Question

Spaces Different Keys per bucket

Hi,

Is it possible to have different keys per bucket. We would like to limit access to buckets with different access keys and secrets so that other people cannot see specific buckets?

Subscribe
Share

I am dealing with this issue as well. It is really strange that we can’t put Spaces and API Keys within a Project and then only those Spaces would be accessible with those Keys. Seems simple enough - logically, but when you share an entire set of all spaces it just doesn’t work! This is a huge security hole.

A Space doesn’t seem to be all that versatile when you have a dedicated photo upload key, but that same key has access to all private backups of hundreds of other sites in a bucket that should be separate.

What is the reason for having more than one bucket if all are exposed to all keys?

Here is posted in the ideas page. Let’s vote it up and comment.

DO, this is a must have for us. We really need this feature. Can you give an update?. Regards.

This issue is exactly why Spaces can’t work for us, and we are staying on AWS S3. @pchakravarthi care for an update?

what is the status for this… when is it going to be ready ? i need to store some static assets for an application in one bucket , which should not be modified by any one and another bucket where the application loads some files. The current setup will not allow me to do that.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This is a huge security hole.

wow, almost 2 years old issue and this still hasn’t been added?

otherwise we need a whole other account just for testing. Way too dangerous having dev access to production data while testing.

Spaces should not be advertised as production-ready when it is missing a VITAL SECURITY feature.

I am in shock. Can echo pretty much every comment above. This seems extremely dangerous for somebody with a dev access key to be able to fully access ANY bucket whatsoever on the account. Why not allow an access key to only access ONE bucket?

Thanks for the feedback. This is something we are looking at. The limitation is unfortunately on the key-based permission support on the Ceph side but we are looking at other ways to mitigate this problem.

+1 this is clearly a deal breaker

+1

Spaces should not be advertised as production-ready when it is missing a VITAL SECURITY feature.

Making such an idiotic decision to omit this makes me question the security of other DigitalOcean products now.

wow, almost 2 years old issue and this still hasn’t been added?

+1 otherwise we need a whole other account just for testing. Way too dangerous having dev access to production data while testing.

Very important! +1

I agree - this needs to be a thing.

Totally dead breaker not having this for sooo many ppl, myself included.

Please, please, please DO, we beg you, prioritize this pleaaasee!!!

There is a feature request where ppl can vote: https://ideas.digitalocean.com/ideas/DO-I-320