Authentication Setup
All storage operations require a valid TLS certificate issued by the MASS cluster.
Complete the following steps once before using mount.
Step 1 — Set the cluster endpoint
mass-ctl config set manager-endpoint https://<head-node-address>
Run this once. All subsequent commands will use this endpoint automatically.
Step 2 — Obtain a certificate
Choose the scenario that fits your use case:
Scenario A — Personal access (your account only)
Log in with your MASS account credentials. A short-lived client certificate (valid 24 hours by default) is issued and saved automatically.
mass-ctl login --username <your-username>
# Enter your password when prompted
To request a longer-lived certificate (up to 7 days):
mass-ctl login --username <your-username> --validity-hours 168
After this, you can run mount as your own user.
Scenario B — Persistent machine access (all users on this server)
Use this when a server needs to mount volumes persistently — surviving reboots and accessible to all users on the machine, not just the one who logged in.
First, log in to authenticate the registration request:
mass-ctl login --username <admin-username>
Then register the machine. This generates a long-lived certificate (valid ~1 year) tied to this machine's unique system ID:
sudo mass-ctl machine register
The machine certificate is preserved across logout and does not expire daily.
Any user on this machine can run mount without needing to log in again.
The certificate files are stored in ~/.config/boostx-sds/certs/ on the client machine.
The machine must also be registered as a Machine Identity in the Dashboard under Access → Machines
before storage access is granted.