minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Updates for two October 2024 releases (#1353)

Browse Source 
Deprecates a no longer used operator environment variable.

Closes #1351

Adds `mc admin accesskey` and subcommands.
Updates `mc admin user svcacct` and subcommands with reference to new
commands.

Closes #1350
This commit is contained in:
Daryl White
2024-10-22 16:32:42 -04:00
committed by GitHub
parent b79934f11d
commit af3d8aba9f
19 changed files with 1135 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/reference/minio-mc-admin.rst
View File

@ -35,6 +35,11 @@ The following table lists :mc:`mc admin` commands:
* - Command
- Description
* - :mc:`mc admin accesskey`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey.rst
:start-after: start-mc-admin-accesskey-desc
:end-before: end-mc-admin-accesskey-desc
* - :mc:`mc admin cluster bucket`
- .. include:: /reference/minio-mc-admin/mc-admin-cluster-bucket.rst
:start-after: start-mc-admin-cluster-bucket-desc
@ -174,6 +179,7 @@ See :ref:`minio-mc-global-options`.
:hidden:
:glob:
/reference/minio-mc-admin/mc-admin-accesskey
/reference/minio-mc-admin/mc-admin-cluster-bucket
/reference/minio-mc-admin/mc-admin-cluster-iam
/reference/minio-mc-admin/mc-admin-config

233
source/reference/minio-mc-admin/mc-admin-accesskey-create.rst Normal file
View File

@ -0,0 +1,233 @@
.. _minio-mc-admin-accesskey-create:
=============================
``mc admin accesskey create``
=============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey create
Syntax
------
.. start-mc-admin-accesskey-create-desc
The :mc-cmd:`mc admin accesskey create` command adds a new access key and secret key pair for an existing MinIO user.
.. end-mc-admin-accesskey-create-desc
.. admonition:: Access keys for OpenID Connect or AD/LDAP users
:class: note
This command is for access keys for users created directly on the MinIO deployment and not managed by a third party solution.
- To generate access keys for :ref:`OpenID Connect users <minio-external-identity-management-openid>`, use the :ref:`MinIO Console <minio-console>`.
- To generate access keys for :ref:`Active Directory/LDAP users <minio-external-identity-management-ad-ldap>`, use :mc:`mc idp ldap accesskey create`.
.. tab-set::
.. tab-item:: EXAMPLE
The following command creates a new access key associated to an existing MinIO user:
.. code-block:: shell
:class: copyable
mc admin accesskey create \
myminio/ myuser \
--access-key myuseraccesskey \
--secret-key myusersecretkey \
--policy /path/to/policy.json
The command returns the access key and secret key for the new account.
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey create \
ALIAS \
[USER] \
[--access-key string] \
[--secret-key string] \
[--policy path] \
[--name string] \
[--description string] \
[--expiry-duration value] \
[--expiry date]
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: USER
:optional:
The username of the user to which MinIO adds the new access key.
If not specified, MinIO generates an access key/secret key pair for the authenticated user.
.. mc-cmd:: --access-key
:optional:
A string to use as the access key for this account.
Omit to let MinIO autogenerate a random 20 character value.
Access Key names *must* be unique across all users.
.. mc-cmd:: --description
:optional:
Add a description for the access key.
For example, you might specify the reason the access key exists.
.. mc-cmd:: --expiry
:optional:
Set an expiration date for the access key.
The date must be in the future.
You may not set an expiration date that has already passed.
Allowed date and time formats:
- ``2024-10-24``
- ``2024-10-24T10:00``
- ``2024-10-24T10:00:00``
- ``2024-10-24T10:00:00Z``
- ``2024-10-24T10:00:00-07:00``
Mutually exclusive with :mc-cmd:`~mc admin accesskey create --expiry-duration`.
.. mc-cmd:: --expiry-duration
:optional:
Length of time for which the accesskey remains valid.
For example, ``30m, ``24h``, ``30d``, or similar.
The following expires the credentials after 30 days:
.. code-block::
--expiry-duration 30d
Mutually exclusive with :mc-cmd:`~mc admin accesskey create --expiry`.
.. mc-cmd:: --name
:optional:
Add a human-readable name for the access key.
.. mc-cmd:: --policy
:optional:
The readable path to a :ref:`policy document <minio-policy>` to attach to the new access key, with a maximum size of 2048 characters.
The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policy or group policies
.. mc-cmd:: --secret-key
:optional:
The secret key to associate with the new account.
Omit to let MinIO autogenerate a random 40-character value.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Examples
--------
Create access key / secret key pair for the authenticated user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command generates a new, random access key and secret key pair for the user currently logged in to MinIO deployment at the alias ``myminio``.
The access key and secret key have the same access policies as the authenticated user.
.. code-block:: shell
:class: copyable
mc admin accesskey create myminio/
Create a custom access key / secret key pair for the authenticated user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command creates a new access key and secret key pair for the user currently logged in to MinIO at the alias ``myminio``.
The access key and secret key have the same access policies as the authenticated user.
.. code-block:: shell
:class: copyable
mc admin accesskey create myminio/ --access-key myaccesskey --secret-key mysecretkey
Create an access key / secret key pair for another user with limited duration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command creates a new access key and secret key pair for a user, ``miniouser`` on the alias ``myminio``.
The access key and secret key have the same access policies as ``miniouser``.
The credentials remain valid for 24 hours after creation.
.. code-block:: shell
:class: copyable
mc admin accesskey create myminio/ miniouser --expiry-duration 24h
Create access key / secret key pair for the authenticated user that expires
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command generates a new and random access key and random secret key pair for the user currently logged in to MinIO deployment at the alias ``myminio``.
The access key and secret key have the same access policies as the authenticated user.
The credentials expire on the fifteenth day of January, 2025.
.. code-block:: shell
:class: copyable
mc admin accesskey create myminio/ --expiry 2025-01-15
The date specified **must** be a future date.
For valid datetime formats, see the :mc-cmd:`~mc admin accesskey create --expiry` flag.
Create access key / secret key pair for a different user with custom access
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command creates a new access key and secret key pair for the user, ``miniouser`` on the alias ``myminio``.
The access key and secret key have a more limited set of access than ``miniouser``, as specified in the policy JSON file.
.. code-block:: shell
:class: copyable
mc admin accesskey create myminio/ miniouser --policy /path/to/policy.json
The specified policy file **must not** grant access to anything to which ``miniouser`` does not already have access.
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

82
source/reference/minio-mc-admin/mc-admin-accesskey-disable.rst Normal file
View File

@ -0,0 +1,82 @@
.. _minio-mc-admin-accesskey-disable:
==============================
``mc admin accesskey disable``
==============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey disable
Syntax
------
.. start-mc-admin-accesskey-disable-desc
The :mc-cmd:`mc admin accesskey disable` command disables an existing access key for a MinIO IDP user.
.. end-mc-admin-accesskey-disable-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following command disables the specified access key:
.. code-block:: shell
:class: copyable
mc admin accesskey disable myminio myuserserviceaccount
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey disable \
ALIAS \
SERVICEACCOUNT
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: SERVICEACCOUNT
:required:
The access key to disable.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

175
source/reference/minio-mc-admin/mc-admin-accesskey-edit.rst Normal file
View File

@ -0,0 +1,175 @@
.. _minio-mc-admin-accesskey-edit:
================================
``mc admin user accesskey edit``
================================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey edit
Syntax
------
.. start-mc-admin-accesskey-edit-desc
The :mc-cmd:`mc admin accesskey edit` command modifies the configuration of an access key associated to the specified user.
.. end-mc-admin-accesskey-edit-desc
The command requires that at least one attribute of the access key change.
Otherwise, the command exits with an error message.
.. tab-set::
.. tab-item:: EXAMPLE
The following command applies a new policy and secret key to the ``myuserserviceaccount`` access key on the ``myminio`` deployment:
.. code-block:: shell
:class: copyable
mc admin accesskey edit \
myminio myuserserviceaccount \
--secret-key "myuserserviceaccountnewsecretkey" \
--policy "/path/to/new/policy.json"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey edit \
ALIAS \
ACCESSKEY \
[--description string] \
[--expiry-duration value] \
[--expiry value] \
[--name string] \
[--policy path] \
[--secret-key string]
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: ACCESSKEY
:required:
The access key to modify.
.. mc-cmd:: --description
:optional:
Add or modify a description for the access key.
For example, you might specify the reason the access key exists.
.. mc-cmd:: --expiry
:optional:
Set or modify an expiration date for the access key.
The date must be in the future, you may not set an expiration date that has already passed.
Allowed date and time formats:
- ``2023-06-24``
- ``2023-06-24T10:00``
- ``2023-06-24T10:00:00``
- ``2023-06-24T10:00:00Z``
- ``2023-06-24T10:00:00-07:00``
Mutually exclusive with :mc-cmd:`~mc admin accesskey edit --expiry-duration`.
.. mc-cmd:: --expiry-duration
:optional:
Length of time for which the accesskey remains valid.
For example, ``30d``, ``24h``, or similar.
To expire the credentials after 30 days, use:
.. code-block::
--expiry-duration 30d
Mutually exclusive with :mc-cmd:`~mc admin accesskey edit --expiry`.
.. mc-cmd:: --name
:optional:
Add or modify a human-readable name for the access key.
.. mc-cmd:: --policy
:optional:
The path to a :ref:`policy document <minio-policy>` to attach to the new access key, with a maximum size of 2048 characters.
The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policies.
The new policy overwrites any previously attached policy.
.. mc-cmd:: --secret-key
:optional:
The secret key to associate with the new access key.
Overwrites the previous secret key.
Applications using the access keys *must* update to use the new credentials to continue performing operations.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Examples
--------
Change the secret key for an access key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command modifies the secret key for the access key ``myuseraccesskey`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin accesskey edit myminio/ myuseraccesskey --secret-key 'new-secret-key-change-me'
Change the expiration for an access key
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command changes the expiration value for the access key ``myuseraccesskey`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin accesskey edit myminio/ myuseraccesskey --expiry-duration 24h
The :mc-cmd:`~mc admin accesskey edit --expiry-duration` cannot be added if the access key already has a value set for :mc-cmd:`~mc admin accesskey edit --expiry`.
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

82
source/reference/minio-mc-admin/mc-admin-accesskey-enable.rst Normal file
View File

@ -0,0 +1,82 @@
.. _minio-mc-admin-accesskey-enable:
=============================
``mc admin accesskey enable``
=============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey enable
Syntax
------
.. start-mc-admin-accesskey-enable-desc
The :mc-cmd:`mc admin accesskey enable` command enables an existing access key.
.. end-mc-admin-accesskey-enable-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following command enables the specified access key:
.. code-block:: shell
:class: copyable
mc admin accesskey enable myminio myuserserviceaccount
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey enable \
ALIAS \
SERVICEACCOUNT
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: SERVICEACCOUNT
:required:
The access key to enable.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

120
source/reference/minio-mc-admin/mc-admin-accesskey-info.rst Normal file
View File

@ -0,0 +1,120 @@
.. _minio-mc-admin-accesskey-info:
===========================
``mc admin accesskey info``
===========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey info
Syntax
------
.. start-mc-admin-accesskey-info-desc
The :mc-cmd:`mc admin accesskey info` command returns a description of the specified :ref:`access key(s) <minio-id-access-keys>`.
.. end-mc-admin-accesskey-info-desc
The description output includes the following details, as available:
- Access Key
- Parent user of the specified access key
- Access key status (``on`` or ``off``)
- Policy or policies
- Comment
- Expiration
.. tab-set::
.. tab-item:: EXAMPLE
The following command returns information on the specified access key:
.. code-block:: shell
:class: copyable
mc admin accesskey info myminio myuseraccesskey
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey info \
ALIAS \
ACCESSKEY
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: ACCESSKEY
:required:
The access key to display.
Return information for multiple access keys by separating each access key with a space.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Examples
--------
Display access key details
~~~~~~~~~~~~~~~~~~~~~~~~~~
Use :mc-cmd:`mc admin accesskey info` to display details of an access key on a MinIO deployment:
.. code-block:: shell
:class: copyable
mc admin accesskey info myminio myaccesskey
- Replace ``myminio`` with the :mc-cmd:`alias <mc alias>` of the MinIO deployment.
- Replace :mc-cmd:`myaccesskey <mc admin user svcacct info ACCESSKEY>` with the access key for which to display information.
List multiple keys by separating each with a space.
The output resembles the following:
.. code-block:: shell
AccessKey: myuserserviceaccount
ParentUser: myuser
Status: on
Comment:
Policy: implied
Expiration: no-expiry
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

181
source/reference/minio-mc-admin/mc-admin-accesskey-list.rst Normal file
View File

@ -0,0 +1,181 @@
.. _minio-mc-admin-accesskey-list:
=========================
``mc admin accesskey ls``
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey list
.. mc:: mc admin accesskey ls
Syntax
------
.. start-mc-admin-accesskey-list-desc
The :mc:`mc admin accesskey ls` command lists users, access keys, or temporary :ref:`security token service <minio-security-token-service>` keys managed by the MinIO deployment.
.. end-mc-admin-accesskey-list-desc
The alias :mc:`mc admin accesskey list` has equivalent functionality to :mc:`mc admin accesskey ls`.
.. tab-set::
.. tab-item:: EXAMPLE
The following command lists all access keys associated to the user with username ``admin1`` on the deployment at alias ``myminio``:
.. code-block:: shell
:class: copyable
mc admin accesskey ls myminio admin1
The output resembles the following:
.. code-block:: shell
Access Key | Expiry
5XF3ZHNZK6FBDWH9JMLX | 2023-06-24 07:00:00 +0000 UTC
F4V2BBUZSWY7UG96ED70 | 2023-12-24 18:00:00 +0000 UTC
FZVSEZ8NM9JRBEQZ7B8Q | no-expiry
HOXGL8ON3RG0IKYCHCUD | no-expiry
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey ls \
ALIAS \
[USER] \
[--all] \
[--self] \
[--temp-only] \
[--users-only]
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: USER
:optional:
The username of the user(s) to display access keys for.
Separate multiple usernames with a space.
.. mc-cmd:: --all
:optional:
List all users and any access keys or temporary STS keys associated with them.
Requires admin privileges for the deployment.
This flag is mutually exclusive with the other flags available for this command.
.. mc-cmd:: --svcacc-only
:optional:
List temporary :ref:`Security Token Service (STS) keys <minio-security-token-service>` on the deployment.
This flag is mutually exclusive with the other flags available for this command.
.. mc-cmd:: --self
:optional:
List access keys and STS keys for the currently authenticated user.
This flag is mutually exclusive with the other flags available for this command.
.. mc-cmd:: --temp-only
:optional:
List users with their access keys.
This returns only users that have associated access keys.
This flag requires admin privileges for the user running the command.
This flag is mutually exclusive with the other flags available for this command.
.. mc-cmd:: --users-only
:optional:
List the MinIO users managed by the deployment.
Use in conjunction with the :mc-cmd:`~mc admin accesskey ls --all` flag to list all users on the deployment.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Examples
--------
List all built-in users and associated access keys
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command lists all users managed by the MinIO deployment at alias ``myminio`` and any associated access keys or temporary STS tokens.
.. code-block:: shell
:class: copyable
mc admin accesskey list myminio/ --all
Return a list of access keys for the current authenticated user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command lists the access keys or temporary STS tokens associated with the currently authenticated user for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin accesskey list myminio/ --self
List all users created and managed by the deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command returns a list of all of the users on the current deployment.
The list only includes MinIO IDP managed users, not users managed by a third party tool on a protocol like OpenID or Active Directory/LDAP.
.. code-block:: shell
:class: copyable
mc admin accesskey ls myminio/ --all --users-only
Return a list of access keys associated with the users ``miniouser1`` and ``miniouser2``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command returns a list of access keys for two users on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin accesskey ls myminio/ miniouser1 miniouser2
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

89
source/reference/minio-mc-admin/mc-admin-accesskey-remove.rst Normal file
View File

@ -0,0 +1,89 @@
.. _minio-mc-admin-accesskey-remove:
=========================
``mc admin accesskey rm``
=========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey remove
.. mc:: mc admin accesskey rm
Syntax
------
.. start-mc-admin-accesskey-remove-desc
The :mc:`mc admin accesskey rm` command removes an access key associated to a user on the deployment.
.. end-mc-admin-accesskey-remove-desc
The :mc:`mc admin accesskey remove` command has equivalent functionality to :mc:`mc admin accesskey rm`.
.. warning::
Applications can no longer authenticate using the access key after its removal.
.. tab-set::
.. tab-item:: EXAMPLE
The following command removes the specified access key:
.. code-block:: shell
:class: copyable
mc admin accesskey rm myminio myuserserviceaccount
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin accesskey rm \
ALIAS \
ACCESSKEYTOREMOVE
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :mc-cmd:`alias <mc alias>` of the MinIO deployment.
.. mc-cmd:: ACCESSKEYTOREMOVE
:required:
The access key to remove.
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

92
source/reference/minio-mc-admin/mc-admin-accesskey.rst Normal file
View File

@ -0,0 +1,92 @@
.. _minio-mc-admin-accesskey:
======================
``mc admin accesskey``
======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin accesskey
.. versionadded:: MinIO Client RELEASE.2024-10-08T09-37-26Z
These commands replace the MinIO IDP functionality of the :mc:`mc admin user svcacct` command and its subcommands.
Description
-----------
.. start-mc-admin-accesskey-desc
The :mc:`mc admin accesskey` command and its subcommands create and manage :ref:`Access Keys <minio-idp-service-account>` for internally managed users on a MinIO deployment.
.. end-mc-admin-accesskey-desc
Each access key is linked to a :ref:`user identity <minio-authentication-and-identity-management>` and inherits the :ref:`policies <minio-policy>` attached to its parent user *or* those groups in which the parent user has membership.
Each access key also supports an optional inline policy which further restricts access to a subset of actions and resources available to the parent user.
:mc:`mc admin user svcacct` only supports creating access keys for :ref:`MinIO-managed <minio-users>` accounts.
To create access keys for :ref:`Active Directory/LDAP-managed <minio-external-identity-management-ad-ldap>` accounts, use :mc:`mc idp ldap accesskey` and its subcommands.
To manage access keys for :ref:`OpenID Connect-managed users <minio-external-identity-management-openid>`, log into the :ref:`MinIO Console <minio-console>` and generate the access keys through the UI.
:mc:`mc admin accesskey` command has the following subcommands:
.. list-table::
:header-rows: 1
:widths: 40 60
* - Subcommand
- Description
* - :mc:`~mc admin accesskey create`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-create.rst
:start-after: start-mc-admin-accesskey-create-desc
:end-before: end-mc-admin-accesskey-create-desc
* - :mc:`~mc admin accesskey disable`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-disable.rst
:start-after: start-mc-admin-accesskey-disable-desc
:end-before: end-mc-admin-accesskey-disable-desc
* - :mc:`~mc admin accesskey edit`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-edit.rst
:start-after: start-mc-admin-accesskey-edit-desc
:end-before: end-mc-admin-accesskey-edit-desc
* - :mc:`~mc admin accesskey enable`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-enable.rst
:start-after: start-mc-admin-accesskey-enable-desc
:end-before: end-mc-admin-accesskey-enable-desc
* - :mc:`~mc admin accesskey info`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-info.rst
:start-after: start-mc-admin-accesskey-info-desc
:end-before: end-mc-admin-accesskey-info-desc
* - :mc:`~mc admin accesskey ls`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-list.rst
:start-after: start-mc-admin-accesskey-list-desc
:end-before: end-mc-admin-accesskey-list-desc
* - :mc:`~mc admin accesskey rm`
- .. include:: /reference/minio-mc-admin/mc-admin-accesskey-remove.rst
:start-after: start-mc-admin-accesskey-remove-desc
:end-before: end-mc-admin-accesskey-remove-desc
.. toctree::
:titlesonly:
:hidden:
/reference/minio-mc-admin/mc-admin-accesskey-create
/reference/minio-mc-admin/mc-admin-accesskey-disable
/reference/minio-mc-admin/mc-admin-accesskey-edit
/reference/minio-mc-admin/mc-admin-accesskey-enable
/reference/minio-mc-admin/mc-admin-accesskey-info
/reference/minio-mc-admin/mc-admin-accesskey-list
/reference/minio-mc-admin/mc-admin-accesskey-remove

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst
View File

@ -12,6 +12,14 @@
.. mc:: mc admin user svcacct add
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey create` command to add access keys for built-in MinIO IDP users.
To add access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey create` command.
Syntax
------

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-disable.rst
View File

@ -13,6 +13,14 @@
.. mc:: mc admin user svcacct disable
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey disable` command to disable an access key for a built-in MinIO IDP user.
To disable access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey disable` command.
Syntax
------

7
source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst
View File

@ -12,6 +12,13 @@
.. mc:: mc admin user svcacct edit
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey edit` command to modify access keys for built-in MinIO IDP users.
To modify access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey edit` command.
Syntax
------

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-enable.rst
View File

@ -12,6 +12,14 @@
.. mc:: mc admin user svcacct enable
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey enable` command to enable an access key for a built-in MinIO IDP user.
To enable access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey enable` command.
Syntax
------

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-info.rst
View File

@ -12,6 +12,14 @@
.. mc:: mc admin user svcacct info
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey info` command to display information about access keys for built-in MinIO IDP users.
For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey info` command.
Syntax
------

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-list.rst
View File

@ -14,6 +14,14 @@
.. mc:: mc admin user svcacct ls
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey ls` command to list access keys for built-in MinIO IDP users.
For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey ls` command.
Syntax
------

8
source/reference/minio-mc-admin/mc-admin-user-svcacct-remove.rst
View File

@ -13,6 +13,14 @@
.. mc:: mc admin user svcacct remove
.. mc:: mc admin user svcacct rm
.. important::
This command has been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey rm` command to delete access keys for built-in MinIO IDP users.
For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey rm` command.
Syntax
------

13
source/reference/minio-mc-admin/mc-admin-user-svcacct.rst
View File

@ -12,6 +12,14 @@
.. mc:: mc admin user svcacct
.. important::
These commands have been replaced and will be deprecated in a future MinIO Client release.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, use the :mc:`mc admin accesskey` command and its subcommands for functions related to built-in MinIO IDP users and their access keys or STS tokens.
For access keys for AD/LDAP users, use the :mc:`mc idp ldap accesskey` command and its subcommands.
Description
-----------
@ -19,9 +27,12 @@ Description
The :mc:`mc admin user svcacct` command and its subcommands create and manage :ref:`Access Keys <minio-idp-service-account>` on a MinIO deployment.
As of MinIO Client RELEASE.2024-10-08T09-37-26Z, these commands have been replaced by :mc:`mc admin accesskey` and :mc:`mc idp ldap accesskey`.
This command and its subcommands will be deprecated in a future MinIO Client release.
.. end-mc-admin-user-svcacct-desc
Each access key is linked to a :ref:`user identity <minio-authentication-and-identity-management>` and inherits the :ref:`policies <minio-policy>` attached to it's parent user *or* those groups in which the parent user has membership.
Each access key is linked to a :ref:`user identity <minio-authentication-and-identity-management>` and inherits the :ref:`policies <minio-policy>` attached to its parent user *or* those groups in which the parent user has membership.
Each access key also supports an optional inline policy which further restricts access to a subset of actions and resources available to the parent user.
:mc:`mc admin user svcacct` only supports creating access keys for :ref:`MinIO-managed <minio-users>` and :ref:`Active Directory/LDAP-managed <minio-external-identity-management-ad-ldap>` accounts.

8
source/reference/minio-server/settings/deprecated.rst
View File

@ -65,6 +65,14 @@ They are listed here for historical reference only.
To perform root credential rotation, modify the :envvar:`MINIO_ROOT_USER` and :envvar:`MINIO_ROOT_PASSWORD` environment variables.
.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME
.. deprecated:: Operator 6.0.4
Specifies the namespace to create and use for Operator.
When not specified, the default value is ``minio-operator``.
.. envvar:: MINIO_SECRET_KEY_OLD
.. deprecated:: RELEASE.2021-04-22T15-44-28Z

6
source/reference/operator-environment-variables.rst
View File

@ -63,12 +63,6 @@ Available MinIO Operator Environment Variables
The password Operator should use to decrypt the private key in the TLS certificate for Operator.
.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME
Specifies the namespace to create and use for Operator.
When not specified, the default value is ``minio-operator``.
.. envvar:: OPERATOR_STS_ENABLED
Toggle STS Service ``on`` or ``off``.