DeltaGlider Proxy documentation
DeltaGlider is a transparent proxy that sits between your applications and S3-compatible storage, compressing versioned binary artifacts with delta encoding to cut storage costs — without changing your client code. It speaks the S3 API, so your existing tools, SDKs, and workflows keep working unchanged. Open source (GPL-3.0).
New here? Start with one of these, or press ⌘K to search.
Recommended starting points
Start here See your first delta savings → A guided tutorial from zero to a working proxy with measurable compression. Understand it How delta compression works → The concept behind the savings — what compresses, what doesn't, and why. Reference Configuration reference → Every config field, with types, defaults, and hot-reload behavior.
These are the same docs bundled into the product, served here for easy linking.
Start here
What this is, plus guided lessons from zero to a working proxy.
- Your first delta savings Acme Robotics ships a new firmware build for the Widget 3000 every few weeks. Each releas…
- Securing your first proxy This tutorial continues exactly where Your first delta savings left off: a proxy running…
- Your first Helm deployment on kind In this tutorial we'll run DeltaGlider Proxy on Kubernetes — a real chart on a real (if d…
- Common questions An index, not an FAQ: each question links straight to the page that answers it properly.
Guides: deploy & operate
Recipes for installing, upgrading, watching, and debugging a running proxy.
- How to take a proxy to production This guide shows you how to take a working DeltaGlider Proxy from "runs on my laptop" to…
- How to deploy with Docker Compose This guide shows you how to run DeltaGlider Proxy with Docker Compose using a secret-free…
- How to deploy on Kubernetes with Helm This guide shows you how to run DeltaGlider Proxy in production on Kubernetes with the of…
- How to serve TLS This guide shows you how to put HTTPS in front of DeltaGlider Proxy — either by terminati…
- How to upgrade the proxy This guide shows you how to move between DeltaGlider Proxy versions safely, including the…
- How to back up and restore This guide shows you how to back up DeltaGlider Proxy's state — config, IAM, and secrets…
- How to run multiple instances (HA) This guide shows you how to run more than one DeltaGlider Proxy instance against the same…
- How to monitor with Prometheus and Grafana This guide shows you how to scrape DeltaGlider Proxy with Prometheus, build the Grafana p…
- How to trace and audit requests This guide shows you how to find out why the proxy allowed or denied a request — by dry-r…
- Troubleshooting This guide maps the symptoms you'll see in the wild to their fixes. If your symptom isn't…
Guides: storage & data
How to route, migrate, compress, replicate, expire, and encrypt your data.
- How to route a bucket to a different backend This guide shows you how to serve a bucket from a specific storage backend, and how to ma…
- How to migrate an existing S3 bucket into the proxy This guide shows you how to put an existing S3 bucket — with years of objects already in…
- How to move a bucket to another backend This guide shows you how to relocate a bucket's data from one backend to another with the…
- How to set per-bucket compression and quotas This guide shows you how to turn delta compression on or off per bucket, tighten the delt…
- How to replicate a bucket to another backend This guide shows you how to mirror a bucket to a second backend with a replication rule.…
- How to expire and archive objects This guide shows you how to delete objects past a certain age with a lifecycle rule, or t…
- How to encrypt data at rest This guide shows you how to enable at-rest encryption on a storage backend. Encryption is…
- How to rotate or change encryption keys This guide shows you how to change a backend's encryption key or mode without losing acce…
- How to send events to webhooks and Slack This guide shows you how to deliver object events (created, deleted, copied, replicated,…
Guides: access & security
How to create IAM users, set up SSO, gate requests, and publish public folders.
- How to create IAM users and groups Give every client its own scoped credential — here, a CI pipeline (ci-uploader) that can…
- How to restrict access by IP and prefix Add conditions to IAM rules so a leaked credential is useless outside your network, and u…
- How to set up OAuth/OIDC single sign-on Let humans sign in to the admin UI with the identity provider they already have, and land…
- How to manage IAM as code (GitOps) Make YAML the source of truth for users, groups, and OAuth providers — reviewed in pull r…
- How to gate requests before authentication Reject unwanted traffic — bad IPs, anonymous writes, everything during maintenance — befo…
- How to publish a folder publicly Serve one prefix to the world — curl-able installers, no credentials — while the rest of…
Reference
Facts: every field, endpoint, metric, and limit. No opinions.
- Configuration DeltaGlider Proxy is configured via a YAML file and/or environment variables (DGP prefix)…
- S3 API compatibility DeltaGlider speaks the S3 wire protocol through the s3s framework, so standard tools (AWS…
- Command-line tools The deltagliderproxy binary is both the server and its CLI. With no subcommand it starts…
- Admin API Every endpoint under //api/admin/, grouped by purpose.
- Authentication and access Reference for the proxy's authentication modes, the bootstrap password, SigV4 verificatio…
- IAM permissions and conditions Reference for the ABAC permission model: rule shape, actions, resource patterns, identity…
- Rate limits and concurrency Reference for the proxy's protection layers against overload, abuse, and resource exhaust…
- Capacity planning and hardware sizing Reference for the proxy's resource profile and how to size CPU, memory, and disk before a…
- Encryption reference Encryption at rest is configured per backend. Each backend in storage.backends[] (or the…
- Jobs One API surface and one admin screen for everything that runs in the background: replicat…
- Bucket replication Engine-routed source → destination object copy, transparent to per-backend encryption and…
- Lifecycle rules Lifecycle for engine-visible objects: delete old objects by age, keep the newest N by cou…
- Event outbox Durable object events are written to the encrypted config DB after successful S3 mutation…
- Declarative IAM GitOps-shaped IAM: YAML is the source of truth; the encrypted config DB is reconciled fro…
- Metrics Every Prometheus metric the proxy exposes, with labels, types, and bucket boundaries.
Concepts
How it works and why — readable away from the keyboard.
- How delta compression works Why storing every version of a binary is mostly waste, and what the proxy does about it.
- How migration works What actually happens when you move an existing bucket onto the proxy — and the questions…
- About multi-backend routing Why the proxy is a control plane over your storage, not another place your bytes live.
- About authentication and access control DeltaGlider Proxy sits between every client and every byte of stored data, which makes it…
- About encryption at rest Encryption at rest in DeltaGlider Proxy is a per-backend decision with four modes: none,…
- About jobs, write gates, and durability DeltaGlider Proxy runs four kinds of background work — replication rules, lifecycle rules…
- DeltaGlider compression vs. S3 Object Versioning Two different things that both involve the word "version" — and why DeltaGlider deliberat…