minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-08 01:43:18 +03:00
Code Activity
Files
relax-event-restriction
docs/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst
Daryl White af3d8aba9f Updates for two October 2024 releases (#1353) 
Deprecates a no longer used operator environment variable.

Closes #1351

Adds `mc admin accesskey` and subcommands.
Updates `mc admin user svcacct` and subcommands with reference to new
commands.

Closes #1350
2024-10-22 16:32:42 -04:00

7.7 KiB
Raw Permalink Blame History

mc admin accesskey create

minio

Table of Contents

mc admin accesskey create

Syntax

The mc admin accesskey create command adds a new access key and secret key pair for an existing MinIO user.

Access keys for OpenID Connect or AD/LDAP users

This command is for access keys for users created directly on the MinIO deployment and not managed by a third party solution.

  • To generate access keys for OpenID Connect users <minio-external-identity-management-openid>, use the MinIO Console <minio-console>.
  • To generate access keys for Active Directory/LDAP users <minio-external-identity-management-ad-ldap>, use mc idp ldap accesskey create.

EXAMPLE

The following command creates a new access key associated to an existing MinIO user:

mc admin accesskey create        \
   myminio/ myuser               \                                                  
   --access-key myuseraccesskey  \                                  
   --secret-key myusersecretkey  \
   --policy /path/to/policy.json

The command returns the access key and secret key for the new account.

SYNTAX

The command has the following syntax:

mc [GLOBALFLAGS] admin accesskey create                    \
                                 ALIAS                     \
                                 [USER]                    \
                                 [--access-key string]     \
                                 [--secret-key string]     \
                                 [--policy path]           \
                                 [--name string]           \
                                 [--description string]    \
                                 [--expiry-duration value] \
                                 [--expiry date]

Parameters

ALIAS

The alias <mc alias> of the MinIO deployment.

USER

The username of the user to which MinIO adds the new access key. If not specified, MinIO generates an access key/secret key pair for the authenticated user.

--access-key

A string to use as the access key for this account. Omit to let MinIO autogenerate a random 20 character value.

Access Key names must be unique across all users.

--description

Add a description for the access key. For example, you might specify the reason the access key exists.

--expiry

Set an expiration date for the access key. The date must be in the future. You may not set an expiration date that has already passed.

Allowed date and time formats:

  • 2024-10-24
  • 2024-10-24T10:00
  • 2024-10-24T10:00:00
  • 2024-10-24T10:00:00Z
  • 2024-10-24T10:00:00-07:00

Mutually exclusive with ~mc admin accesskey create --expiry-duration.

--expiry-duration

Length of time for which the accesskey remains valid.

For example, 30m,24h,30d``, or similar. The following expires the credentials after 30 days:

--expiry-duration 30d

Mutually exclusive with ~mc admin accesskey create --expiry.

--name

Add a human-readable name for the access key.

--policy

The readable path to a policy document <minio-policy> to attach to the new access key, with a maximum size of 2048 characters. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policy or group policies

--secret-key

The secret key to associate with the new account. Omit to let MinIO autogenerate a random 40-character value.

Global Flags

Examples

Create access key / secret key pair for the authenticated user

The following command generates a new, random access key and secret key pair for the user currently logged in to MinIO deployment at the alias myminio. The access key and secret key have the same access policies as the authenticated user.

mc admin accesskey create myminio/

Create a custom access key / secret key pair for the authenticated user

The following command creates a new access key and secret key pair for the user currently logged in to MinIO at the alias myminio. The access key and secret key have the same access policies as the authenticated user.

mc admin accesskey create myminio/ --access-key myaccesskey --secret-key mysecretkey

Create an access key / secret key pair for another user with limited duration

The following command creates a new access key and secret key pair for a user, miniouser on the alias myminio. The access key and secret key have the same access policies as miniouser. The credentials remain valid for 24 hours after creation.

mc admin accesskey create myminio/ miniouser --expiry-duration 24h

Create access key / secret key pair for the authenticated user that expires

The following command generates a new and random access key and random secret key pair for the user currently logged in to MinIO deployment at the alias myminio. The access key and secret key have the same access policies as the authenticated user. The credentials expire on the fifteenth day of January, 2025.

mc admin accesskey create myminio/ --expiry 2025-01-15

The date specified must be a future date. For valid datetime formats, see the ~mc admin accesskey create --expiry flag.

Create access key / secret key pair for a different user with custom access

The following command creates a new access key and secret key pair for the user, miniouser on the alias myminio. The access key and secret key have a more limited set of access than miniouser, as specified in the policy JSON file.

mc admin accesskey create myminio/ miniouser --policy /path/to/policy.json

The specified policy file must not grant access to anything to which miniouser does not already have access.

Behavior

S3 Compatibility