Creating object storage S3 credential
A credential consists of an Access Key and Secret Key pair for use with S3-compatible tools and libraries that require authentication.
Create S3 credentials for object storage by using the UI, CLI, or API.
To create a credential, you must be granted the Administrator platform role or a custom role. For more information, see the IAM access documentation.
The secret key cannot be viewed after you create the credential. So you must save or download the key in a place from where you can retrieve it when needed.
Creating S3 credential by using the UI
To create s3 credential, complete the following steps.
-
On the IBM Cloud console, go to IBM Storage Ceph as a Service > Object Storage > Credentials tab.
-
Click New credential.
-
Enter S3 credential Name and click Add.
Avoid using special characters when creating access keys except for dashes
-
and underscores_
symbols. All alphabets and numbers are allowed. -
After the credential is created, Copy the credential or click Download to save the credential to your local system.
You will not be able to see the credential again after you close this message. Make sure to save or download the credential.
Creating S3 credential from the CLI
Run the cred-create
command with the ACCESS-KEY
and API endpoint to create a new object storage S3 credential for the storage deployment.
Avoid using special characters when creating access keys except for dashes -
, underscores _
, and the equal sign =
symbols. All alphabets and numbers are allowed.
ibmcloud software-defined-storage cred-create --access-key ACCESS-KEY --url string
See the following example.
ibmcloud software-defined-storage cred-create --access-key test-key1 --url $sds_endpoint
...
Access_Key test-key1
Secret_Key B13r2VkGB7InBmYNhs6N0vB7k2B2lvvEFT1HID2n
The $sds_endpoint
is an environment variable that points to the endpoint provided to you when IBM CephaaS was configured. It is in the URL form. For example, https://sds-cephaas.<cephaas-instance-id>.software-defined-storage.appdomain.cloud:{port number}/v1
.
You can set the URL once and then not have to add it for every command. For guidance on how to set the URL, see Config commands.
You can also use the alias sds
as an alternative to software-defined-storage
and crc
as an alternative to cred-create
for the CLI actions.
Creating S3 credential with the API
You can create a S3 credential for object storage by specifying the access key.
Avoid using special characters when creating access keys except for dashes -
, underscores _
, and the equal sign =
symbols. All alphabets and numbers are allowed.
curl -X POST $sds_endpoint/s3_credentials/{access_key} -H "accept: application/json" -H "Authorization: Bearer $IAM_TOKEN" -H "IBM-API-Version: 2025-02-01
An example of a successful response looks like this:
curl -X POST $sds_endpoint/s3_credentials/dsfdgdf2343435666 -H "accept: application/json" -H "Authorization: Bearer $IAM_TOKEN" -H "IBM-API-Version: 2025-02-01"
...
{
"access_key": "dsfdgdf2343435666",
"secret_key": "ZGAelVfLo7QAzWlIAsTPYVckXMl8gIcKzvdXaDtJ"
}
The $sds_endpoint
is an environment variable that points to the endpoint provided to you when IBM CephaaS was configured. It is in the URL form. For example, https://sds-cephaas.<cephaas-instance-id>.software-defined-storage.appdomain.cloud:{port number}/v1
.
You can set the URL once and then not have to add it for every command. For guidance on how to set the URL, see Config commands.
See Setting up your CLI and API environment for instructions on how to set the $IAM_TOKEN
variables.
Next steps
You can start creating and managing buckets and objects by using the AWS CLI. For guidance, see Using AWS CLI.