Documentation
Everything you need to upload files, run backups, share data, and automate with NordenVault -from browser basics to CLI deep-dives.
Quick start
Three ways to get data into NordenVault in under five minutes.
The simplest way to store files. No CLI required.
- Sign in and open the File Manager.
- Drag and drop files onto the page, or click Upload.
- Create folders to organise your files.
- Files larger than 100 MB are chunked automatically.
Use restic or rclone with NordenVault as an S3 backend.
- Go to Sources and create a backup source.
- Copy your access key, secret key, and bucket name.
- Point restic or rclone at
s3.nordenvault.com. - Run your first backup and verify it in the dashboard.
Migrate existing data from other providers without downtime.
- Go to Cloud Import in the dashboard.
- Choose your source: S3, Google Drive, Dropbox, OneDrive, or Azure.
- Enter credentials or connect via OAuth.
- NordenVault syncs your files in the background.
Guides
Detailed documentation for every NordenVault feature.
Upload, organise, and download files from the browser.
Create secure links with password, expiry, and download limits.
Migrate from S3, Google Drive, Dropbox, OneDrive, and Azure.
Initialise repo, backup, restore, prune, and automate.
Configure remote, sync, mount, and schedule transfers.
Enable versioning, view history, and restore previous versions.
Set up automatic cleanup rules for old files.
Event notifications for backup events and file changes.
Generate tokens for programmatic access to the control plane.
Invite members, assign roles, and manage permissions.
File Management
The NordenVault File Manager is a full-featured browser UI for uploading, organising, downloading, and deleting files -no CLI or external tools required.
Uploading files
Navigate to File Manager in the sidebar. Drag files or entire folders from your desktop onto the page, or click the Upload button and select files from the file picker. Files over 100 MB are split into 10 MB parts and uploaded in parallel using multipart upload -progress is shown per-file.
Creating folders
Click the New Folder button and type a name. Folders are represented as S3 key prefixes; they behave like real directories throughout the UI. Use the breadcrumb trail at the top to navigate back up the hierarchy.
Downloading and deleting
Click any file to open its detail panel, then choose Download to fetch it directly from storage. Select multiple files using the checkbox column and use the bulk action bar to download a ZIP or permanently delete the selection.
File type support
NordenVault stores any file type. The file manager renders icons for common types (images, PDFs, archives, code files, databases) and shows file size, last modified date, and storage class. Individual files can be up to 5 TB.
File Sharing
Generate secure, time-limited public links for any file without exposing your storage credentials. Recipients do not need an NordenVault account.
Creating a share link
- Open the file in the File Manager and click Share.
- Set an expiry date (1 hour to 30 days, or no expiry).
- Optionally add a password that recipients must enter.
- Optionally set a maximum download count.
- Click Create Link and copy the URL.
Managing existing shares
All active shares appear in the file's detail panel. You can revoke a share at any time by clicking Revoke. Expired shares are automatically invalidated and cleaned up -the link returns a 404 to recipients.
Recipient experience
Recipients open the link at nordenvault.com/shared/<token>. If a password was set, they see a prompt before the download starts. The page is public and does not require a login.
Cloud Import
Migrate files from your existing cloud storage into NordenVault without downloading anything locally. The import runs as a background job and shows real-time progress.
Import from S3-compatible storage
Covers AWS S3, Backblaze B2, Wasabi, Cloudflare R2, DigitalOcean Spaces, and any other S3-compatible provider.
- Go to Cloud Import and click New Import.
- Select S3-compatible as the source type.
- Enter the endpoint URL, access key ID, secret access key, and bucket name.
- Optionally filter by key prefix to import only a sub-folder.
- Choose the destination folder in NordenVault and click Start Import.
Import from Google Drive, Dropbox, OneDrive, or Azure
Connect your account using OAuth -no credentials to copy. NordenVault requests read-only access and transfers files directly from the provider to your storage.
- Select your provider and click Connect.
- Authorise access in the provider's OAuth popup.
- Browse your provider's folder tree and select what to import.
- Choose a destination folder in NordenVault and click Start Import.
Monitoring import progress
The Cloud Import page shows each active and completed job with a progress bar, file count, bytes transferred, elapsed time, and any errors. Completed imports appear in your File Manager immediately. Failed files are listed so you can retry or investigate.
Backup with restic
restic is a fast, encrypted, deduplicated backup tool. It stores snapshots as content-addressed objects -perfect for S3-compatible storage like NordenVault.
1. Get your credentials
In NordenVault, navigate to Sources and create a new backup source (e.g. web-server-01). Copy the access key ID, secret access key, and bucket name from the source detail panel.
2. Initialise the repository
export AWS_ACCESS_KEY_ID=<your-access-key> export AWS_SECRET_ACCESS_KEY=<your-secret-key> restic -r s3:s3.nordenvault.com/<your-bucket> init
You will be prompted to set a repository password. Store this securely -it encrypts all your data and NordenVault never sees it.
3. Run your first backup
restic -r s3:s3.nordenvault.com/<your-bucket> backup /path/to/data
Subsequent runs are incremental -only changed blocks are uploaded. Large files are split into content-defined chunks and deduplicated across snapshots.
4. List snapshots
restic -r s3:s3.nordenvault.com/<your-bucket> snapshots
5. Restore data
# Restore the latest snapshot restic -r s3:s3.nordenvault.com/<your-bucket> restore latest --target /restore # Restore a specific snapshot by ID restic -r s3:s3.nordenvault.com/<your-bucket> restore abc12345 --target /restore # Restore a single file or directory restic -r s3:s3.nordenvault.com/<your-bucket> restore latest --target /restore --include /path/to/data/file.txt
6. Prune old snapshots
# Keep last 7 daily, 4 weekly, 12 monthly snapshots restic -r s3:s3.nordenvault.com/<your-bucket> forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune
7. Automate with cron
# /etc/cron.d/restic-backup 0 2 * * * root AWS_ACCESS_KEY_ID=<key> AWS_SECRET_ACCESS_KEY=<secret> RESTIC_PASSWORD=<repo-password> restic -r s3:s3.nordenvault.com/<bucket> backup /data && restic -r s3:s3.nordenvault.com/<bucket> forget --keep-daily 7 --keep-weekly 4 --prune
Consider storing credentials in a root-only /root/.restic-env file and sourcing it in the cron command to avoid embedding secrets in crontab.
Backup with rclone
rclone is a Swiss-army-knife file sync tool that works with S3-compatible storage. Use it to sync directories, mount NordenVault as a local filesystem, or automate transfers via cron.
1. Configure the remote
rclone config
Follow the interactive prompts. When asked for the storage type choose s3, the provider choose Other, then enter:
endpoint = s3.nordenvault.com access_key_id = <your-access-key> secret_access_key = <your-secret-key>
Name the remote objectcloud (or any name you prefer). Leave all other options at their defaults.
2. List files
rclone ls objectcloud:your-bucket rclone lsd objectcloud:your-bucket # directories only
3. Sync a local folder
# Upload (local → NordenVault), deletes remote files not present locally rclone sync /local/folder objectcloud:your-bucket/folder # Download (NordenVault → local) rclone sync objectcloud:your-bucket/folder /local/folder # Copy without deleting (safer for first run) rclone copy /local/folder objectcloud:your-bucket/folder
4. Mount as a local filesystem
mkdir -p /mnt/objectcloud rclone mount objectcloud:your-bucket /mnt/objectcloud --daemon
Requires FUSE. Files appear as a local directory. Use fusermount -u /mnt/objectcloud to unmount.
5. Scheduled sync with cron
# /etc/cron.d/rclone-sync -run at 03:00 daily 0 3 * * * root rclone sync /data objectcloud:your-bucket/data --log-file /var/log/rclone.log --log-level INFO
File Versioning
Enable versioning on your storage to keep a full history of every file. Recover from accidental overwrites or deletions instantly without restoring from a backup.
Enabling versioning
Go to Settings → Versioning and toggle versioning on for your bucket. This enables S3 bucket versioning so every PUT and DELETE is non-destructive -every previous state is retained.
Viewing version history
In the File Manager, click any file to open its detail panel, then select the Versions tab. Each version is listed with its version ID, size, and last-modified timestamp.
Restoring a previous version
Click Restore next to any version to make it the current version. The previous current version is not deleted -it becomes one of the historical versions.
Deleting versions
Individual versions can be permanently deleted from the Versions tab. To delete all versions of a file, select Delete All Versions. Note: this is irreversible. Consider retention policies to automate clean-up of old versions.
Retention Policies
Retention policies automatically expire and delete objects after a configurable period, keeping storage costs predictable and eliminating manual clean-up.
Creating a policy
- Go to Settings → Retention.
- Click New Policy.
- Give the policy a name and an optional key prefix filter (e.g.
logs/). - Set the expiry in days. Objects matching the prefix older than this number of days will be deleted.
- Click Save. The policy is applied as an S3 lifecycle rule immediately.
Versioned objects
When versioning is enabled, you can set separate policies for current and non-current (historical) versions. For example: keep the current version indefinitely, but expire non-current versions after 30 days.
Editing and deleting policies
All active policies are listed in the Retention settings page. Click a policy to edit its name, prefix, or expiry. Delete a policy to stop the lifecycle rule -objects already expired are not restored.
Webhooks
Webhooks let NordenVault push event notifications to any HTTPS endpoint -your own server, a Slack incoming webhook, or a workflow automation platform like Make or Zapier.
Creating a webhook
- Go to Settings → Webhooks and click New Webhook.
- Enter the destination URL (must be HTTPS).
- Select the events to subscribe to (see list below).
- Optionally add a description and click Create.
Available events
file.uploaded-a new file was addedfile.deleted-a file was deletedbackup.received-a backup source received a new snapshotbackup.overdue-a backup source has not received data within its freshness windowshare.downloaded-a shared file was downloadedimport.completed-a cloud import job finished
Verifying signatures
Every delivery includes an X-NordenVault-Signatureheader containing an HMAC-SHA256 signature of the request body, keyed with your webhook's signing secret. Verify this on your server before processing the event.
import hmac, hashlib
def verify(secret: str, body: bytes, signature: str) -> bool:
expected = hmac.new(
secret.encode(), body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected, signature)Delivery logs
The webhook detail page shows a delivery log with HTTP status, response time, and response body for every attempted delivery. Failed deliveries are retried up to 3 times with exponential backoff. Use the Send Test Event button to verify your endpoint is reachable.
API Keys
API keys grant programmatic access to the NordenVault control plane. Use them in CI/CD pipelines, custom scripts, or integrations without needing user credentials.
Generating a key
- Go to Settings → API Keys.
- Click Generate Key and give it a descriptive name.
- Copy the key immediately -it begins with
oc_live_and is shown only once. - Store it in a secrets manager or environment variable. Never commit it to source control.
Using the key
Pass the key in the Authorization header as a Bearer token:
curl -H "Authorization: Bearer oc_live_your-key-here" https://api.nordenvault.com/v1/files
Revoking a key
Click Revoke next to any key to invalidate it immediately. Revoked keys cannot be restored. Rotate keys regularly and revoke any key that may have been exposed.
Team Management
Invite colleagues to your organisation, assign roles with different permission levels, and manage access from a central place.
Inviting members
- Go to Settings → Team.
- Click Invite Member and enter their email address.
- Select a role: Owner, Admin, or Member.
- Click Send Invite. They will receive an email with a link to accept.
Roles and permissions
| Role | Files | Sources | Settings | Billing |
|---|---|---|---|---|
| Owner | Full | Full | Full | Full |
| Admin | Full | Full | Full | View only |
| Member | Full | View only | None | None |
Removing members
Click Remove next to any member to revoke their access immediately. Their API keys are not automatically revoked -check the API Keys section if the member had keys issued under their account.
API Reference
The NordenVault REST API lets you manage every aspect of your account programmatically.
Base URL and authentication
Base URL: https://api.nordenvault.com/v1 # All requests require a Bearer token Authorization: Bearer oc_live_your-api-key
Generate API keys in Settings → API Keys. All responses are JSON. Errors follow the format {"detail": "message"}.
Files
# List files in a folder curl -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/files?prefix=reports/" # Upload a file curl -X POST -H "Authorization: Bearer $TOKEN" -F "file=@/path/to/report.pdf" -F "prefix=reports/" "https://api.nordenvault.com/v1/files/upload" # Delete a file curl -X DELETE -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/files/reports%2Freport.pdf"
Sharing
# Create a share link
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"key":"reports/report.pdf","expires_in_hours":48,"password":"secret","max_downloads":10}' "https://api.nordenvault.com/v1/sharing"
# List active shares for a file
curl -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/sharing?key=reports%2Freport.pdf"
# Revoke a share
curl -X DELETE -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/sharing/<share-id>"Backup sources
# List backup sources
curl -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/backup-sources"
# Create a new source
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"name":"db-primary","description":"Main PostgreSQL database"}' "https://api.nordenvault.com/v1/backup-sources"
# Get source credentials
curl -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/backup-sources/<source-id>/credentials"Webhooks
# List webhooks
curl -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/webhooks"
# Create a webhook
curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"url":"https://your-server.com/hooks/nordenvault","events":["file.uploaded","backup.received"]}' "https://api.nordenvault.com/v1/webhooks"
# Send a test event
curl -X POST -H "Authorization: Bearer $TOKEN" "https://api.nordenvault.com/v1/webhooks/<webhook-id>/test"Frequently asked questions
What S3 endpoint do I use?
Your S3 endpoint is s3.nordenvault.com. Use this as the endpoint URL when configuring restic, rclone, the AWS CLI, or any other S3-compatible client. Your bucket name and credentials are shown in the dashboard under Sources.
Can I use client-side encryption?
Yes. Tools like restic encrypt data before it leaves your machine. NordenVault stores the encrypted blobs without ever seeing your plaintext data or encryption keys. We strongly recommend client-side encryption for sensitive data.
How do I monitor backup health?
The dashboard shows backup freshness for each source. You can configure webhook notifications to be notified when a backup is overdue or when a file event occurs. Webhooks are delivered with HMAC-SHA256 signatures for verification.
What happens if I lose my encryption password?
If you use client-side encryption (e.g., restic), NordenVault does not have access to your encryption password. If you lose it, your data cannot be decrypted. We recommend storing your encryption password in a secure password manager or offline safe.
Can I restore individual files?
Yes. restic supports granular restore of individual files and directories from any snapshot. With file versioning enabled, you can also browse and restore previous versions of any file directly from the NordenVault dashboard.
Is there a file size limit?
Individual objects can be up to 5 TB in size. Files larger than 100 MB are automatically uploaded using multipart upload (10 MB parts, up to 3 in parallel), which is handled transparently by the browser file manager and by all S3-compatible clients.
How do I migrate from another S3 provider?
Use the Cloud Import feature in the dashboard to migrate from AWS S3, Backblaze B2, Wasabi, or any S3-compatible provider. For Google Drive, Dropbox, or OneDrive, connect your account via OAuth and NordenVault will import your files in the background.
Do you provide an API for managing sources programmatically?
Yes. NordenVault provides a REST API at api.nordenvault.com/v1. Authenticate with a Bearer token generated in the API Keys section of the dashboard. The API covers files, sharing, backup sources, credentials, webhooks, versioning, and retention policies.
Need help getting started?
Our support team is ready to help you configure your first backup, migrate existing data, or architect a solution that fits your infrastructure.