Skip to main content

MinIO, object storage for user data

MinIO is used by Hublot as an S3-compatible object storage service. It stores all files associated with users: attachments, media, documents, and other persistent resources.

It is recommended to have a dedicated S3 instance for Hublot, to isolate application data and simplify operations, security, and quota management.

MinIO's role in the Hublot architecture

MinIO acts as the object storage backend.

Hublot relies on MinIO for:

  • user file storage
  • attachment and media management
  • persistence of resources linked to collaborative spaces

MinIO is never exposed directly to end users. Access is performed exclusively through Hublot using dedicated credentials.

Bucket organization

Hublot automatically creates a bucket per user at initialization.

Bucket names follow this convention:

user-{user-id}

Each bucket is:

  • isolated per user
  • managed automatically by Hublot
  • used to store all files belonging to that user

This approach provides clear data separation and makes storage policy implementation easier.

Quotas and space management

Using storage quotas is possible and strongly recommended.

Quotas allow you to:

  • limit disk usage per user
  • prevent abuse or excessive consumption
  • control overall storage growth

Quotas are managed directly in MinIO and apply to the buckets created by Hublot.

MinIO user for Hublot

A dedicated MinIO user must be created for Hublot.

This user must have:

  • full rights on the MinIO cluster
  • permissions to create and manage buckets
  • read and write access to all objects

The credentials for this user are provided to Hublot via environment variables:

MINIO_ACCESS_KEY=...
MINIO_SECRET_KEY=...
MINIO_ENDPOINT=...

Deployment mode

MinIO can be deployed according to standard infrastructure practices:

  • native binary
  • Docker
  • or within a distributed cluster

For production environments, it is recommended to use:

  • a distributed MinIO cluster
  • persistent storage
  • a high availability configuration when possible

Security

MinIO security best practices naturally apply:

  • restricted network access
  • dedicated credentials for Hublot
  • encrypted communications (TLS)
  • regular access key rotation

Having a dedicated S3 instance for Hublot also strengthens overall security.

Backups and maintenance

MinIO provides good data resilience, but it does not replace a backup.

It is recommended to:

  • set up regular backups or replication
  • monitor cluster health and available space
  • test restore procedures

Summary

  • MinIO is Hublot's object storage service
  • A dedicated S3 instance for Hublot is recommended
  • Hublot creates a bucket per user named user-{user-id}
  • Per-bucket quotas are possible and recommended
  • A dedicated MinIO user with full rights is required
  • MinIO integrates naturally into Hublot's overall architecture