Multi-file package handoff
The handoff isn't one file. It's config plus data plus instructions plus an attachment, and the consumer needs them together. A multi-file kubbi encrypts each file individually and delivers the whole package under one claim URL.
How it works
| Step | Who | API call | What happens |
|---|---|---|---|
| 1 | Producer | POST /api/v1/kubbis | Creates a package kubbi with a files[] array. Gets back a claim URL. |
| 2 | Producer | Send claim_url | Only the URL travels. Files stay encrypted in kubbi. |
| 3 | Consumer | GET /r/:claim_token | Inspects the file manifest: names, types, sizes, roles. No retrieval consumed. |
| 4 | Consumer | POST /r/:claim_token/claim | Gets all files in one response. Text as UTF-8, binary as base64. Payload burns when max_retrievals is reached. |
Example
CI/CD pipeline → air-gapped build agent
A GitHub Actions workflow needs to pass config, instructions, and a binary artifact to an air-gapped build agent. The pipeline creates a package kubbi with config.json, instructions.md, and artifact.tar.gz (base64-encoded). The claim URL is injected into the build job's environment variables. The build agent claims when needed. The short TTL ensures cleanup even if the build never starts.
Related
- Payload shapes and file roles: payloads and files
- Endpoint reference: create a files kubbi