Skip to Content
AdministrationStorage (BYOB)

Storage (BYOB)

Bring Your Own Bucket - use your own cloud storage for documents.

BYOB (Bring Your Own Bucket) requires an Enterprise plan.

What is BYOB?

BYOB allows you to store documents in your own cloud storage:

  • AWS S3: Amazon Simple Storage Service
  • Google Cloud Storage: GCS buckets
  • Azure Blob Storage: Azure storage containers

Benefits

  • Data sovereignty: Keep data in your own account
  • Compliance: Meet regulatory requirements
  • Control: Full control over storage policies
  • Integration: Works with your existing infrastructure

Supported Providers

ProviderStatus
AWS S3Supported
Google Cloud StorageComing Soon
Azure Blob StorageComing Soon

Configuration

AWS S3

Step 1: Create or Select Bucket

  1. In AWS Console, create an S3 bucket
  2. Note the bucket name and region

Step 2: Create IAM Policy

Create a policy with required permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}

Step 3: Create IAM Role

For secure access, create an IAM role:

  1. Create role with external trust
  2. Note the role ARN

Step 4: Configure in Penvio

  1. Go to OrganizationStorage
  2. Click Configure BYOB
  3. Select AWS S3
  4. Enter:
    • Bucket name
    • Region
    • Role ARN
  5. Click Test Connection
  6. If successful, click Save

Google Cloud Storage

Step 1: Create Bucket

  1. In Google Cloud Console, create a bucket
  2. Note the bucket name

Step 2: Create Service Account

  1. Create a service account
  2. Grant Storage Object Admin role
  3. Download JSON key file

Step 3: Configure in Penvio

  1. Go to OrganizationStorage
  2. Click Configure BYOB
  3. Select Google Cloud Storage
  4. Enter bucket name
  5. Upload service account key
  6. Test and save

Azure Blob Storage

Step 1: Create Container

  1. In Azure Portal, create a storage account
  2. Create a container
  3. Note account name and container name

Step 2: Get Connection String

  1. Go to Access Keys
  2. Copy connection string

Step 3: Configure in Penvio

  1. Go to OrganizationStorage
  2. Click Configure BYOB
  3. Select Azure Blob
  4. Enter:
    • Account name
    • Container name
    • Connection string
  5. Test and save

Migration

Migrate Existing Documents

Move documents from Penvio storage to BYOB:

  1. Configure BYOB (above)
  2. Click Migrate Existing Documents
  3. Choose migration options
  4. Start migration

Migration Status

Track migration progress:

  • Documents queued
  • Documents migrated
  • Errors (if any)

Security

Encryption

  • Documents encrypted at rest
  • Use your own encryption keys
  • Support for SSE-S3, SSE-KMS (AWS)

Access

  • Penvio uses temporary credentials
  • No long-term secrets stored
  • All access logged

Monitoring

Health Checks

Penvio monitors bucket health:

  • Connection status
  • Permission verification
  • Response time

Alerts

Get notified of issues:

  • Connection failures
  • Permission problems
  • Storage quota warnings

Next Steps

Last updated on
Roles & PermissionsAPI Keys