NodeOps
UK
NodeOps

Bring your own storage (BYOS3)

You mount your own S3-compatible bucket into a sandbox as a filesystem path. The bucket stays in your account, your cloud, and your region. The sandbox reads and writes through it; you never copy data into CreateOS storage.

This is the building block for data residency: pick where the bucket lives, and that is where your data lives.

Works with any S3-compatible store

A disk is registered with an endpoint, bucket, region, and credentials, so anything that speaks the S3 API works:

ProviderNotes
AWS S3endpoint: https://s3.amazonaws.com, set your region.
Cloudflare R2region defaults to auto.
TigrisS3-compatible endpoint; set region per your bucket.
MinIO (self-hosted)Set use_path_style: true.

Credentials are encrypted at rest (AES-256-GCM), are write-only, and are never returned in any API response.

Why this gives you data residency

  • Your bucket, your region. Create the bucket in the jurisdiction you need (e.g. an EU region for GDPR). Sandbox data written to that mount stays there.
  • Your provider, your controls. Bucket policies, versioning, encryption keys, and audit logging stay under your account, not ours.
  • Detach is clean. Detaching a disk only drops the in-VM mount. Bucket contents are never touched by CreateOS.

How to mount a bucket

1. Register the bucket as a disk

Bash
1curl -X POST https://api.sb.createos.sh/v1/disks \
2  -H "X-Api-Key: $CREATEOS_API_KEY" \
3  -H "Content-Type: application/json" \
4  -d '{
5    "name": "eu-data",
6    "kind": "s3",
7    "config": {
8      "bucket": "my-eu-bucket",
9      "endpoint": "https://s3.eu-central-1.amazonaws.com",
10      "region": "eu-central-1"
11    },
12    "credentials": {
13      "access_key": "AKIA…",
14      "secret_key": "wJalrX…"
15    }
16  }'

The API probes the bucket at registration time to catch typos early. For MinIO and most self-hosted S3 stores, add "use_path_style": true to config.

2. Attach it to a sandbox

Attach at create time, or live to a running sandbox:

Bash
1curl -X POST https://api.sb.createos.sh/v1/sandboxes/$SANDBOX_ID/disks \
2  -H "X-Api-Key: $CREATEOS_API_KEY" \
3  -H "Content-Type: application/json" \
4  -d '{"disk_id": "eu-data", "mount_path": "/mnt/data"}'

The in-VM agent mounts it within ~1 second. Files written under /mnt/data land in your bucket. Use sub_path to mount only a prefix (e.g. "sub_path": "team-a/").

3. Detach when done

Bash
1curl -X DELETE \
2  "https://api.sb.createos.sh/v1/sandboxes/$SANDBOX_ID/disks/$DISK_ID?mount_path=/mnt/data" \
3  -H "X-Api-Key: $CREATEOS_API_KEY"

Only the mount is dropped; the bucket and its contents remain.

Full reference

See the Disks API for every endpoint, field, and error, and Disks, networks & templates for the SDK equivalents.

100,000+ Builders. One Workspace.

Get product updates, builder stories, and early access to features that help you ship faster.

CreateOS is a unified intelligent workspace where ideas move seamlessly from concept to live deployment, eliminating context-switching across tools, infrastructure, and workflows with the opportunity to monetize ideas immediately on the CreateOS Marketplace.