diff --git a/source/reference/minio-mc-admin.rst b/source/reference/minio-mc-admin.rst index 7cbba955..e10d87ee 100644 --- a/source/reference/minio-mc-admin.rst +++ b/source/reference/minio-mc-admin.rst @@ -35,6 +35,11 @@ The following table lists :mc:`mc admin` commands: * - Command - Description + * - :mc:`mc admin accesskey` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey.rst + :start-after: start-mc-admin-accesskey-desc + :end-before: end-mc-admin-accesskey-desc + * - :mc:`mc admin cluster bucket` - .. include:: /reference/minio-mc-admin/mc-admin-cluster-bucket.rst :start-after: start-mc-admin-cluster-bucket-desc @@ -174,6 +179,7 @@ See :ref:`minio-mc-global-options`. :hidden: :glob: + /reference/minio-mc-admin/mc-admin-accesskey /reference/minio-mc-admin/mc-admin-cluster-bucket /reference/minio-mc-admin/mc-admin-cluster-iam /reference/minio-mc-admin/mc-admin-config diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst new file mode 100644 index 00000000..f00d8f6a --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst @@ -0,0 +1,233 @@ +.. _minio-mc-admin-accesskey-create: + +============================= +``mc admin accesskey create`` +============================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey create + + +Syntax +------ + +.. start-mc-admin-accesskey-create-desc + +The :mc-cmd:`mc admin accesskey create` command adds a new access key and secret key pair for an existing MinIO user. + +.. end-mc-admin-accesskey-create-desc + +.. admonition:: Access keys for OpenID Connect or AD/LDAP users + :class: note + + This command is for access keys for users created directly on the MinIO deployment and not managed by a third party solution. + + - To generate access keys for :ref:`OpenID Connect users `, use the :ref:`MinIO Console `. + + - To generate access keys for :ref:`Active Directory/LDAP users `, use :mc:`mc idp ldap accesskey create`. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command creates a new access key associated to an existing MinIO user: + + .. code-block:: shell + :class: copyable + + mc admin accesskey create \ + myminio/ myuser \ + --access-key myuseraccesskey \ + --secret-key myusersecretkey \ + --policy /path/to/policy.json + + The command returns the access key and secret key for the new account. + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey create \ + ALIAS \ + [USER] \ + [--access-key string] \ + [--secret-key string] \ + [--policy path] \ + [--name string] \ + [--description string] \ + [--expiry-duration value] \ + [--expiry date] + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: USER + :optional: + + The username of the user to which MinIO adds the new access key. + If not specified, MinIO generates an access key/secret key pair for the authenticated user. + +.. mc-cmd:: --access-key + :optional: + + A string to use as the access key for this account. + Omit to let MinIO autogenerate a random 20 character value. + + Access Key names *must* be unique across all users. + +.. mc-cmd:: --description + :optional: + + Add a description for the access key. + For example, you might specify the reason the access key exists. + +.. mc-cmd:: --expiry + :optional: + + Set an expiration date for the access key. + The date must be in the future. + You may not set an expiration date that has already passed. + + Allowed date and time formats: + + - ``2024-10-24`` + - ``2024-10-24T10:00`` + - ``2024-10-24T10:00:00`` + - ``2024-10-24T10:00:00Z`` + - ``2024-10-24T10:00:00-07:00`` + + Mutually exclusive with :mc-cmd:`~mc admin accesskey create --expiry-duration`. + +.. mc-cmd:: --expiry-duration + :optional: + + Length of time for which the accesskey remains valid. + + For example, ``30m, ``24h``, ``30d``, or similar. + The following expires the credentials after 30 days: + + .. code-block:: + + --expiry-duration 30d + + Mutually exclusive with :mc-cmd:`~mc admin accesskey create --expiry`. + +.. mc-cmd:: --name + :optional: + + Add a human-readable name for the access key. + +.. mc-cmd:: --policy + :optional: + + The readable path to a :ref:`policy document ` to attach to the new access key, with a maximum size of 2048 characters. + The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policy or group policies + +.. mc-cmd:: --secret-key + :optional: + + The secret key to associate with the new account. + Omit to let MinIO autogenerate a random 40-character value. + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Examples +-------- + +Create access key / secret key pair for the authenticated user +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command generates a new, random access key and secret key pair for the user currently logged in to MinIO deployment at the alias ``myminio``. +The access key and secret key have the same access policies as the authenticated user. + +.. code-block:: shell + :class: copyable + + mc admin accesskey create myminio/ + +Create a custom access key / secret key pair for the authenticated user +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command creates a new access key and secret key pair for the user currently logged in to MinIO at the alias ``myminio``. +The access key and secret key have the same access policies as the authenticated user. + +.. code-block:: shell + :class: copyable + + mc admin accesskey create myminio/ --access-key myaccesskey --secret-key mysecretkey + +Create an access key / secret key pair for another user with limited duration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command creates a new access key and secret key pair for a user, ``miniouser`` on the alias ``myminio``. +The access key and secret key have the same access policies as ``miniouser``. +The credentials remain valid for 24 hours after creation. + +.. code-block:: shell + :class: copyable + + mc admin accesskey create myminio/ miniouser --expiry-duration 24h + + +Create access key / secret key pair for the authenticated user that expires +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command generates a new and random access key and random secret key pair for the user currently logged in to MinIO deployment at the alias ``myminio``. +The access key and secret key have the same access policies as the authenticated user. +The credentials expire on the fifteenth day of January, 2025. + +.. code-block:: shell + :class: copyable + + mc admin accesskey create myminio/ --expiry 2025-01-15 + +The date specified **must** be a future date. +For valid datetime formats, see the :mc-cmd:`~mc admin accesskey create --expiry` flag. + +Create access key / secret key pair for a different user with custom access +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command creates a new access key and secret key pair for the user, ``miniouser`` on the alias ``myminio``. +The access key and secret key have a more limited set of access than ``miniouser``, as specified in the policy JSON file. + +.. code-block:: shell + :class: copyable + + mc admin accesskey create myminio/ miniouser --policy /path/to/policy.json + +The specified policy file **must not** grant access to anything to which ``miniouser`` does not already have access. + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-disable.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-disable.rst new file mode 100644 index 00000000..b817e4a0 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-disable.rst @@ -0,0 +1,82 @@ +.. _minio-mc-admin-accesskey-disable: + +============================== +``mc admin accesskey disable`` +============================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey disable + + +Syntax +------ + +.. start-mc-admin-accesskey-disable-desc + +The :mc-cmd:`mc admin accesskey disable` command disables an existing access key for a MinIO IDP user. + +.. end-mc-admin-accesskey-disable-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command disables the specified access key: + + .. code-block:: shell + :class: copyable + + mc admin accesskey disable myminio myuserserviceaccount + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey disable \ + ALIAS \ + SERVICEACCOUNT + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: SERVICEACCOUNT + :required: + + The access key to disable. + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-edit.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-edit.rst new file mode 100644 index 00000000..530d9923 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-edit.rst @@ -0,0 +1,175 @@ +.. _minio-mc-admin-accesskey-edit: + +================================ +``mc admin user accesskey edit`` +================================ + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey edit + + +Syntax +------ + +.. start-mc-admin-accesskey-edit-desc + +The :mc-cmd:`mc admin accesskey edit` command modifies the configuration of an access key associated to the specified user. + +.. end-mc-admin-accesskey-edit-desc + +The command requires that at least one attribute of the access key change. +Otherwise, the command exits with an error message. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command applies a new policy and secret key to the ``myuserserviceaccount`` access key on the ``myminio`` deployment: + + .. code-block:: shell + :class: copyable + + mc admin accesskey edit \ + myminio myuserserviceaccount \ + --secret-key "myuserserviceaccountnewsecretkey" \ + --policy "/path/to/new/policy.json" + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey edit \ + ALIAS \ + ACCESSKEY \ + [--description string] \ + [--expiry-duration value] \ + [--expiry value] \ + [--name string] \ + [--policy path] \ + [--secret-key string] + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: ACCESSKEY + :required: + + The access key to modify. + +.. mc-cmd:: --description + :optional: + + Add or modify a description for the access key. + For example, you might specify the reason the access key exists. + +.. mc-cmd:: --expiry + :optional: + + Set or modify an expiration date for the access key. + The date must be in the future, you may not set an expiration date that has already passed. + + Allowed date and time formats: + + - ``2023-06-24`` + - ``2023-06-24T10:00`` + - ``2023-06-24T10:00:00`` + - ``2023-06-24T10:00:00Z`` + - ``2023-06-24T10:00:00-07:00`` + + Mutually exclusive with :mc-cmd:`~mc admin accesskey edit --expiry-duration`. + +.. mc-cmd:: --expiry-duration + :optional: + + Length of time for which the accesskey remains valid. + + For example, ``30d``, ``24h``, or similar. + To expire the credentials after 30 days, use: + + .. code-block:: + + --expiry-duration 30d + + Mutually exclusive with :mc-cmd:`~mc admin accesskey edit --expiry`. + +.. mc-cmd:: --name + :optional: + + Add or modify a human-readable name for the access key. + +.. mc-cmd:: --policy + :optional: + + The path to a :ref:`policy document ` to attach to the new access key, with a maximum size of 2048 characters. + The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policies. + + The new policy overwrites any previously attached policy. + +.. mc-cmd:: --secret-key + :optional: + + The secret key to associate with the new access key. + Overwrites the previous secret key. + Applications using the access keys *must* update to use the new credentials to continue performing operations. + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + +Examples +-------- + +Change the secret key for an access key +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command modifies the secret key for the access key ``myuseraccesskey`` on the ``myminio`` deployment. + +.. code-block:: shell + :class: copyable + + mc admin accesskey edit myminio/ myuseraccesskey --secret-key 'new-secret-key-change-me' + +Change the expiration for an access key +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command changes the expiration value for the access key ``myuseraccesskey`` on the ``myminio`` deployment. + +.. code-block:: shell + :class: copyable + + mc admin accesskey edit myminio/ myuseraccesskey --expiry-duration 24h + +The :mc-cmd:`~mc admin accesskey edit --expiry-duration` cannot be added if the access key already has a value set for :mc-cmd:`~mc admin accesskey edit --expiry`. + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-enable.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-enable.rst new file mode 100644 index 00000000..ed73c3d7 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-enable.rst @@ -0,0 +1,82 @@ +.. _minio-mc-admin-accesskey-enable: + +============================= +``mc admin accesskey enable`` +============================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey enable + + +Syntax +------ + +.. start-mc-admin-accesskey-enable-desc + +The :mc-cmd:`mc admin accesskey enable` command enables an existing access key. + +.. end-mc-admin-accesskey-enable-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command enables the specified access key: + + .. code-block:: shell + :class: copyable + + mc admin accesskey enable myminio myuserserviceaccount + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey enable \ + ALIAS \ + SERVICEACCOUNT + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: SERVICEACCOUNT + :required: + + The access key to enable. + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-info.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-info.rst new file mode 100644 index 00000000..9d3b89c8 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-info.rst @@ -0,0 +1,120 @@ +.. _minio-mc-admin-accesskey-info: + +=========================== +``mc admin accesskey info`` +=========================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey info + + +Syntax +------ + +.. start-mc-admin-accesskey-info-desc + +The :mc-cmd:`mc admin accesskey info` command returns a description of the specified :ref:`access key(s) `. + +.. end-mc-admin-accesskey-info-desc + +The description output includes the following details, as available: + +- Access Key +- Parent user of the specified access key +- Access key status (``on`` or ``off``) +- Policy or policies +- Comment +- Expiration + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command returns information on the specified access key: + + .. code-block:: shell + :class: copyable + + mc admin accesskey info myminio myuseraccesskey + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey info \ + ALIAS \ + ACCESSKEY + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: ACCESSKEY + :required: + + The access key to display. + + Return information for multiple access keys by separating each access key with a space. + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + +Examples +-------- + +Display access key details +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Use :mc-cmd:`mc admin accesskey info` to display details of an access key on a MinIO deployment: + +.. code-block:: shell + :class: copyable + + mc admin accesskey info myminio myaccesskey + +- Replace ``myminio`` with the :mc-cmd:`alias ` of the MinIO deployment. + +- Replace :mc-cmd:`myaccesskey ` with the access key for which to display information. + List multiple keys by separating each with a space. + +The output resembles the following: + +.. code-block:: shell + + AccessKey: myuserserviceaccount + ParentUser: myuser + Status: on + Comment: + Policy: implied + Expiration: no-expiry + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-list.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-list.rst new file mode 100644 index 00000000..a75e2eea --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-list.rst @@ -0,0 +1,181 @@ +.. _minio-mc-admin-accesskey-list: + +========================= +``mc admin accesskey ls`` +========================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey list +.. mc:: mc admin accesskey ls + + +Syntax +------ + +.. start-mc-admin-accesskey-list-desc + +The :mc:`mc admin accesskey ls` command lists users, access keys, or temporary :ref:`security token service ` keys managed by the MinIO deployment. + +.. end-mc-admin-accesskey-list-desc + +The alias :mc:`mc admin accesskey list` has equivalent functionality to :mc:`mc admin accesskey ls`. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command lists all access keys associated to the user with username ``admin1`` on the deployment at alias ``myminio``: + + .. code-block:: shell + :class: copyable + + mc admin accesskey ls myminio admin1 + + The output resembles the following: + + .. code-block:: shell + + Access Key | Expiry + 5XF3ZHNZK6FBDWH9JMLX | 2023-06-24 07:00:00 +0000 UTC + F4V2BBUZSWY7UG96ED70 | 2023-12-24 18:00:00 +0000 UTC + FZVSEZ8NM9JRBEQZ7B8Q | no-expiry + HOXGL8ON3RG0IKYCHCUD | no-expiry + + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey ls \ + ALIAS \ + [USER] \ + [--all] \ + [--self] \ + [--temp-only] \ + [--users-only] + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: USER + :optional: + + The username of the user(s) to display access keys for. + Separate multiple usernames with a space. + +.. mc-cmd:: --all + :optional: + + List all users and any access keys or temporary STS keys associated with them. + Requires admin privileges for the deployment. + + This flag is mutually exclusive with the other flags available for this command. + +.. mc-cmd:: --svcacc-only + :optional: + + List temporary :ref:`Security Token Service (STS) keys ` on the deployment. + + This flag is mutually exclusive with the other flags available for this command. + +.. mc-cmd:: --self + :optional: + + List access keys and STS keys for the currently authenticated user. + + This flag is mutually exclusive with the other flags available for this command. + +.. mc-cmd:: --temp-only + :optional: + + List users with their access keys. + This returns only users that have associated access keys. + + This flag requires admin privileges for the user running the command. + + This flag is mutually exclusive with the other flags available for this command. + +.. mc-cmd:: --users-only + :optional: + + List the MinIO users managed by the deployment. + Use in conjunction with the :mc-cmd:`~mc admin accesskey ls --all` flag to list all users on the deployment. + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + +Examples +-------- + +List all built-in users and associated access keys +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command lists all users managed by the MinIO deployment at alias ``myminio`` and any associated access keys or temporary STS tokens. + +.. code-block:: shell + :class: copyable + + mc admin accesskey list myminio/ --all + +Return a list of access keys for the current authenticated user +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command lists the access keys or temporary STS tokens associated with the currently authenticated user for the ``myminio`` deployment. + +.. code-block:: shell + :class: copyable + + mc admin accesskey list myminio/ --self + +List all users created and managed by the deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command returns a list of all of the users on the current deployment. +The list only includes MinIO IDP managed users, not users managed by a third party tool on a protocol like OpenID or Active Directory/LDAP. + +.. code-block:: shell + :class: copyable + + mc admin accesskey ls myminio/ --all --users-only + +Return a list of access keys associated with the users ``miniouser1`` and ``miniouser2`` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following command returns a list of access keys for two users on the ``myminio`` deployment. + +.. code-block:: shell + :class: copyable + + mc admin accesskey ls myminio/ miniouser1 miniouser2 + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-remove.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-remove.rst new file mode 100644 index 00000000..79d45aa1 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-remove.rst @@ -0,0 +1,89 @@ +.. _minio-mc-admin-accesskey-remove: + +========================= +``mc admin accesskey rm`` +========================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey remove +.. mc:: mc admin accesskey rm + + +Syntax +------ + +.. start-mc-admin-accesskey-remove-desc + +The :mc:`mc admin accesskey rm` command removes an access key associated to a user on the deployment. + +.. end-mc-admin-accesskey-remove-desc + +The :mc:`mc admin accesskey remove` command has equivalent functionality to :mc:`mc admin accesskey rm`. + +.. warning:: + + Applications can no longer authenticate using the access key after its removal. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following command removes the specified access key: + + .. code-block:: shell + :class: copyable + + mc admin accesskey rm myminio myuserserviceaccount + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin accesskey rm \ + ALIAS \ + ACCESSKEYTOREMOVE + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :mc-cmd:`alias ` of the MinIO deployment. + +.. mc-cmd:: ACCESSKEYTOREMOVE + :required: + + The access key to remove. + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey.rst b/source/reference/minio-mc-admin/mc-admin-accesskey.rst new file mode 100644 index 00000000..5f46970c --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-accesskey.rst @@ -0,0 +1,92 @@ +.. _minio-mc-admin-accesskey: + +====================== +``mc admin accesskey`` +====================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin accesskey + +.. versionadded:: MinIO Client RELEASE.2024-10-08T09-37-26Z + +These commands replace the MinIO IDP functionality of the :mc:`mc admin user svcacct` command and its subcommands. + +Description +----------- + +.. start-mc-admin-accesskey-desc + +The :mc:`mc admin accesskey` command and its subcommands create and manage :ref:`Access Keys ` for internally managed users on a MinIO deployment. + +.. end-mc-admin-accesskey-desc + +Each access key is linked to a :ref:`user identity ` and inherits the :ref:`policies ` attached to its parent user *or* those groups in which the parent user has membership. +Each access key also supports an optional inline policy which further restricts access to a subset of actions and resources available to the parent user. + +:mc:`mc admin user svcacct` only supports creating access keys for :ref:`MinIO-managed ` accounts. + +To create access keys for :ref:`Active Directory/LDAP-managed ` accounts, use :mc:`mc idp ldap accesskey` and its subcommands. +To manage access keys for :ref:`OpenID Connect-managed users `, log into the :ref:`MinIO Console ` and generate the access keys through the UI. + +:mc:`mc admin accesskey` command has the following subcommands: + +.. list-table:: + :header-rows: 1 + :widths: 40 60 + + * - Subcommand + - Description + + * - :mc:`~mc admin accesskey create` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-create.rst + :start-after: start-mc-admin-accesskey-create-desc + :end-before: end-mc-admin-accesskey-create-desc + + * - :mc:`~mc admin accesskey disable` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-disable.rst + :start-after: start-mc-admin-accesskey-disable-desc + :end-before: end-mc-admin-accesskey-disable-desc + + * - :mc:`~mc admin accesskey edit` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-edit.rst + :start-after: start-mc-admin-accesskey-edit-desc + :end-before: end-mc-admin-accesskey-edit-desc + + * - :mc:`~mc admin accesskey enable` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-enable.rst + :start-after: start-mc-admin-accesskey-enable-desc + :end-before: end-mc-admin-accesskey-enable-desc + + * - :mc:`~mc admin accesskey info` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-info.rst + :start-after: start-mc-admin-accesskey-info-desc + :end-before: end-mc-admin-accesskey-info-desc + + * - :mc:`~mc admin accesskey ls` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-list.rst + :start-after: start-mc-admin-accesskey-list-desc + :end-before: end-mc-admin-accesskey-list-desc + + * - :mc:`~mc admin accesskey rm` + - .. include:: /reference/minio-mc-admin/mc-admin-accesskey-remove.rst + :start-after: start-mc-admin-accesskey-remove-desc + :end-before: end-mc-admin-accesskey-remove-desc + + +.. toctree:: + :titlesonly: + :hidden: + + /reference/minio-mc-admin/mc-admin-accesskey-create + /reference/minio-mc-admin/mc-admin-accesskey-disable + /reference/minio-mc-admin/mc-admin-accesskey-edit + /reference/minio-mc-admin/mc-admin-accesskey-enable + /reference/minio-mc-admin/mc-admin-accesskey-info + /reference/minio-mc-admin/mc-admin-accesskey-list + /reference/minio-mc-admin/mc-admin-accesskey-remove + diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst index 5aa356dc..cfd25369 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst @@ -12,6 +12,14 @@ .. mc:: mc admin user svcacct add +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey create` command to add access keys for built-in MinIO IDP users. + + To add access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey create` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-disable.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-disable.rst index 9a41f82b..8307182f 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-disable.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-disable.rst @@ -13,6 +13,14 @@ .. mc:: mc admin user svcacct disable +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey disable` command to disable an access key for a built-in MinIO IDP user. + + To disable access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey disable` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst index 9a682ea2..e6481f69 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst @@ -12,6 +12,13 @@ .. mc:: mc admin user svcacct edit +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey edit` command to modify access keys for built-in MinIO IDP users. + + To modify access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey edit` command. Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-enable.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-enable.rst index a72f3742..8bf744d1 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-enable.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-enable.rst @@ -12,6 +12,14 @@ .. mc:: mc admin user svcacct enable +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey enable` command to enable an access key for a built-in MinIO IDP user. + + To enable access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey enable` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst index f9b68d0a..3cfa95fb 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst @@ -12,6 +12,14 @@ .. mc:: mc admin user svcacct info +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey info` command to display information about access keys for built-in MinIO IDP users. + + For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey info` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-list.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-list.rst index 247de652..331da1fb 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-list.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-list.rst @@ -14,6 +14,14 @@ .. mc:: mc admin user svcacct ls +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey ls` command to list access keys for built-in MinIO IDP users. + + For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey ls` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-remove.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-remove.rst index b8502904..e53b60e9 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-remove.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-remove.rst @@ -13,6 +13,14 @@ .. mc:: mc admin user svcacct remove .. mc:: mc admin user svcacct rm +.. important:: + + This command has been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey rm` command to delete access keys for built-in MinIO IDP users. + + For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey rm` command. + Syntax ------ diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct.rst index c7442c07..c2d67a71 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct.rst @@ -12,6 +12,14 @@ .. mc:: mc admin user svcacct +.. important:: + + These commands have been replaced and will be deprecated in a future MinIO Client release. + + As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey` command and its subcommands for functions related to built-in MinIO IDP users and their access keys or STS tokens. + + For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey` command and its subcommands. + Description ----------- @@ -19,9 +27,12 @@ Description The :mc:`mc admin user svcacct` command and its subcommands create and manage :ref:`Access Keys ` on a MinIO deployment. +As of MinIO Client RELEASE.2024-10-08T09-37-26Z, these commands have been replaced by :mc:`mc admin accesskey` and :mc:`mc idp ldap accesskey`. +This command and its subcommands will be deprecated in a future MinIO Client release. + .. end-mc-admin-user-svcacct-desc -Each access key is linked to a :ref:`user identity ` and inherits the :ref:`policies ` attached to it's parent user *or* those groups in which the parent user has membership. +Each access key is linked to a :ref:`user identity ` and inherits the :ref:`policies ` attached to its parent user *or* those groups in which the parent user has membership. Each access key also supports an optional inline policy which further restricts access to a subset of actions and resources available to the parent user. :mc:`mc admin user svcacct` only supports creating access keys for :ref:`MinIO-managed ` and :ref:`Active Directory/LDAP-managed ` accounts. diff --git a/source/reference/minio-server/settings/deprecated.rst b/source/reference/minio-server/settings/deprecated.rst index ca437ee6..26de77af 100644 --- a/source/reference/minio-server/settings/deprecated.rst +++ b/source/reference/minio-server/settings/deprecated.rst @@ -65,6 +65,14 @@ They are listed here for historical reference only. To perform root credential rotation, modify the :envvar:`MINIO_ROOT_USER` and :envvar:`MINIO_ROOT_PASSWORD` environment variables. +.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME + + .. deprecated:: Operator 6.0.4 + + Specifies the namespace to create and use for Operator. + + When not specified, the default value is ``minio-operator``. + .. envvar:: MINIO_SECRET_KEY_OLD .. deprecated:: RELEASE.2021-04-22T15-44-28Z diff --git a/source/reference/operator-environment-variables.rst b/source/reference/operator-environment-variables.rst index 605e85a1..0d668e1f 100644 --- a/source/reference/operator-environment-variables.rst +++ b/source/reference/operator-environment-variables.rst @@ -63,12 +63,6 @@ Available MinIO Operator Environment Variables The password Operator should use to decrypt the private key in the TLS certificate for Operator. -.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME - - Specifies the namespace to create and use for Operator. - - When not specified, the default value is ``minio-operator``. - .. envvar:: OPERATOR_STS_ENABLED Toggle STS Service ``on`` or ``off``.