Public vs Private
Public volume
Files are stored unencrypted on Walrus. Anyone with the blob ID can read the data through any Walrus aggregator. Ideal for open data, public websites, NFT media, and shared assets.
Private volume
Files are encrypted client-side before upload. Encryption keys are managed through Sui Seal. The encrypted blobs are readable from any Walrus aggregator, but the data is ciphertext without the decryption key. The Tusky SDK handles encryption and decryption transparently.
On sign-up, every account receives a default public volume and a default private volume. You can create additional volumes of either type at any time.
How private volumes work
Private volume files are stored on Walrus like any other blob — they can be fetched through any standard Walrus aggregator. However, the content is encrypted ciphertext. Only users with access to the volume’s encryption keys (managed via Sui Seal) can decrypt the data.Upload
The SDK encrypts the file client-side using keys derived from the volume’s Seal policy, then uploads the ciphertext to Walrus.
Store keys
Encryption keys are managed by Sui Seal on-chain. Access policies are defined on the Sui blockchain — only authorized wallet addresses can retrieve the keys.
Creating a volume
Choose a name and type
Give your volume a descriptive name and select either Public or Encrypted. This choice is immutable.
Configure settings
Set default storage duration (in epochs), enable auto-extend if desired, and optionally add a description or tags.
Volume settings
Every volume exposes a settings panel where you can manage:| Setting | Description |
|---|---|
| Name & description | Human-readable metadata for the volume. |
| Default storage epochs | The number of Walrus storage epochs applied to new uploads unless overridden per-file. |
| Auto-extend | When enabled, Tusky automatically renews storage before expiry so your data is never lost. |
| Encryption | Displays the encryption status (read-only after creation). |
Members and roles
Volumes support collaborative access through a role-based membership model.- Owner
- Manager
- Viewer
Full control over the volume — can upload, download, delete files, manage members, and modify settings. Each volume has exactly one owner (the creator).
For encrypted volumes, adding a member updates the on-chain Seal policy. The member can decrypt using their wallet — no raw keys are shared.
Volume lifecycle
Understanding the full lifecycle of a volume helps you plan storage and collaboration effectively.- Create — A new volume is provisioned and linked to your account.
- Active — Files are uploaded, accessed, and managed. Members collaborate as needed.
- Archive (optional) — You can stop new uploads while keeping existing files accessible for their remaining storage duration.
- Delete — Removing a volume deletes all Tusky metadata. Files already published to Walrus remain available until their storage epochs expire; however, they will no longer be served through your Tusky aggregator.
Deleting a volume does not immediately delete data from the Walrus network. Walrus blobs persist until their purchased storage epochs expire. If you have ejected blobs to your own wallet, those blobs remain fully under your control regardless of volume status.