While at rest, project files are stored in a durable object storage system, referred to as the Domino Blob Store.
Domino natively supports the Domino File Store with the following cloud storage services:
-
Amazon S3
-
Azure File Storage
-
Google Cloud Storage
The Domino File Store can also be backed with a shared Kubernetes Persistent Volume from a compatible storage class. You can provide an NFS storage service and the Domino installation utilities can deploy the nfs-client-provisioner and configure a compatible storage class backed by the NFS system.
Domino supports server-side encryption with customer-provided keys (SSE-C) for Amazon S3.
Domino supports EBS file system encryption using the industry-standard AES-256 algorithm on Elastic Block Store.
Domino also supports default encryption keys for:
-
Amazon S3
-
Azure File Storage
-
Google Cloud Filestore
Domino does not provide pre-write encryption for nfs-client-provisioner
volumes.
When a user starts an execution in Domino, the files from their project are fetched from the Domino File Store and loaded into the execution in the working directory of the Domino File System. When the execution finishes, or the user initiates a manual sync in a Workspace session, any changes to the contents of the working directory are written to Domino as a new revision of the project files. Domino’s versioning system tracks file-level changes and can provide rich file difference information between revisions.
Domino also has several features that provide users with paths to quickly initiate a file sync. The following events in Domino can trigger a file sync, and the subsequent creation of a new revision of a project’s files.
-
User uploads files from the Domino application upload interface.
-
User authors or edits a file in the Domino web application file editor.
-
User syncs their local files to Domino from the Domino Command Line Interface.
-
User uploads files to Domino through the Domino API.
-
User executes code in a Domino Job that writes files to the working directory.
-
User writes files to the working directory during a Workspace session, and then initiates a manual sync or commits those files when the session finishes.
By default, all revisions of project files that Domino creates are kept indefinitely, since project files are a component in the Domino Reproducibility Engine. Users can always return to and work with past revisions of project files, except for files that have been subjected to a full delete by a system administrator.
Access to data in Project files
Users can read and write files to the projects they create, on which they automatically are granted an Owner role. Owners can add collaborators to their projects with roles and associated files permissions. See Collaborator Permissions for details.
Users can also inherit roles from membership in Domino Organizations. Domino users with some administrative system roles are granted additional access to project files across the Domino deployment they administer. See Roles for more information.