Skip to main content
Environments are the top-level containers in Tusky for organizing files, folders, and secrets. Every Tusky account starts with two environments automatically created on sign-up: one public and one private (encrypted).

Public vs Private

Public environment

Files are stored unencrypted on Walrus. Anyone with the blob ID can read the data through any Walrus aggregator. Ideal for open data, public websites, NFT media, and shared assets.

Private environment

Files are encrypted client-side before upload. Encryption keys are stored as Secrets and managed through Sui Seal. The encrypted blobs are readable from any Walrus aggregator, but the data is ciphertext without the decryption key. The Tusky SDK handles encryption and decryption transparently.
On sign-up, every account receives a default public environment and a default private environment. You can create additional environments of either type at any time.

How private environments work

Private environment files are stored on Walrus like any other blob — they can be fetched through any standard Walrus aggregator. However, the content is encrypted ciphertext. Only users with access to the environment’s encryption keys (stored as Secrets via Sui Seal) can decrypt the data.
1

Upload

The SDK encrypts the file client-side using keys derived from the environment’s Seal policy, then uploads the ciphertext to Walrus.
2

Store keys

Encryption keys are stored as secrets using Sui Seal. Access policies are defined on-chain — only authorized wallet addresses can retrieve the keys.
3

Read

Any Walrus aggregator can serve the encrypted blob. The SDK fetches the ciphertext, retrieves the decryption key from Seal, and decrypts client-side.
Because decryption happens client-side, Tusky never sees your plaintext data. And because the encrypted blobs live on Walrus, they’re accessible from any aggregator — you’re not locked into Tusky’s infrastructure for retrieval.
A environment’s encryption setting is permanent. You cannot convert a public environment to an encrypted environment (or vice-versa) after creation.

Creating an environment

1

Choose a name and type

Give your environment a descriptive name and select either Public or Encrypted. This choice is immutable.
2

Configure settings

Set default storage duration (in epochs), enable auto-extend if desired, and optionally add a description or tags.
3

Start uploading

Once the environment is created you can immediately upload files, add members, or connect the environment to an aggregator.

Environment settings

Every environment exposes a settings panel where you can manage:
SettingDescription
Name & descriptionHuman-readable metadata for the environment.
Default storage epochsThe number of Walrus storage epochs applied to new uploads unless overridden per-file.
Auto-extendWhen enabled, Tusky automatically renews storage before expiry so your data is never lost.
EncryptionDisplays the encryption status (read-only after creation).

Members and roles

Environments support collaborative access through a role-based membership model.
Full control over the environment — can upload, download, delete files, manage members, and modify settings. Each environment has exactly one owner (the creator).
For encrypted environments, adding a member updates the on-chain Seal policy. The member can decrypt using their wallet — no raw keys are shared.

Environment lifecycle

Understanding the full lifecycle of an environment helps you plan storage and collaboration effectively. 
Create → Configure → Upload files → Share / add members → Manage → Archive / Delete
  1. Create — A new environment is provisioned and linked to your account.
  2. Active — Files are uploaded, accessed, and managed. Members collaborate as needed.
  3. Archive (optional) — You can stop new uploads while keeping existing files accessible for their remaining storage duration.
  4. Delete — Removing an environment deletes all Tusky metadata. Files already published to Walrus remain available until their storage epochs expire; however, they will no longer be served through your Tusky aggregator.
Deleting an environment does not immediately delete data from the Walrus network. Walrus blobs persist until their purchased storage epochs expire. If you have ejected blobs to your own wallet, those blobs remain fully under your control regardless of environment status.

What’s next?

Files

Learn how files are uploaded, stored, and retrieved inside an environment.

Encryption

Understand how Tusky encrypts data in private environments.

Publishing

See how Tusky publishes your data to the Walrus network.

Aggregators

Discover how to access your content through dedicated aggregators.