Back to docs

Archive to Backblaze B2

Set up a Backblaze B2 bucket as your mnueron cold-storage tier. B2 is S3-compatible and significantly cheaper than AWS S3 for both storage and egress — a good pick for long-term archives you only restore occasionally.

1Create the bucket

In the B2 dashboard, click Create a Bucket. Settings to use:

  • Bucket name — globally unique (e.g. mycompany-mnueron-archive).
  • Files in Bucket arePrivate.
  • Object Lock — disable for archives (enable only if you need WORM compliance).
  • Default encryption — enable B2-managed (free).

After creation, click the bucket. Note the endpoint and region (e.g. us-west-002) shown on the bucket page.

2Create an application key scoped to this bucket

Top right menu → App KeysAdd a New Application Key.

  1. Name: mnueron-archive.
  2. Allow access to Bucket(s): pick the bucket from step 1 (NOT "All").
  3. Type of access: Read and Write.
  4. Leave file-name prefix and duration blank.

On Create New Key, Backblaze shows you a keyID and an applicationKey. Copy both. The applicationKey is shown only once.

3Paste credentials into mnueron and test

Open /account-settings/storage, pick Cloud + Archive, then the Backblaze B2 backend. Fields:

  • Bucket — your bucket name.
  • Region — e.g. us-west-002, from the bucket detail page.
  • Endpointhttps://s3.<region>.backblazeb2.com, e.g. https://s3.us-west-002.backblazeb2.com.
  • Access key ID — your B2 keyID.
  • Secret access key — your B2 applicationKey.

Click Test connection. On success you'll see "Connected. PUT, HEAD, and DELETE all succeeded." Click Save, then optionally Run archive now.

Secrets are encrypted with pgp_sym_encrypt before they touch the database. We never log them and never return them through any API.

Troubleshooting

InvalidAccessKeyId

Backblaze uses 'application keys', not username/password. Go to App Keys in your B2 dashboard, create a new key scoped to this bucket only, and use the keyID + applicationKey (not your account ID or master password).

Region not recognized

B2 regions look like us-west-002, us-east-005, eu-central-003. Find yours on the bucket's details page in the B2 dashboard.

Endpoint not working

Use https://s3.<region>.backblazeb2.com — substitute your region. Example: https://s3.us-west-002.backblazeb2.com. Don't include the bucket name in the endpoint URL.

Can I share one application key across multiple buckets?

Yes, but for security we recommend per-bucket keys with bucket scope, so a leaked key only exposes one bucket's worth of data.