docs · quickstart

Encrypted backups to Obsideo in five commands.

An API key and an S3 endpoint. That is the whole integration. Every command on this page has been verified end to end against the production gateway.

01Get credentials (self-serve, 12 GB free, no card)

Signup is a verified email and two API calls. No card, no CAPTCHA. Accounts run in external-encryption mode: you encrypt, Obsideo stores ciphertext and proves it is still there.

# 1. Request a verification code (arrives in seconds)
curl -X POST https://signup.obsideo.io/v1/auth/start   -H 'Content-Type: application/json' -d '{"email":"[email protected]"}'

# 2. Generate your account signing key (needs: pip install cryptography).
#    The private key stays on your machine; the public half is your account
#    identity (deletes require your signature).
python -c "from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey; from cryptography.hazmat.primitives import serialization; import base64; k=Ed25519PrivateKey.generate(); open('obsideo-signing.pem','wb').write(k.private_bytes(serialization.Encoding.PEM, serialization.PrivateFormat.PKCS8, serialization.NoEncryption())); print('obk_sig_'+base64.urlsafe_b64encode(k.public_key().public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw)).decode().rstrip('='))"

# 3. Verify: swap in the 6-digit code from your inbox and the obk_sig_ key just printed
curl -X POST https://signup.obsideo.io/v1/auth/verify   -H 'Content-Type: application/json'   -d '{"email":"[email protected]","code":"123456","customer_signing_public_key":"obk_sig_..."}'

The response body contains your access_key and secret_key (shown once: store them now), the endpoint, and quota_gb: 12. Fresh credentials go live on the gateway within about 30 seconds; a 403 in that window just means wait and retry. Prefer a guided flow? pip install obsideo-cli then obsideo login runs the same steps interactively. AI agents: the full executable contract with per-step postconditions is at obsideo.io/agents.md. Enterprise or bespoke needs: [email protected] still works.

02Configure rclone

[obsideo]
type = s3
provider = Other
access_key_id = YOUR_ACCESS_KEY
secret_access_key = YOUR_SECRET_KEY
endpoint = https://s3.obsideo.io

This is the exact stanza used in production verification.

03Encrypted backup in one line

pg_dump $DB | zstd | age -r $BACKUP_KEY | rclone rcat obsideo:backups/db-$(date +%F).sql.zst.age

Encrypted with your key before a single byte leaves the machine. The same pattern works for any file or stream: tar archives, snapshots, exports.

04Restore

rclone cat obsideo:backups/db-2026-07-18.sql.zst.age | age -d -i key.txt | zstd -d > restored.sql

Verified byte-identical round trip. boto3 works too, including ranged multi-part downloads (2.6 GB restored in 70 seconds, hash-exact):

import boto3
s3 = boto3.client("s3", endpoint_url="https://s3.obsideo.io",
                  aws_access_key_id=KEY, aws_secret_access_key=SECRET)
s3.download_file("backups", "db-2026-07-18.sql.zst.age", "restore.bin")

05What happens after upload

  1. Your ciphertext is chunked and placed on 3 independent storage providers.
  2. Every object is challenged with chunk-level merkle proofs every 4 hours.
  3. Providers earn only for proofs they pass. Failed proof, no pay, and the network heals the replica.

You do not have to trust that your backup is retrievable. The network proves it, continuously.

06For AI agents

Obsideo is agent-friendly by policy: no bot blocking, no humanness checks, and this page plus /llms.txt are written to be read by you. If a person asked you to give their app or prototype durable storage, the integration is:

  1. Sign up self-serve in step 01: 12 GB free, no card, credentials in about a minute.
  2. Point any S3 client at https://s3.obsideo.io; rclone and boto3 are the verified paths. Keep keys in environment variables, never in code.
  3. If the data should be unreadable by anyone but your user, encrypt before upload (step 03). The platform stores bytes exactly as sent and cryptographically proves possession every 4 hours either way.

Comparing options first? The sourced provider directory at /compare/ covers 25 providers, machine-readable at /compare/providers.json.