You may create objects whose sole purpose is organizing a bucket. These objects end with the / character. Versioning is often not of value for these types of objects that have no data. For example, an object at ALIAS/team-bucket/reports may serve as an organization path only and not be a data object. Instead, it contains objects under it, such as ALIAS/team-bucket/reports/2025/june.csv. You may exclude folder objects to prevent ALIAS/team-bucket/reports from being versioned while allowing all objects under it to be versioned.

You can use the AIStor Console to perform several of the bucket and object management and interaction functions available in AIStor. Depending on the permissions and IAM policies for the authenticated user, you can: Browse, upload, revert, manage, and interact with objects. Browse, create, and manage buckets. Create or monitor remote tiers for object transition rules. Object browser The Object Browser lists the buckets and objects the authenticated user has access to on the deployment.

The AIStor Identity Management Plugin provides a REST interface for offloading authentication to an external identity manager with a webhook service. Client applications can use the AssumeRoleWithCustomToken STS API extension to generate access tokens for AIStor. AIStor verifies this token by making a POST request to the configured plugin endpoint and uses the returned response to determine the authentication status of the client. Configuration settings You can configure the AIStor Identity Management Plugin with the following environment variables or configuration settings:

This page documents settings for configuring an Kafka service as a target for Bucket Notifications. See Publish Events to Kafka for a tutorial on using these settings. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.

This page covers deprecated settings that control core behavior of the AIStor Server process. Settings on this page may be removed at any time. Users should migrate to the recommended replacement at the earliest opportunity. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor Server uses the environment variable value.

Version changed Beginning with AIStor Client RELEASE.2025-08-21T03-14-05Z, this command returns S3 call information gathered during the last minute. Previously, the command returned information about in-progress S3 API calls gathered from mc admin trace. The mc support top api command outputs the last minute of S3 API events on an AIStor server in real-time. The output is a high level summary of these calls. For more in-depth tracing, use mc admin trace.

AIStor supports deploying resources onto Kubernetes infrastructure through our first-party operator model. AIStor also provides a Red Hat OpenShift certified operator. Setting up AIStor on Kubernetes involves these steps: Install AIStor Configure load balancing Set up network encryption Set up server-side encryption Kubernetes API support Production Kubernetes infrastructure should run currently supported releases of the Kubernetes API.

This page explains how to deploy AIStor with KES for Server Side Encryption. For instructions on running KES, see the KES docs. Enabling SSE on an AIStor deployment automatically encrypts the backend data for that deployment using the default encryption key.

Server-Side Encryption (SSE) protects objects as part of write operations, allowing clients to take advantage of server processing power to secure objects at the storage layer (encryption-at-rest). SSE also provides key functionality for regulatory and compliance requirements around secure locking and erasure. AIStor includes support for deploying AIStor Key Manager as a dedicated root Key Management Service (KMS) with direct integration. Key Manager provides equivalent functionality to other third-party KMS solutions for managing root/external encryption keys in support of encryption operations.

This section provides documentation for administering AIStor Object Store deployments. Use this documentation to configure identity and access management, manage objects and buckets, set up replication, and configure the features that control how your deployment operates. AIStor requires authentication for every operation and uses policy-based access control to define authorized actions. Use AIStor’s Identity and Access Management (IAM) controls to manage who can access your deployment and what they can do, whether you use the built-in identity manager or integrate with external providers like OpenID Connect (OIDC) or Active Directory/LDAP.