Appearance
S3 Storage
Truetask can use S3-compatible object storage for uploaded files and database backups. This supports cloud deployments (AWS, GCP, Azure) as well as on-premises object storage (MinIO) for air-gapped or regulated environments.
Enterprise feature
S3 storage requires an Enterprise license.
Overview
The S3 Storage settings page (Settings > Server > S3 Storage) has two independent sections:
| Section | What it stores |
|---|---|
| File Storage | Card attachments, user avatars, cover images |
| Backup Storage | Automated and manual database backups |
Each section can be enabled independently and can use a different bucket, provider, or account.
Setup
Go to Settings > Server > S3 Storage. Each section has the same fields:
| Field | Description |
|---|---|
| Enable toggle | Turn S3 on or off for this storage type |
| Bucket | S3 bucket name |
| Region | Bucket region (e.g., us-east-1) |
| Endpoint | S3 endpoint URL (e.g., https://s3.amazonaws.com) |
| Access Key | S3 access key ID |
| Secret Key | S3 secret access key |
| Force Path Style | Use path-style URLs instead of virtual-hosted. Required for MinIO and some S3-compatible providers. |
After entering your credentials, click Test Connection to verify, then Save.
Existing files
If you have existing uploaded files, you'll have to migrate them manually from the local file system to S3 storage. Enabling S3 only affects new uploads.
Compatible providers
Any S3-compatible service works. Common options:
| Provider | Endpoint | Path Style | Notes |
|---|---|---|---|
| AWS S3 | https://s3.amazonaws.com | No | Standard S3 |
| MinIO | https://minio.example.com | Yes | Self-hosted, good for air-gapped environments |
| DigitalOcean Spaces | https://{region}.digitaloceanspaces.com | No | — |
| Backblaze B2 | https://s3.{region}.backblazeb2.com | No | — |
| Wasabi | https://s3.{region}.wasabisys.com | No | No egress fees |
| Cloudflare R2 | https://{account-id}.r2.cloudflarestorage.com | Yes | No egress fees |
Force Path Style
Enable Force Path Style for MinIO, Cloudflare R2, and other services that don't support virtual-hosted-style bucket addressing.
IAM permissions
Create a dedicated IAM user with minimal permissions for each bucket:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
]
}
]
}Considerations
- File Storage and Backup Storage are independent — you can use S3 for backups only, files only, or both.
- Backups on S3 are stored only in S3, not locally. Ensure your bucket has versioning or lifecycle policies as a safety net.
- S3 credentials are encrypted in the database if settings encryption is enabled.
- Test the connection before relying on S3 for production use.
- Budget for storage costs — frequent backups and large file uploads accumulate over time.