minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Further removal of legacy console references

Browse Source
This commit is contained in:
Ravind Kumar
2025-06-04 16:51:51 -04:00
parent 6090d389da
commit f08b2d67aa
30 changed files with 125 additions and 501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
source/administration/console/managing-objects.rst
View File

@ -11,7 +11,7 @@ Managing Objects
:local:
:depth: 2
You can use the MinIO Console to perform several of the bucket and object management and interaction functions available in MinIO.
You can use the MinIO Console to perform several of the bucket and object interaction functions available in MinIO.
Depending on the permissions and IAM policies for the authenticated user, you can:
- :ref:`Browse, upload, revert, manage, and interact with objects <minio-console-object-browser>`.
@ -40,8 +40,6 @@ Example actions the user may be able to perform include:
- Download objects
- Share
- Preview
- Manage legal holds
- Manage retention
- Manage tags
- Inspect
- Display versions
@ -65,10 +63,6 @@ Buckets
-------
The Console's :guilabel:`Bucket` section displays all buckets to which the authenticated user has :ref:`access <minio-policy>`.
Use this section to create or manage these buckets, depending on your user's access.
Creating Buckets
~~~~~~~~~~~~~~~~
Select :guilabel:`Create Bucket` to create a new bucket on the deployment.
MinIO validates bucket names.
@ -85,27 +79,3 @@ While creating a bucket, you can enable :ref:`versioning <minio-bucket-versionin
You can configure locking and versioning options only when you create the bucket.
You cannot change these settings for the bucket later.
Managing Buckets
~~~~~~~~~~~~~~~~
Use the :guilabel:`Search` bar to filter for specific buckets.
Select the row for the bucket to display summary information about the bucket.
Form the summary screen, select any of the available tabs to further manage the bucket.
.. note::
Some management features may not be available if the authenticated user does not have the :ref:`required administrative permissions <minio-policy-mc-admin-actions>`.
When managing a bucket, your access settings may allow you to view or change any of the following:
- The :guilabel:`Summary` section displays a summary of the bucket's configuration.
Use this section to view and modify the bucket's access policy, encryption, quota, and tags.
- Configure alerts in the :guilabel:`Events` section to trigger :ref:`notification events <minio-bucket-notifications>` when a user uploads, accesses, or deletes matching objects.
- Review security in the :guilabel:`Access` section by listing the :ref:`policies <minio-policy>` and :ref:`users <minio-users>` with access to that bucket.
- Properly secure unauthenticated access with the :guilabel:`Anonymous` section by managing rules for prefixes that unauthenticated users can use to read or write objects.

6
source/administration/identity-access-management/ad-ldap-access-management.rst
View File

@ -58,10 +58,8 @@ Access Keys are long-lived credentials which inherit their privileges from the p
The parent user can further restrict those privileges while creating the access keys.
Use either of the following methods to create a new access key:
- Log into the :ref:`MinIO Console <minio-console>` using the AD/LDAP-managed user credentials.
In the :guilabel:`User` section, select :guilabel:`Access Keys` followed by :guilabel:`Create access keys +`.
- Use the :mc:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys.
Use the :mc:`mc admin user svcacct add` command to create the access keys.
Specify the user Distinguished Name as the username to which to associate the access keys.
Mapping Policies to User DN

3
source/administration/identity-access-management/minio-identity-management.rst
View File

@ -20,8 +20,7 @@ a valid access key (username) and the corresponding secret key (password) of
an existing MinIO user.
Administrators use the :mc:`mc admin user` command to create and manage
MinIO users. The :minio-git:`MinIO Console <console>` provides a graphical
interface for creating users.
MinIO users.
MinIO also supports creating :ref:`access keys
<minio-idp-service-account>`. Access Keys are child identities of an

2
source/administration/identity-access-management/minio-user-management.rst
View File

@ -56,7 +56,7 @@ A MinIO user can generate any number of access keys.
This allows application owners to generate arbitrary access keys for their applications without requiring action from the MinIO administrators.
Since the generated access keys have the same or fewer permissions as the parents, administrators can focus on managing the top-level parent users without micro-managing generated access keys.
You can create access keys using either the :ref:`MinIO Console <minio-console-user-access-keys>` *or* by using the :mc:`mc admin user svcacct add` command.
You can create access keys by using the :mc:`mc admin user svcacct add` command.
Identities created by these methods do not expire until you remove the access key or the parent account.
You can also create :ref:`security token service <minio-security-token-service>` accounts programmatically with the ``AssumeRole`` STS API endpoint.

8
source/administration/identity-access-management/oidc-access-management.rst
View File

@ -102,12 +102,6 @@ credentials with a JSON Web Token Claim flow is as follows:
MinIO provides an example Go application :minio-git:`web-identity.go <minio/blob/master/docs/sts/web-identity.go>` that handles the full login flow.
OIDC users can alternatively create :ref:`access keys <minio-idp-service-account>`.
Access Keys are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the access keys.
To create a new access key, log into the :ref:`MinIO Console <minio-console>` using the OIDC-managed user credentials.
From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Access Keys` followed by the :guilabel:`Create access keys +` button.
Identifying the JWT Claim Value
+++++++++++++++++++++++++++++++
@ -124,7 +118,7 @@ Defer to the documentation for your preferred OIDC provider for instructions on
Creating Policies to Match Claims
---------------------------------
Use either the MinIO Console *or* the :mc:`mc admin policy` command to create policies that match one or more claim values.
Use the :mc:`mc admin policy` command to create policies that match one or more claim values.
OIDC Policy Variables
---------------------

2
source/administration/identity-access-management/pluggable-authentication.rst
View File

@ -108,4 +108,4 @@ The ``"reason"`` field should include the reason for the 403.
Creating Policies to Match Claims
---------------------------------
Use either the :ref:`MinIO Console <minio-console-admin-policies>` *or* the :mc:`mc admin policy` command to create policies that match one or more claim values.
Use the :mc:`mc admin policy` command to create policies that match one or more claim values.

2
source/administration/minio-console.rst
View File

@ -124,8 +124,6 @@ Logging In
The MinIO Console displays a login screen for unauthenticated users.
The Console defaults to providing a username and password prompt for a :ref:`MinIO-managed user <minio-internal-idp>`.
For deployments configured with multiple :ref:`identity managers <minio-authentication-and-identity-management>`, you can also log in using credentials generated using a :ref:`Security Token Service (STS) <minio-security-token-service>` API.
.. admonition:: Try out the Console using MinIO's Play testing environment
:class: note

2
source/administration/monitoring.rst
View File

@ -37,8 +37,6 @@ Deployment Metrics
MinIO provides a Prometheus-compatible endpoint for supporting time-series querying of metrics.
MinIO deployments :ref:`configured to enable Prometheus scraping <minio-metrics-and-alerts>` provide a detailed metrics view through the MinIO Console.
Server Logs
-----------

112
source/administration/object-management/object-retention.rst
View File

@ -192,35 +192,7 @@ Create Bucket with Object Locking Enabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You must enable object locking during bucket creation as per S3 behavior.
You can create a bucket with object locking enabled using the MinIO Console,
the MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
.. tab-set::
.. tab-item:: MinIO Console
:sync: console
Select the :guilabel:`Buckets` section of the MinIO Console to access
bucket creation and management functions. Select the bucket row from the
list of buckets. You can use the :octicon:`search` :guilabel:`Search` bar
to filter the list.
.. image:: /images/minio-console/console-bucket.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Click the :guilabel:`Create Bucket` button to open the bucket creation
modal. Toggle the :guilabel:`Object Locking` selector to enable object
locking on the bucket.
.. image:: /images/minio-console/console-bucket-create-bucket-with-locking.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
.. tab-item:: MinIO CLI
:sync: cli
You can create a bucket with object locking enabled using the MinIO :mc:`mc` CLI or using an S3-compatible SDK.
Use the :mc:`mc mb` command with the :mc-cmd:`~mc mb --with-lock`
option to create a bucket with object locking enabled:
@ -239,46 +211,13 @@ the MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
Configure Bucket-Default Object Retention
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can configure object locking rules ("object retention") using the
MinIO Console, the MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
You can configure object locking rules ("object retention") using the MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
MinIO supports setting both bucket-default *and* per-object retention rules.
The following examples set bucket-default retention. For per-object retention
settings, defer to the documentation for the ``PUT`` operation used by your
preferred SDK.
.. tab-set::
.. tab-item:: MinIO Console
:sync: console
Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list.
.. image:: /images/minio-console/console-bucket.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket.
.. image:: /images/minio-console/console-bucket-manage.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
From the :guilabel:`Retention` section, select :guilabel:`Enabled`.
This section is only visible for buckets created with object locking enabled.
From the :guilabel:`Set Retention Configuration` modal, set the desired bucket default retention settings.
- For :guilabel:`Retention Mode`, select either :ref:`COMPLIANCE <minio-object-locking-compliance>` or :ref:`GOVERNANCE <minio-object-locking-governance>`.
- For :guilabel:`Duration`, select the retention duration units of :guilabel:`Days` or :guilabel:`Years`.
- For :guilabel:`Retention Validity`, set the duration of time for which MinIO holds objects under the specified retention mode for the bucket.
.. tab-item:: MinIO CLI
:sync: cli
Use the :mc:`mc retention set` command with the
:mc-cmd:`--recursive <mc retention set --recursive>` and
@ -290,54 +229,23 @@ preferred SDK.
mc retention set --recursive --default MODE DURATION ALIAS/BUCKET
- Replace :mc-cmd:`MODE <mc retention set MODE>` with either either
:ref:`COMPLIANCE <minio-object-locking-compliance>` or
:ref:`GOVERNANCE <minio-object-locking-governance>`.
- Replace :mc-cmd:`MODE <mc retention set MODE>` with either either :ref:`COMPLIANCE <minio-object-locking-compliance>` or :ref:`GOVERNANCE <minio-object-locking-governance>`.
- Replace :mc-cmd:`DURATION <mc retention set VALIDITY>` with the
duration for which the object lock remains in effect.
- Replace :mc-cmd:`DURATION <mc retention set VALIDITY>` with the duration for which the object lock remains in effect.
- Replace :mc-cmd:`ALIAS <mc retention set ALIAS>` with the
:mc:`alias <mc alias>` of a configured MinIO deployment.
- Replace :mc-cmd:`ALIAS <mc retention set ALIAS>` with the :mc:`alias <mc alias>` of a configured MinIO deployment.
- Replace :mc-cmd:`BUCKET <mc retention set ALIAS>` with the
name of the bucket on which to set the default retention rule.
- Replace :mc-cmd:`BUCKET <mc retention set ALIAS>` with the name of the bucket on which to set the default retention rule.
Enable Legal Hold Retention
~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can enable or disable indefinite legal hold retention for an object using the MinIO Console, the MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
You can enable or disable indefinite legal hold retention for an object using the MinIO :mc:`mc` CLI or using an S3-compatible SDK.
You can place a legal hold on an object already held under a :ref:`COMPLIANCE <minio-object-locking-compliance>` or :ref:`GOVERNANCE <minio-object-locking-governance>` lock.
The object remains WORM locked under the legal hold even when the retention lock expires.
You or another user with the necessary permissions must explicitly lift the legal hold to remove the WORM lock.
.. tab-set::
.. tab-item:: MinIO Console
:sync: console
Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions.
You can use the :octicon:`search` :guilabel:`Search` bar to filter the list.
.. image:: /images/minio-console/console-bucket.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket.
.. image:: /images/minio-console/console-object-browser.png
:width: 600px
:alt: MinIO Console Bucket Object Browser
:align: center
Browse to the object and select it to open the object details view.
Select the :guilabel:`Legal Hold` button to toggle the legal hold status of the object.
.. tab-item:: MinIO CLI
:sync: cli
Use the :guilabel:`mc legalhold set` command to toggle the legal hold status on an object.
.. code-block:: shell
@ -345,11 +253,9 @@ You or another user with the necessary permissions must explicitly lift the lega
mc legalhold set ALIAS/PATH
- Replace :mc-cmd:`ALIAS <mc legalhold set ALIAS>` with the
:mc:`alias <mc alias>` of a configured MinIO deployment.
- Replace :mc-cmd:`ALIAS <mc legalhold set ALIAS>` with the :mc:`alias <mc alias>` of a configured MinIO deployment.
- Replace :mc-cmd:`PATH <mc legalhold set ALIAS>` with the
path to the object for which to enable the legal hold.
- Replace :mc-cmd:`PATH <mc legalhold set ALIAS>` with the path to the object for which to enable the legal hold.
.. _minio-object-locking-retention-modes:

61
source/administration/object-management/object-versioning.rst
View File

@ -245,32 +245,6 @@ Enable Bucket Versioning
You can enable versioning using the MinIO Console, the MinIO :mc:`mc` CLI, or
using an S3-compatible SDK.
.. tab-set::
.. tab-item:: MinIO Console
Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list.
.. image:: /images/minio-console/console-bucket.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket.
.. image:: /images/minio-console/console-bucket-manage.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Toggle the :guilabel:`Versioning` field to enable versioning on the bucket.
The MinIO Console also supports enabling versioning as part of bucket
creation. See :ref:`minio-console-buckets` for more information on
bucket management using the MinIO Console.
.. tab-item:: MinIO CLI
Use the :mc:`mc version enable` command to enable versioning on an
existing bucket:
@ -286,9 +260,7 @@ using an S3-compatible SDK.
:mc-cmd:`target bucket <mc version enable ALIAS>` on which to enable
versioning.
Objects created prior to enabling versioning have a
``null`` :ref:`version ID <minio-bucket-versioning-id>`.
Objects created prior to enabling versioning have a ``null`` :ref:`version ID <minio-bucket-versioning-id>`.
Exclude a Prefix From Versioning
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -426,36 +398,9 @@ To disable folder exclusion and resume versioning all folders, repeat the :mc:`m
Suspend Bucket Versioning
~~~~~~~~~~~~~~~~~~~~~~~~~
You can suspend bucket versioning at any time using the MinIO Console, the
MinIO :mc:`mc` CLI, or using an S3-compatible SDK.
You can suspend bucket versioning at any time using he MinIO :mc:`mc` CLI or using an S3-compatible SDK.
.. tab-set::
.. tab-item:: MinIO Console
Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list.
.. image:: /images/minio-console/console-bucket.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket.
.. image:: /images/minio-console/console-bucket-manage.png
:width: 600px
:alt: MinIO Console Bucket Management
:align: center
Select the :guilabel:`Versioning` field and follow the instructions to suspend versioning in the bucket.
See :ref:`minio-console-buckets` for more information on bucket
management using the MinIO Console.
.. tab-item:: MinIO CLI
Use the :mc:`mc version suspend` command to enable versioning on an
existing bucket:
Use the :mc:`mc version suspend` command to enable versioning on an existing bucket:
.. code-block:: shell
:class: copyable

8
source/developers/rust/minio-rust.rst
View File

@ -13,8 +13,8 @@ Rust Quickstart Guide
.. include:: /developers/rust/quickstart.md
:parser: myst_parser.sphinx_
.. toctree::
:titlesonly:
:hidden:
.. .. toctree::
.. :titlesonly:
.. :hidden:
.. /developers/go/API.md
.. /developers/rust/API.md

4
source/includes/common-installation.rst
View File

@ -157,9 +157,7 @@ from the previous step.
:alt: MinIO Console Login Page
:align: center
You can use the MinIO Console for general administration tasks like
Identity and Access Management, Metrics and Log Monitoring, or
Server Configuration. Each MinIO server includes its own embedded MinIO
Each MinIO server includes its own embedded MinIO
Console.
.. end-install-minio-console-desc

1
source/includes/common-mc-admin-config.rst
View File

@ -105,7 +105,6 @@ You can establish or modify settings by defining:
- an *environment variable* on the host system prior to starting or restarting the MinIO Server.
Refer to your operating system's documentation for how to define an environment variable.
- a *configuration setting* using :mc:`mc admin config set`.
- a *configuration setting* using the :ref:`MinIO Console's <minio-console-settings>` :guilabel:`Administrator > Settings` pages.
If you define both an environment variable and the similar configuration setting, MinIO uses the environment variable value.

1
source/includes/common-minio-ad-ldap-params.rst
View File

@ -148,7 +148,6 @@ This command works against :ref:`access keys <minio-id-access-keys>` created by
Create AD/LDAP service accounts with the :mc-cmd:`mc idp ldap accesskey create` command.
Authenticated users can manage their own long-term Access Keys using the :ref:`MinIO Console <minio-console-user-access-keys>`.
MinIO supports using :ref:`AssumeRoleWithLDAPIdentity <minio-sts-assumerolewithldapidentity>` to generate temporary access keys using the :ref:`Security Token Service <minio-security-token-service>`.
.. end-minio-ad-ldap-accesskey-creation

7
source/includes/common/common-deploy.rst
View File

@ -98,12 +98,7 @@ Include any other environment variables as required for your local deployment.
Log in with the :envvar:`MINIO_ROOT_USER` and :envvar:`MINIO_ROOT_PASSWORD` configured in the environment file specified to the container.
.. image:: /images/minio-console/console-bucket-none.png
:width: 600px
:alt: MinIO Console displaying Buckets view in a fresh installation
:align: center
You can use the MinIO Console for general administration tasks like Identity and Access Management, Metrics and Log Monitoring, or Server Configuration. Each MinIO server includes its own embedded MinIO Console.
Each MinIO server includes its own embedded MinIO Console.
If your local host firewall permits external access to the Console port, other hosts on the same network can access the Console using the IP or hostname for your local host.

22
source/includes/common/common-minio-kes.rst
View File

@ -156,27 +156,7 @@ MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptograp
.. start-kes-enable-sse-kms-desc
You can use either the MinIO Console or the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key:
.. tab-set::
.. tab-item:: MinIO Console
Open the MinIO Console by navigating to http://127.0.0.1:9001 in your preferred browser and logging in with the root credentials specified to the MinIO Server.
If you deployed MinIO using a different Console listen port, substitute ``9001`` with that port value.
Once logged in, create a new Bucket and name it to your preference.
Select the Gear :octicon:`gear` icon to open the management view.
Select the pencil :octicon:`pencil` icon next to the :guilabel:`Encryption` field to open the modal for configuring a bucket default SSE scheme.
Select :guilabel:`SSE-KMS`, then enter the name of the key created in the previous step.
Once you save your changes, try to upload a file to the bucket.
When viewing that file in the object browser, note that the sidebar metadata includes the SSE encryption scheme and information on the key used to encrypt that object.
This indicates the successful encrypted state of the object.
.. tab-item:: MinIO CLI
Use the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key:
The following commands:

2
source/includes/container/common-deploy.rst
View File

@ -81,7 +81,7 @@ The instructions include examples for both quay.io and DockerHub:
:alt: MinIO Console displaying Buckets view in a fresh installation.
:align: center
You can use the MinIO Console for general administration tasks like Identity and Access Management, Metrics and Log Monitoring, or Server Configuration. Each MinIO server includes its own embedded MinIO Console.
Each MinIO server includes its own embedded MinIO Console.
If your local host firewall permits external access to the Console port, other hosts on the same network can access the Console using the IP or hostname for your local host.

14
source/includes/container/steps-configure-keycloak-identity-management.rst
View File

@ -91,18 +91,11 @@ Log in using the default credentials ``minioadmin:minioadmin``.
MinIO supports multiple methods for configuring Keycloak authentication:
- Using the MinIO Console
- Using a terminal/shell and the :mc:`mc idp openid` command
- Using environment variables set prior to starting MinIO
.. tab-set::
.. tab-item:: MinIO Console
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
:start-after: start-configure-keycloak-minio-console
:end-before: end-configure-keycloak-minio-console
.. tab-item:: CLI
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
@ -120,11 +113,6 @@ You must restart the MinIO deployment for the changes to apply.
Check the :ref:`MinIO server logs <minio-logging>` and verify that startup succeeded with no errors related to the Keycloak configuration.
If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`.
Specify a configured user and attempt to log in.
MinIO should automatically redirect you to the Keycloak login entry.
Upon successful authentication, Keycloak should redirect you back to the MinIO Console.
8) Generate Application Credentials using the Security Token Service (STS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -138,5 +126,3 @@ Next Steps
Applications should implement the :ref:`STS <minio-security-token-service>` flow using their :ref:`SDK <minio-drivers>` of choice.
When STS credentials expire, applications should have logic in place to regenerate the JWT token, STS token, and MinIO credentials before retrying and continuing operations.
Alternatively, users can generate :ref:`access keys <minio-id-access-keys>` through the MinIO Console for the purpose of creating long-lived API-key like access using their Keycloak credentials.

20
source/includes/container/steps-configure-minio-kes-hashicorp.rst
View File

@ -82,26 +82,8 @@ b. Create the MinIO Environment File
4) Enable SSE-KMS for a Bucket
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can use either the MinIO Console or the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key:
Use the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key:
.. tab-set::
.. tab-item:: MinIO Console
Open the MinIO Console by navigating to http://127.0.0.1:9001 in your preferred browser and logging in with the root credentials specified to the MinIO container.
Once logged in, create a new Bucket and name it to your preference.
Select the Gear :octicon:`gear` icon to open the management view.
Select the pencil :octicon:`pencil` icon next to the :guilabel:`Encryption` field to open the modal for configuring a bucket default SSE scheme.
Select :guilabel:`SSE-KMS`, then enter the name of the key created in the previous step.
Once you save your changes, try to upload a file to the bucket.
When viewing that file in the object browser, note that in the sidebar the metadata includes the SSE encryption scheme and information on the key used to encrypt that object.
This indicates the successful encrypted state of the object.
.. tab-item:: MinIO CLI
The following commands:

19
source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst
View File

@ -79,24 +79,7 @@ Replace ``POLICY`` with the name of the MinIO policy to assign to the user or gr
See :ref:`minio-external-identity-management-ad-ldap-access-control` for more information on access control with AD/LDAP users and groups.
4) Use the MinIO Tenant Console to Log In with AD/LDAP Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The MinIO Console supports the full workflow of authenticating to the AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment.
See :ref:`Deploy MinIO Tenant: Connect to the Tenant <create-tenant-connect-tenant>` for additonal information about accessing the Tenant Console.
If the AD/LDAP configuration succeeded, the Console displays a button to login with AD/LDAP credentials.
Enter the user's AD/LDAP credentials and log in to access the Console.
Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-ad-ldap-access-control>`.
You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO.
Access Keys are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the access keys.
5) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
4) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Applications can use an AD/LDAP user credential to generate temporary S3-compatible credentials as-needed using the :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) API endpoint.

34
source/includes/k8s/steps-configure-keycloak-identity-management.rst
View File

@ -35,35 +35,6 @@ Set the value to any :ref:`policy <minio-policy>` on the MinIO deployment.
4) Configure MinIO for Keycloak Authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO supports multiple methods for configuring Keycloak authentication:
- Using the MinIO Tenant Console
- Using a terminal/shell and the :mc:`mc idp openid` command
.. tab-set::
.. tab-item:: MinIO Tenant Console
You can use the MinIO Tenant Console to configure Keycloak as the External Identity Provider for the MinIO Tenant.
Access the Console service using the NodePort, Ingress, or Load Balancer endpoint.
You can use the following command to review the Console configuration:
.. code-block:: shell
:class: copyable
kubectl describe svc/TENANT_NAME-console -n TENANT_NAMESPACE
Replace ``TENANT_NAME`` and ``TENANT_NAMESPACE`` with the name of the MinIO Tenant and it's Namespace, respectively.
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
:start-after: start-configure-keycloak-minio-console
:end-before: end-configure-keycloak-minio-console
Select :guilabel:`Save` to apply the configuration.
.. tab-item:: CLI
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
:start-after: start-configure-keycloak-minio-cli
:end-before: end-configure-keycloak-minio-cli
@ -72,11 +43,6 @@ Restart the MinIO deployment for the changes to apply.
Check the MinIO logs and verify that startup succeeded with no errors related to the OIDC configuration.
If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`.
Specify a configured user and attempt to log in.
MinIO should automatically redirect you to the Keycloak login entry.
Upon successful authentication, Keycloak should redirect you back to the MinIO Console using either the originating Console URL *or* the :guilabel:`Redirect URI` if configured.
5) Generate Application Credentials using the Security Token Service (STS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

19
source/includes/k8s/steps-configure-openid-external-identity-management.rst
View File

@ -97,24 +97,7 @@ MinIO attaches the ``datareadonly`` policy to any authenticated OIDC user with `
See :ref:`minio-external-identity-management-openid-access-control` for more information on access control with OIDC users and groups.
4) Use the MinIO Tenant Console to Log In with OIDC Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The MinIO Console supports the full workflow of authenticating to the OIDC provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment.
See :ref:`Deploy MinIO Tenant: Connect to the Tenant <create-tenant-connect-tenant>` for additonal information about accessing the Tenant Console.
If the OIDC configuration succeeded, the Console displays a button to login with OIDC credentials.
Enter the user's OIDC credentials and log in to access the Console.
Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-openid-access-control>`.
You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO.
Access Keys are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the access keys.
5) Generate S3-Compatible Temporary Credentials using OIDC Credentials
4) Generate S3-Compatible Temporary Credentials using OIDC Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Applications can generate temporary access credentials as-needed using the :ref:`minio-sts-assumerolewithwebidentity` Security Token Service (STS) API endpoint and the JSON Web Token (JWT) returned by the :abbr:`OIDC (OpenID Connect)` provider.

3
source/includes/linux/common-installation.rst
View File

@ -143,8 +143,7 @@ to the following:
Open your browser to any of the listed :guilabel:`Console` addresses to open the
:ref:`MinIO Console <minio-console>` and log in with the :guilabel:`RootUser`
and :guilabel:`RootPass`. You can use the MinIO Console for performing
administration on the MinIO server.
and :guilabel:`RootPass`.
For applications, use the :guilabel:`API` addresses to access the MinIO
server and perform S3 operations.

3
source/includes/linux/deploy-standalone.rst
View File

@ -85,8 +85,7 @@ to the following:
Open your browser to any of the listed :guilabel:`Console` addresses to open the
:ref:`MinIO Console <minio-console>` and log in with the :guilabel:`RootUser`
and :guilabel:`RootPass`. You can use the MinIO Console for performing
administration on the MinIO server.
and :guilabel:`RootPass`.
For applications, use the :guilabel:`API` addresses to access the MinIO
server and perform S3 operations.

15
source/includes/linux/steps-configure-keycloak-identity-management.rst
View File

@ -37,18 +37,11 @@ Set the value to any :ref:`policy <minio-policy>` on the MinIO deployment.
MinIO supports multiple methods for configuring Keycloak authentication:
- Using the MinIO Console
- Using a terminal/shell and the :mc:`mc idp openid` command
- Using environment variables set prior to starting MinIO
.. tab-set::
.. tab-item:: MinIO Console
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
:start-after: start-configure-keycloak-minio-console
:end-before: end-configure-keycloak-minio-console
.. tab-item:: CLI
.. include:: /includes/common/common-configure-keycloak-identity-management.rst
@ -65,12 +58,6 @@ Restart the MinIO deployment for the changes to apply.
Check the MinIO logs and verify that startup succeeded with no errors related to the OIDC configuration.
If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`.
Specify a configured user and attempt to log in.
MinIO should automatically redirect you to the Keycloak login entry.
Upon successful authentication, Keycloak should redirect you back to the MinIO Console using either the originating Console URL *or* the :guilabel:`Redirect URI` if configured.
5) Generate Application Credentials using the Security Token Service (STS)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -84,8 +71,6 @@ Next Steps
Applications should implement the :ref:`STS AssumeRoleWithWebIdentity <minio-sts-assumerolewithwebidentity>` flow using their :ref:`SDK <minio-drivers>` of choice.
When STS credentials expire, applications should have logic in place to regenerate the JWT token, STS token, and MinIO credentials before retrying and continuing operations.
Alternatively, users can generate :ref:`access keys <minio-id-access-keys>` through the MinIO Console for the purpose of creating long-lived API-key like access using their Keycloak credentials.

40
source/operations/external-iam/configure-ad-ldap-external-identity-management.rst
View File

@ -21,13 +21,11 @@ The procedure on this page provides instructions for:
.. cond:: k8s
- Configuring a MinIO Tenant to use an external AD/LDAP provider
- Accessing the Tenant Console using AD/LDAP Credentials.
- Using the MinIO ``AssumeRoleWithLDAPIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications.
.. cond:: linux or macos or container or windows
- Configuring a MinIO cluster for an external AD/LDAP provider.
- Accessing the MinIO Console using AD/LDAP credentials.
- Using the MinIO ``AssumeRoleWithLDAPIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications.
This procedure is generic for AD/LDAP services.
@ -118,7 +116,6 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
* MinIO Client
* Environment variables
* MinIO Console
All methods require starting/restarting the MinIO deployment to apply changes.
@ -161,14 +158,6 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
For more complete documentation on these settings, see :mc:`mc idp ldap`.
.. admonition:: :mc:`mc idp ldap` recommended
:class: note
:mc:`mc idp ldap` offers additional features and improved validation over :mc-cmd:`mc admin config set` runtime configuration settings.
:mc:`mc idp ldap` supports the same settings as :mc:`mc admin config` and the :mc-conf:`identity_ldap` configuration key.
The :mc-conf:`identity_ldap` configuration key remains available for existing scripts and tools.
.. tab-item:: Environment Variables
MinIO supports specifying the AD/LDAP provider settings using :ref:`environment variables <minio-server-envvar-external-identity-management-ad-ldap>`.
@ -202,23 +191,11 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap`
.. tab-item:: MinIO Console
MinIO supports specifying the AD/LDAP provider settings using the :ref:`MinIO Console <minio-console>`.
For distributed deployments, configuring AD/LDAP from the Console applies the configuration to all nodes in the deployment.
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-console-enable
:end-before: end-minio-ad-ldap-console-enable
2) Restart the MinIO Deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You must restart the MinIO deployment to apply the configuration changes.
If you configured AD/LDAP from the MinIO Console, no additional action is required.
The MinIO Console automatically restarts the deployment after saving the new AD/LDAP configuration.
For MinIO Client and environment variable configuration, use the :mc-cmd:`mc admin service restart` command to restart the deployment:
.. code-block:: shell
@ -228,20 +205,7 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
Replace ``ALIAS`` with the :ref:`alias <alias>` of the deployment to restart.
3) Use the MinIO Console to Log In with AD/LDAP Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The MinIO Console supports the full workflow of authenticating to the AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment.
You can access the Console by opening the root URL for the MinIO cluster. For example, ``https://minio.example.net:9000``.
Once logged in, you can perform any action for which the authenticated user is :ref:`authorized <minio-external-identity-management-ad-ldap-access-control>`.
You can also create :ref:`access keys <minio-idp-service-account>` for supporting applications which must perform operations on MinIO.
Access Keys are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the service account.
4) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
3) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO requires clients to authenticate using :s3-api:`AWS Signature Version 4 protocol <sig-v4-authenticating-requests.html>` with support for the deprecated Signature Version 2 protocol.
@ -281,5 +245,3 @@ You can enable and disable the configured AD/LDAP connection as needed.
Use :mc:`mc idp ldap disable` to deactivate a configured connection.
Use :mc:`mc idp ldap enable` to activate a previously configured connection.
You may also enable or disable AD/LDAP from the :ref:`MinIO Console <minio-console>`.

3
source/operations/external-iam/configure-keycloak-identity-management.rst
View File

@ -23,7 +23,6 @@ This procedure specifically covers the following steps:
- Configure Keycloak for use with MinIO authentication and authorization
- Configure a new or existing MinIO Tenant to use Keycloak as the OIDC provider
- Create policies to control access of Keycloak-authenticated users
- Log into the MinIO Tenant Console using SSO and a Keycloak-managed identity
- Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API
.. cond:: linux or macos or windows
@ -31,7 +30,6 @@ This procedure specifically covers the following steps:
- Configure Keycloak for use with MinIO authentication and authorization
- Configure a new or existing MinIO cluster to use Keycloak as the OIDC provider
- Create policies to control access of Keycloak-authenticated users
- Log into the MinIO Console using SSO and a Keycloak-managed identity
- Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API
.. cond:: container
@ -40,7 +38,6 @@ This procedure specifically covers the following steps:
- Configure Keycloak for use with MinIO authentication and authorization
- Configure MinIO to use Keycloak as the OIDC provider
- Create policies to control access of Keycloak-authenticated users
- Log into the MinIO Console using SSO and a Keycloak-managed identity
- Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API
This procedure was written and tested against Keycloak ``21.0.0``.

2
source/operations/monitoring.rst
View File

@ -29,8 +29,6 @@ The following table lists tutorials for integrating MinIO metrics with select th
* - :ref:`minio-metrics-collect-using-prometheus`
- Configure Prometheus to Monitor and Alert for a MinIO deployment
Configure MinIO to query the Prometheus deployment to enable historical metrics via the MinIO Console
* - :ref:`minio-metrics-influxdb`
- Configure InfluxDB to Monitor and Alert for a MinIO deployment.

4
source/reference/minio-mc-admin/mc-admin-accesskey-create.rst
View File

@ -27,9 +27,7 @@ The :mc-cmd:`mc admin accesskey create` command adds a new access key and secret
This command is for access keys for users created directly on the MinIO deployment and not managed by a third party solution.
- To generate access keys for :ref:`OpenID Connect users <minio-external-identity-management-openid>`, use the :ref:`MinIO Console <minio-console>`.
- To generate access keys for :ref:`Active Directory/LDAP users <minio-external-identity-management-ad-ldap>`, use :mc:`mc idp ldap accesskey create`.
To generate access keys for :ref:`Active Directory/LDAP users <minio-external-identity-management-ad-ldap>`, use :mc:`mc idp ldap accesskey create`.
.. tab-set::

7
source/reference/minio-server/settings/console.rst
View File

@ -10,6 +10,13 @@ MinIO Console Settings
:local:
:depth: 2
.. versionchanged:: RELEASE.2025-05-24T17-08-30Z
The Console now presents only object browser capabilities similar to those available through the :mc:`mc` tool.
For administrative interactions, such as user management, use the :mc:`mc admin` command.
Some of the settings on this page may no longer be relevant for newer deployments.
This page covers settings that manage access and behavior for the MinIO Console.
.. include:: /includes/common-mc-admin-config.rst