators.
1. From the Workspaces app , select the desired Workspace, User or Group to associate with the Storage Mapping.
2. Select **Storage Mapping** tab and select **Add Storage Mapping**.
```{figure} /images/storage_mapping/custom/add_storage_mapping.png
:align: center
**Add Storage Mapping**
```
3. Select the Custom Storage Provider from the **Type** dropdown and select **Next**
```{figure} /images/storage_mapping/custom/custom_storage_mapping.png
:align: center
**Configure Storage**
```
4. Launch a new container-based session. Verify the Custom storage is mapped inside the session at the `/custom` location.
```{figure} /images/storage_mapping/custom/files.png
:align: center
**Custom Mount**