%20.webp)
About Akave O3
Akave O3 is our S3-compatible object storage API that rides on Akave’s decentralized data layer. We keep hammering on three pillars: security, performance, and operability.
How Does O3 Raise the Bar on Security and Governance?
- Built-in IAM (AWS-style, Query API + CLI)
- Create users, access keys, and managed/inline policies with familiar semantics.
- Presigned and direct-auth verification are enforced consistently across services.
- Default at-rest encryption
- Buckets encrypt by default via the Akave SDK.
- v1.2.0 defaulted to AES-256;
- v1.3.0 standardizes on AES-128 by default for speed/footprint; set AES-256 explicitly if you require it.
- Buckets encrypt by default via the Akave SDK.
- Safe deletion + retention surfaces
- The new object rm flow does full cascade cleanup (ACLs, tags, revisions, retention/legal hold) with dry-run support so operators can audit before they act.
- The new object rm flow does full cascade cleanup (ACLs, tags, revisions, retention/legal hold) with dry-run support so operators can audit before they act.
- Streaming SigV4 trailers
- We validate UNSIGNED-PAYLOAD-TRAILER chunks on the fly for integrity without blocking throughput.
Performance & Stability
- Parallel I/O and ordered part assembly
- Lower tail latencies under heavy concurrency; fewer allocations in checksum/cleaner paths.
- Lower tail latencies under heavy concurrency; fewer allocations in checksum/cleaner paths.
- Partial-content done right
- Robust range requests (single & multi-range) with correct 206/416 semantics.
- Robust range requests (single & multi-range) with correct 206/416 semantics.
- Kernel-fast paths for file moves
- copy_file_range/sendfile when available, with safe fallbacks.
- copy_file_range/sendfile when available, with safe fallbacks.
- Tighter buffering
- New pipes/readers cut wait time and trim memory pressure in multipart and chunked uploads.
Which Enterprise Features Make O3 Easier to Run at Scale?
- Versioning standardization + migration tooling
- We now treat versionId as a first-class citizen (context/session/query). A one-time objects-version-id tool can seed IDs for older stores and emits a detailed report.
- We now treat versionId as a first-class citizen (context/session/query). A one-time objects-version-id tool can seed IDs for older stores and emits a detailed report.
- New o3 CLI
- list/get/put/rm/sync, plus revision-sync and ACME cert generation for bucket domains.
- list/get/put/rm/sync, plus revision-sync and ACME cert generation for bucket domains.
- Syncing to the network
- Bucket-level sync with pagination across the Akave network;
- Revision sync reconciles physical revisions vs DB in dry-run first;
- Size validation and better object/meta handling in the O3 service.
- Cache management suite (v1.3.0)
- Time-to-live cleanup, LRU eviction, and capacity limits (percent or absolute MB) with verification-aware marking and last-used tracking.
- Time-to-live cleanup, LRU eviction, and capacity limits (percent or absolute MB) with verification-aware marking and last-used tracking.
- Pagination that matches AWS
- Fixed ListObjects/ListObjectsV2 edge cases (Base64 tokens, max-keys, CommonPrefixes de-dup, accurate truncation).
- Fixed ListObjects/ListObjectsV2 edge cases (Base64 tokens, max-keys, CommonPrefixes de-dup, accurate truncation).
- Operator QoL
- Config auto-upgrade annotates new keys and drops unknowns; Docker/Compose images updated (RHEL UBI).
- Breaking: mount path changed to /data/db (from /o3).
- New O3_MPU_DIR created/exposed for safer MPU persistence.
Protocol Layer Upgrades
We continued tightening verifiability, repairability, and node-side ergonomics:
- PDP-aware fetch path
- Akave Hot Storage Nodes can download blocks from PDP when available to repair or accelerate reads.
- Akave Hot Storage Nodes can download blocks from PDP when available to repair or accelerate reads.
- Resilient PDP service wiring
- Retries on PDP service creation; upload and addPiece test suites synced from the PoC.
- Retries on PDP service creation; upload and addPiece test suites synced from the PoC.
- Piece CID builder in SDK
- A common pieceCidBuilder ensures consistent CommP across client and node flows.
- A common pieceCidBuilder ensures consistent CommP across client and node flows.
- Cleaner blockstores
- Mow supporting; Cleaning of blocks for deleted files to keep storage lean over time.
- Mow supporting; Cleaning of blocks for deleted files to keep storage lean over time.
- Smarter retries
- Transaction retry is limited to meaningful cases (e.g., “gas too low”) to avoid noisy loops.
- Transaction retry is limited to meaningful cases (e.g., “gas too low”) to avoid noisy loops.
- Dependency/Tooling refresh
- Updated Go modules and tool syntax across repos.
- Updated Go modules and tool syntax across repos.
These keep pushing us toward provable, auditable data with pragmatic repair paths when the network, a Node (or a disk) misbehaves.
Prickly Pear (O3 GUI) - From Board to Build
Our Trustless GUI v1.0 (“Prickly Pear”) is taking shape. Highlights from September’s board:
- Onboarding: end-to-end flow (DB + API), email credential generation, 2FA verification, and step-wise UX.
- Core screens & components: header/nav, search, tables, modals, 404, common components and typography.
- Buckets & objects: create/delete bucket logic, object upload progress, object list and details, range streaming wiring.
- Access: API key create/delete, canned ACLs, notification system, banner/status.
- Foundation: project setup, router, auth UI, base app client, and a clean component library.
Net: users will get a clean, safe, production-ready console to manage buckets, objects, keys, and policies without touching the CLI.
Note! : Public release is expected by the end of October!
Release Recap (September)
v1.2.0 (2025-09-16)
IAM service + CLI, standardized versioning with migration tooling, streaming chunk-trailers, IPC bucket pagination in sync, default AES-256, new o3 CLI, and broad I/O/buffering upgrades.
v1.2.1 (2025-09-19)
Revision-sync workflow (service + CLI), safe object rm with cascade cleanup and dry-run, improved MPU checksum path, O3_MPU_DIR in Docker, and initial CLI usage docs.
v1.3.0 (last week)
Cache TTL + LRU quotas, kernel-accelerated moves, robust partial-content, AWS-aligned pagination, streamlined checksum/IO pipeline, ACME via CLI, config auto-upgrades, and Compose refinements.
Breaking: mount path → /data/db; default encryption → AES-128 (configure AES-256 if required).
What’s Next
- GUI public preview for Prickly Pear.
- End-to-end PDP read/write/management surfaced in operator tooling and telemetry.
- Policy-driven lifecycle/tiering (archival/warm/cold) tied to proofs and cost.
- Hosted O3 option for teams that want our S3 front-end self-managed but still write into the Akave network.
If you’re upgrading from earlier O3 versions, skim the breaking notes above, run the versionId seeding (if you previously encoded IDs inside keys), and try the new dry-run modes before live actions on your infrastructure. If you want a hand, ping us; we’ll pair with your team to validate pipelines.
Connect with Us
Akave Cloud is an enterprise-grade, distributed and scalable object storage designed for large-scale datasets in AI, analytics, and enterprise pipelines. It offers S3 object compatibility, cryptographic verifiability, immutable audit trails, and SDKs for agentic agents; all with zero egress fees and no vendor lock-in saving up to 80% on storage costs vs. hyperscalers.
Akave Cloud works with a wide ecosystem of partners operating hundreds of petabytes of capacity, enabling deployments across multiple countries and powering sovereign data infrastructure. The stack is also pre-qualified with key enterprise apps such as Snowflake and others.
FAQ
- Is Akave Cloud O3 S3-compatible for enterprise tooling?
Yes, SigV4, multipart, partial-content, AWS-aligned pagination, and S3-style IAM semantics. - How do I get verifiable audit trails?
O3 stores content-addressed objects with onchain proofs; PDP enhances repair + integrity. - Which encryption is default now?
AES-128 by default in v1.3.0 (choose AES-256 via config or headers). - Do I need to reindex versions?
Only for older stores: run the versionId seeding tool once.