Connect your Backblaze B2 storage to WildKite
Point WildKite at a Backblaze B2 bucket so your music and videos stay in your own storage. We'll match up Backblaze's labels, make a safe access key, and get your connection working.
Before you start
- A Backblaze account with B2 Cloud Storage turned on.
- A bucket to hold your media (a fresh one is easiest).
- The ability to create a new access key in Backblaze (not the account-wide master key).
You will finish with
- A Backblaze B2 bucket that WildKite can reach.
- Your Backblaze key entered into WildKite's fields, matched up correctly.
- A connection that passes WildKite's test the first time.
Backblaze's names vs. WildKite's names
Backblaze stores your files just fine, but it labels a few settings differently than WildKite does. Nothing is wrong here, the names just don't line up. Keep this little cheat sheet handy and you'll know exactly what goes where.
| WildKite field | Value | Why it matters |
|---|---|---|
| WildKite Access Key ID | Backblaze calls it Application Key ID |
This is the public half of your key, the part that identifies it. In a few Backblaze screens it's also shown as keyID. |
| WildKite Secret Access Key | Backblaze calls it Application Key |
This is the secret half, your password. Backblaze shows it only once when you create the key, so copy it right away. |
| WildKite Endpoint | Backblaze calls it the S3 Endpoint |
The web address WildKite uses to reach your bucket. You'll find it on the bucket's page in Backblaze. |
| WildKite Region | The middle part of your Endpoint |
If your Endpoint is s3.us-west-001.backblazeb2.com, your Region is us-west-001. |
Get your bucket ready
-
Use a bucket that speaks the standard way
WildKite talks to Backblaze through the common storage language that all the big clouds share. Very old buckets, made before Backblaze added it, may not understand it. If your bucket is years old or you're not sure, just make a fresh one, it's the easiest path.
-
Keep the bucket private
You don't need to make anything public. WildKite hands out its own short-lived links to your files when something plays, and your original media never leaves your Backblaze account.
-
Copy the S3 Endpoint
Open your bucket's page in Backblaze and copy the S3 Endpoint shown there. Keep it nearby, you'll paste it into WildKite in a moment.
Make a safe access key
An access key is like a guest pass you hand to WildKite so it can reach your bucket. You'll make one just for WildKite, limited to a single bucket, so it can never touch anything else in your account.
-
Open App Keys in Backblaze
In the Backblaze console, go to App Keys and choose to add a new Application Key.
-
Don't use the master key
Backblaze offers an account-wide master key, but it won't work here and it's far too powerful to hand out. Always make a new, separate key instead.
-
Limit the key to your one bucket
When Backblaze asks which bucket the key can use, pick the one you set up for WildKite. That way the pass only opens one door.
-
Let the key see bucket names
When you lock a key to a single bucket, Backblaze also offers an option to let it look up bucket names. Turn that on.
WildKite runs a quick check when you connect, and it reads more cleanly when the key is allowed this small lookup. Keys locked down to files only still work, but a failed check can be harder to make sense of.
-
Copy both values now
Backblaze shows the Application Key ID and the Application Key together, and the secret one only appears this once. Copy both before you close the page, and keep the Application Key as private as a password.
Fill in the WildKite fields
Now bring it all together in WildKite. Here's what each box wants.
| WildKite field | Value | Why it matters |
|---|---|---|
| Provider | Backblaze B2 |
Pick the Backblaze B2 option if you see it in the list. |
| Region | us-west-001 (just an example) |
Use the middle part of your own Endpoint, not this example, unless yours happens to match. |
| Endpoint | https://s3.<region>.backblazeb2.com |
Paste the exact S3 Endpoint Backblaze showed you. |
| Bucket | <your bucket name> |
Type it exactly as it appears in Backblaze, including any dashes. |
| Prefix | media/ (optional) |
Leave blank to use the whole bucket. Add a folder name here if your bucket also holds other things and you want WildKite to look in just one folder. |
| Access Key ID | <your Application Key ID> |
The public half from Backblaze. |
| Secret Access Key | <your Application Key> |
The secret half from Backblaze. |
If the test doesn't pass right away
Backblaze and WildKite agree on how requests should be signed, and WildKite handles that part for you automatically, so it's not something you'll ever set by hand.
When a connection fails, the cause is almost always one of three small things. Check them in this order: the Endpoint, then the Region, then your key. This table shows what each should be and the slip that usually trips people up.
| What to check | What it should be | What usually goes wrong |
|---|---|---|
| Endpoint | The exact S3 Endpoint copied from your bucket's page | A typo, or an Endpoint from a different bucket. |
| Region | The middle part of your Endpoint, like us-west-001 | Leaving it as auto or using an Amazon region, which won't match Backblaze. |
| Key | A new key limited to your bucket | Using the account-wide master key, or an old key, by mistake. |
Common hiccups and fixes
| What you see | Why it happens | What to do |
|---|---|---|
| Access denied | The key isn't allowed to touch this bucket. | Make a fresh key limited to your bucket, and let it see bucket names so the test runs cleanly. |
| An error mentioning the authorization header | The Region doesn't match the Endpoint. | Copy the Region straight out of your S3 Endpoint, the middle part. |
| Bucket not found | The bucket is too old to use this way, or the name has a typo. | Make a fresh bucket, or paste the exact bucket name from Backblaze. |
| Uploads from the browser get rejected | Backblaze is blocking uploads sent straight from your browser. | Add the sharing rule (CORS) that WildKite's connection page suggests, then try again. CORS is a setting that tells Backblaze it's fine for your browser to send files. |
Before you rely on it
- Use a separate key for each place you connect from, so you can turn one off without affecting the others.
- Skip account-wide keys unless you really have a reason, a bucket-limited key is safer.
- Jot down your S3 Endpoint and Region together somewhere, so you're not hunting for them later.
- If a key ever shows up in a screenshot or a support chat, make a new one and retire the old.
Questions
Can I connect a bucket I already have?
Yes, as long as it's not one of Backblaze's very early buckets that can't be reached the standard way. If yours is years old or you're unsure, making a fresh bucket is the simplest fix.
Why does WildKite say Access Key ID when Backblaze says Application Key ID?
They're the same thing under two names. WildKite uses the common labels shared across cloud providers, while Backblaze uses its own. Access Key ID is Backblaze's Application Key ID, and Secret Access Key is Backblaze's Application Key.
What do I put in Region?
The middle part of your Endpoint. If your Endpoint is s3.us-west-001.backblazeb2.com, your Region is us-west-001. Don't use auto, and don't use an Amazon region.