WebDAV / S3 Configuration
When configuring Cloud Sync, you can choose to store sync data in your own cloud infrastructure (such as self-hosted WebDAV or third-party S3-compatible object storage) for full control over data residency and privacy.
In this mode, your clips are end-to-end encrypted on-device with a key you hold before they reach your storage, so the bucket/container only ever holds ciphertext. Octoclip's servers never receive your storage credentials, your encryption key, or your clip content. You are solely responsible for the availability, retention, and security of your storage bucket.
Supported options
| Option | Typical implementation | Best for |
|---|---|---|
| WebDAV | Self-hosted WebDAV or third-party WebDAV service | Fast onboarding with lower ops complexity |
| S3-compatible storage | Amazon S3, MinIO, or other cloud object storage | Scalable setups with fine-grained IAM policies |
Core fields
| Field | Type | Required | Description |
|---|---|---|---|
provider | string | Yes | Backend type, such as webdav or s3 |
endpoint | string | Yes | Service endpoint URL |
bucket | string | No | Target bucket/container name (S3 flows) |
username | string | No | Account (WebDAV) or Access Key ID (S3) |
password | string | No | Password (WebDAV) or Secret Access Key (S3) |
pathPrefix | string | No | Namespace prefix for sync objects |
| Encryption Key | string | Yes (in-app) | The end-to-end encryption key. You set it in the app (under the "Encryption Key" field); it is stored in your device keychain and is never written to this config file. Every device must use the same value to decrypt. |
Setup flow
Pick the end-to-end encryption key you will use, and save it in a password manager. You will need to enter the exact same key on every device; without it, content cannot be decrypted by peer devices.
Confirm endpoint reachability and read/write policy readiness. For S3, the access key needs at least s3:PutObject, s3:GetObject, s3:DeleteObject, and s3:ListBucket permissions on the target bucket. For WebDAV, verify the URL responds to a HEAD request.
In Octoclip's Cloud Sync settings, enter the required parameters based on your provider, along with your local encryption key.
Verify test object read/write before enabling production sync. Success: the app reports "Connection Successful" or "Test Passed"; you can then enable sync.
Example
The example below contains only the storage fields — the encryption key is set securely in the app and never appears in this file. Replace the angle-bracket values with your own credentials (these are placeholders, not real values).
{ "provider": "s3", "endpoint": "https://s3.example.com", "bucket": "octoclip-sync", "pathPrefix": "prod/user-a/", "username": "<your-access-key-id>", "password": "<your-secret-access-key>"}Never commit credential-bearing config files to public repositories, and never paste your encryption key into a shared channel. Enter them directly into the application settings.