Skip to main content

Access Control Options

All blobs stored on Walrus are public by default. Anyone who knows a blob ID can fetch its contents directly from a Walrus aggregator. Access control for Walrus Sites is not enforced at the storage layer.

Fully public content (default)

When you publish a Walrus Site using site-builder, all resources are stored as publicly readable blobs on Walrus. The portal serves them to any visitor without authentication. This is appropriate for most static sites, documentation, open-source project pages, and other content that has no confidentiality requirement.

For these use cases, site data authentication already provides integrity guarantees: the portal verifies each resource's SHA-256 hash against the value stored on Sui before serving it, ensuring the content has not been tampered with in transit.

info

Integrity verification and access control are separate concerns. Authentication confirms that content has not been modified. It does not restrict who can retrieve it.

Restricting access

Walrus Sites does not currently document a supported mechanism for restricting who can read site content. Treat all published site resources as public.