Spaces Different Keys per bucket
Hi,
Is it possible to have different keys per bucket.
We would like to limit access to buckets with different access keys and secrets so that other people cannot see specific buckets?
35 Answers
Thanks for the feedback. This is something we are looking at. The limitation is unfortunately on the key-based permission support on the Ceph side but we are looking at other ways to mitigate this problem.
I would certainly like the same. As it stands, if one set of keys were compromised, they would gain access to every Space.
I just started playing with spaces today and after creating my first key and moving some data I came to the same question. Is there anything in the works to tie a specific key to a specific ‘space’ or 'bucket’? Is there already a way to do this and I’m not finding it? Thank you.
Yes, this is a feature that should be implemented, both for security like @jonny5alive states, but also for using a single DO account with multiple projects / customers.
We, as services provider, are in a process of migrating most of our infrastructure on to digital ocean (from ovh, google cloud and scale way). We do host external backup in the cloud. For this purpose and to be compliant with the GDPR law, we must set different access for each buckets, the data of a client should not be accessible in any way with the key of another one.
I’m pretty sure CEPH can allow this kind of policy. Anyway, this absence of security is slowing our migration. Any info from the DO team ?
+1… seriously, prioritize this one. Completely ridiculous. I’m not creating completely different DO accounts just to get proper security isolation.
I think it has more factors on your platform.
Many other companys can do it also with Ceph without issues.
So ita possible. But depends on how you implement it :)
We need unique keys for different spaces. When this feature is added I can migrate from s3 to spaces. :)
Assign different accesskeys at bucket level is a must have feature … If not how to acomplish the following scenario:
- One Bucket to be used to store private HOME files.
- One bucket to store files for WORK
- One bucket to be used as the unlimited file storage through Nextcloud.
- One bucket devoted to store daily backups of the MAIL server & the WEB apps. server.
The target is to have all of them issolated to each other but, as far as I can see, currently, there is no way to assign a different AccessKeys to each one as all accesskey have same priviledges and can be used to see/ access all the mentioned buckets content at once.
- Please, DO what do you suggest to acomplish the described scenario now?
Having all buckets accessible to all users it’s not an option at our company as well, we need to have some sort of isolation per bucket (or group of buckets, but I would already be happy if it was just per bucket).
Is there any news here? Can this be solved by creating teams, and basically putting each project, space and API key in a team? I hope there will be some news here soon. Otherwise, I would need to create one DO account per project, which would be very cumbersome.
-
Has anyone tried this team solution? It’s cumbersome, but could work on a small scale.
+1 Please! I started off with spaces but need to move now as my SASS clients should not be able to access other buckets. :-(
Absolute deal breaker. You should make this much clearer before people waste time and money creating “Spaces”. The way it works right now means that anyone with any key assigned to a “Space” can access all the other “Spaces”, even if the files they contain are specific to different servers! This makes the entire thing useless. Very disappointed.
This question is 1.5 years old at this moment. Is this feature still on the road map? Is it something that can be expected anytime soon?
Totally dead breaker not having this for sooo many ppl, myself included.
Please, please, please DO, we beg you, prioritize this pleaaasee!!!
There is a feature request where ppl can vote:
https://ideas.digitalocean.com/ideas/DO-I-320
Have another answer? Share your knowledge.
what is the status for this.. when is it going to be ready ? i need to store some static assets for an application in one bucket , which should not be modified by any one and another bucket where the application loads some files. The current setup will not allow me to do that.
@pchakravarthi some news?
This issue is exactly why Spaces can’t work for us, and we are staying on AWS S3.
@pchakravarthi care for an update?
DO, this is a must have for us.
We really need this feature.
Can you give an update?.
Regards.
Here is posted in the ideas page.
Let’s vote it up and comment.
up
A Space doesn’t seem to be all that versatile when you have a dedicated photo upload key, but that same key has access to all private backups of hundreds of other sites in a bucket that should be separate.
What is the reason for having more than one bucket if all are exposed to all keys?
I am dealing with this issue as well. It is really strange that we can’t put Spaces and API Keys within a Project and then only those Spaces would be accessible with those Keys. Seems simple enough - logically, but when you share an entire set of all spaces it just doesn’t work! This is a huge security hole.