Skip to main content

keys

Creates, updates, deletes, gets or lists a keys resource.

Overview

Namekeys
TypeResource
Idlinode.object_storage.keys

Fields

The following fields are returned by SELECT queries:

The key pair.

NameDatatypeDescription
idintegerThis Object Storage key's unique ID.
access_keystringA unique string chosen by the API to identify this key. Used as a username to identify this key when making requests to an S3 API, such as the Amazon S3 API or Ceph Object Gateway S3 API. (example: ABCDEFGHI1JKL2MNOP34)
bucket_accessarraySettings that limit access to specific buckets, each with a specific permission level. See Create a limited access key for more information.
labelstringThe label given to this key. For display purposes only. (example: my-key)
limitedbooleanWhether this Object Storage key limits access to specific buckets and permissions. Returns false if this key grants full access. Specific limitations are set in bucket_access.
regionsarrayThe key can be used in these regions to manage buckets.
secret_keystringThis Object Storage key's secret key. Used as a password to validate this key when making requests to an S3 API, such as the Amazon S3 API or Ceph Object Gateway S3 API. > 📘 > > This value is listed as [REDACTED] for this operation, to protect it. It's only revealed in a response after creating a key.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
get_object_storage_keyselectReturns a single Object Storage key provisioned for your account.

Learn more...

Learn more...
get_object_storage_keysselectReturns a paginated list of Object Storage keys for authentication.

Learn more...

Learn more...
post_object_storage_keysinsertProvisions a new Object Storage key for authentication. A successful request triggers an obj_access_key_create event.

> 📘
>
> Accounts with negative balances can't access this operation.

Create an unlimited access key

This type of key grants full access to all of your buckets in each region you name, using the regions array. Run the List regions operation, verify that each desired region includes "Object Storage" among its capabilities, and store the id value for each. Leave the bucket_access array out to create an unlimited access key.

Check out this example workflow for an unlimited access key.

Create a limited access key

This type of key lets you name specific buckets where you need to manage content. In the bucket_access array, include individual objects for each bucket, comprised of the target bucket_name, the permissions level for access to the bucket, and the region where the bucket lives. Run the List Object Storage buckets operation and store the label, to use as the bucket_name, and the region for each. With a limited access key, the parent-level regions array isn't required.

Check out this example workflow for a limited access key.

Learn more...

Learn more...
put_object_storage_keyreplaceUpdates an Object Storage key on your account. A successful request triggers an obj_access_key_update event.

Learn more...

Learn more...
delete_object_storage_keydeleteRevokes an Object Storage Key. This key pair will no longer be usable by third-party clients. A successful request triggers an obj_access_key_delete event.

Learn more...

Learn more...

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription

SELECT examples

Returns a single Object Storage key provisioned for your account.

Learn more...

Learn more...

SELECT
id,
access_key,
bucket_access,
label,
limited,
regions,
secret_key
FROM linode.object_storage.keys;

INSERT examples

Provisions a new Object Storage key for authentication. A successful request triggers an obj_access_key_create event.

> 📘
>
> Accounts with negative balances can't access this operation.

Create an unlimited access key

This type of key grants full access to all of your buckets in each region you name, using the regions array. Run the List regions operation, verify that each desired region includes "Object Storage" among its capabilities, and store the id value for each. Leave the bucket_access array out to create an unlimited access key.

Check out this example workflow for an unlimited access key.

Create a limited access key

This type of key lets you name specific buckets where you need to manage content. In the bucket_access array, include individual objects for each bucket, comprised of the target bucket_name, the permissions level for access to the bucket, and the region where the bucket lives. Run the List Object Storage buckets operation and store the label, to use as the bucket_name, and the region for each. With a limited access key, the parent-level regions array isn't required.

Check out this example workflow for a limited access key.

Learn more...

Learn more...

INSERT INTO linode.object_storage.keys (

)
SELECT 

RETURNING
id,
access_key,
bucket_access,
label,
limited,
regions,
secret_key
;

REPLACE examples

Updates an Object Storage key on your account. A successful request triggers an obj_access_key_update event.

Learn more...

Learn more...

REPLACE linode.object_storage.keys
SET 
data__label = '{{ label }}',
data__regions = '{{ regions }}'
WHERE 

RETURNING
id,
access_key,
label,
limited,
regions,
secret_key;

DELETE examples

Revokes an Object Storage Key. This key pair will no longer be usable by third-party clients. A successful request triggers an obj_access_key_delete event.

Learn more...

Learn more...

DELETE FROM linode.object_storage.keys;