Overview
PlayerZero offers the ability to store sensitive data—such as code context and devtools artifacts—in a private S3 bucket owned and managed by your organization. This ensures that all persisted data remains within your infrastructure, giving you full control over access, encryption, and compliance.This feature is available exclusively on Enterprise Plans.
Why Use Private Storage?
By integrating your own storage layer, you can:- Maintain ownership of sensitive application data
- Meet regulatory and security requirements (e.g., HIPAA, SOC 2, GDPR)
- Apply your own encryption, IAM policies, and retention rules
- Ensure data never leaves your cloud perimeter
Recommended Setup
We support any S3-compatible storage provider. Most teams choose:- Amazon S3
- MinIO, for self-hosted S3 compatibility
us-east-1
region (where PlayerZero systems are located), you are free to host your bucket in any region. We will automatically optimize for performance wherever possible.
1. Create a Secure S3 Bucket
Provision a bucket using your organization’s usual naming and configuration standards. We recommend the following general guidelines:- Access Control: Keep ACLs disabled; use IAM roles and policies for access.
- Versioning: Not required—PlayerZero will recreate missing data if needed.
- Encryption: Enable default encryption (server-side encryption with the method of your choice).
- Object Lock: Should be disabled to prevent unnecessary performance degradation.
If you’re using a provider other than AWS, ensure your storage solution supports S3-compatible APIs.
2. Create a Scoped API Token
In order for PlayerZero to interact with your S3 bucket, you’ll need to generate access credentials with scoped permissions.- Create a new IAM group (e.g.,
playerzero-storage
) - Attach permissions: Grant full access to the specific S3 bucket
- Create a new IAM user (e.g.,
playerzero-api
) that belongs to this group - Generate access keys for the user
(Be sure to copy both the Access Key ID and Secret Access Key securely; the secret key will not be visible again.)
Do not grant console access to this user. The keys will only be used for backend programmatic access.
3. Share Credentials with PlayerZero
Once you’ve created your bucket and API credentials, securely share the following with your PlayerZero account team:- Bucket name and region
- Access Key ID
- Secret Access Key