What’s new in Akave O3 v1.3.0?

O3 v1.3.0 introduces kernel-accelerated file moves, a full cache-management suite with TTL and LRU quotas, AWS-accurate pagination, and a CLI-based ACME certificate flow for bucket domains.

What security improvements were made in October?

O3 now defaults to AES-128 for faster CPU paths while keeping AES-256 optional. Metadata encryption has been hardened with deterministic key derivation, eliminating double-encryption bugs and ensuring secure listings.

What is ACME CLI support in O3?

Operators can now generate and renew HTTP-01 bucket certificates directly from the CLI with automatic directory checks, retries, and simplified lifecycle handling.

How does O3 handle caching and performance?

O3 v1.3.0 introduces a verification-aware cache with scheduled TTL cleanup, LRU eviction, and disk quotas. Kernel-level copy paths using copy_file_range() and sendfile() boost object move and rename speeds.

What’s new in the Akave SDK v0.3.1?

The SDK release fixes metadata encryption paths, introduces deterministic key derivation, improves PDP alignment, and enhances CI tests for verifiable listings.

How has operator experience improved?

Config auto-upgrades now clean obsolete keys and annotate new ones, ensuring forward compatibility. Compose files were refined for io_uring safety, with a RHEL UBI base image for more predictable deployments.

What’s coming next for O3?

Upcoming features include PDP validation tooling, policy-based lifecycle tiering across hot/warm/cold paths, and a hosted O3 service that connects directly to Akave’s decentralized layer.

All articles

Index

This is some text inside of a div block.

Akave Updates

S3 Compatible Storage

October Engineering Update: O3 Gets Faster, Leaner, and More Operator-Friendly

October pushed O3 deeper into enterprise territory. We shipped two releases, O3 v1.3.0 and the AkaveSDK v0.3.1 (protocol) adding full cache-management, kernel-accelerated file paths, AWS-accurate pagination, hardened metadata encryption, and a CLI-based ACME flow for bucket certificates.

Angelo Schalley

November 26, 2025

We also expanded operator tooling with config auto-upgrades, revision-sync improvements, and Compose refinements that make deployments cleaner and more predictable.

Here’s the full update:

About Akave O3

Akave O3 is our S3-compatible object storage API that sits on top of the Akave decentralized data layer. Everything we ship continues to center around three fundamentals:

Security - Performance - Operability

October sharpened all three.

‍

Security You Can Trust

Default at-rest encryption refinements

Default encryption moved from AES-256 → AES-128 for faster CPU paths.
AES-256 remains fully supported; operators can set it in config and rotate keys.

Metadata encryption fixes (SDK v0.3.1)

New deterministic key derivation path for buckets + files.
Older metadata encrypted under the broken path cannot be decrypted; this is an intentional breaking fix to make listings decryptable without leaking unencrypted names.
Double-encryption bug in file upload path eliminated.

ACME certs via CLI

Fully automated HTTP-01 certificate generation for bucket domains.
Improved directory structure checks and retry paths.

‍

Performance & Stability

Kernel-accelerated file moves

copy_file_range() and sendfile() used when available.
Automatic fallback to safe user-space copy on unsupported filesystems.
Produces noticeably faster rename/move flows on large objects.

Streamlined checksum + IO pipeline

New IdentityValidator unifies trailer validation.
Cleaner EOF semantics.
Optional non-blocking read paths.
Tuned TCP buffers and leaner hot loops (SHA-256/CRC64 removed; MD5 fast-path kept).

Non-blocking local waits + in-memory caching

Ristretto-backed memory cache for hot paths.
Faster local reads, lower latency.

Partial-content done correctly

Single-range and multi-range support.
Correct 206/416 semantics and SetContentRange logic.

‍

Enterprise-Ready Features

Full cache-management suite (v1.3.0)

TTL cleanup with scheduled jobs.
LRU eviction using last-used tracking.
Disk quotas via percent or absolute MB.
Verification-aware caching: an object becomes “cached” only after integrity validation.

This brings O3 closer to predictable, tier-1 enterprise behavior under load.

Object listing / pagination (AWS-aligned)

Unified prefix + marker rules.
Base64 continuation tokens.
Correct truncation behavior.
Accurate CommonPrefixes de-duplication.
Matching AWS max-keys semantics.
Updated test suite.

This was one of the largest correctness lifts we’ve shipped.

Config auto-upgrades

Unknown keys removed.
Newly introduced keys annotated.
Ensures old configs remain forward-compatible with zero manual editing.

Docker / Compose operational improvements

Base image updated to RHEL UBI.
Breaking: mount path now /data/db (was /o3).
Report volume added.
Compose tuned for io_uring safety and limits.
More predictable runtime behavior across kernels.

Operator tooling

CLI enhancements:
- revision-sync with dry-run
- SyncObjectsWithRevisions
- ACME tooling
Better lifecycle handling in local write paths.
Metadata cleanup and object ingestion fixes.

‍

Protocol Layer Upgrades

Hardened metadata encryption (SDK v0.3.1)

Deterministic, secure key derivation independent of unencrypted bucket/object names.
Ensures listings can be decrypted safely through the SDK.

PDP-aligned improvements (from ongoing work)

Cleaner piece CID builder shared between node and SDK.
Metadata fixes pave the path for fully trustless listings and PDP-aware object views.

‍

Prickly Pear (O3 GUI) Continuation

Work continued from September with more functional screens wired to the live O3 APIs:

Credentials are automatically created on first login via SSO (Google & GitHub), with the user’s S3 endpoint and access details published and ready to use.
The console supports creating multiple independent credential sets so teams can silo departments or isolate specific buckets from each other directly through the GUI.

Now available: www.akave.com/free-trial

‍

Release Recap (October)

O3 v1.3.0

A heavy release focused on operator friendliness, correctness, and performance.

Key highlights:

Cache TTL + LRU quotas
Kernel-fast moves
Partial-content correctness
Pagination overhaul
Streamlined checksum & IO
CLI-based ACME
Config auto-upgrades
Compose & RHEL UBI image updates
Breaking: /data/db mount; AES-128 default encryption

AkaveSDK v0.3.1

A focused release addressing metadata encryption correctness.

Key highlights:

Fixed double-encryption path
New deterministic key derivation
Updated tests
CI improvements

‍

What’s Next

Deep PDP tooling

Operator surfaces for viewing, repairing, and validating pieces via PDP.

Lifecycle & tiering policies

Policy-driven movement between hot/warm/cold paths, tied into proofs.

Hosted O3 offering

For teams wanting to use O3’s S3 front-end while writing directly into Akave’s decentralized layer.

‍

Connect with Us

Akave Cloud is an enterprise-grade, distributed and scalable object storage designed for large-scale datasets in AI, analytics, and enterprise pipelines. It offers S3 object compatibility, cryptographic verifiability, immutable audit trails, and SDKs for agentic agents; all with zero egress fees and no vendor lock-in saving up to 80% on storage costs vs. hyperscalers.

Akave Cloud works with a wide ecosystem of partners operating hundreds of petabytes of capacity, enabling deployments across multiple countries and powering sovereign data infrastructure. The stack is also pre-qualified with key enterprise apps such as Snowflake and others.

Get Started

Modern Infra. Verifiable By Design

Whether you're scaling your AI infrastructure, handling sensitive records, or modernizing your cloud stack, Akave Cloud is ready to plug in. It feels familiar, but works fundamentally better.