Hi,
Is it possible to have different keys per bucket.
We would like to limit access to buckets with different access keys and secrets so that other people cannot see specific buckets?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×Totally dead breaker not having this for sooo many ppl, myself included.
Please, please, please DO, we beg you, prioritize this pleaaasee!!!
There is a feature request where ppl can vote:
https://ideas.digitalocean.com/ideas/DO-I-320
This is a huge security hole.
wow, almost 2 years old issue and this still hasn’t been added?
otherwise we need a whole other account just for testing. Way too dangerous having dev access to production data while testing.
Spaces should not be advertised as production-ready when it is missing a VITAL SECURITY feature.
I am in shock. Can echo pretty much every comment above. This seems extremely dangerous for somebody with a dev access key to be able to fully access ANY bucket whatsoever on the account. Why not allow an access key to only access ONE bucket?
Yes, this is a feature that should be implemented, both for security like @jonny5alive states, but also for using a single DO account with multiple projects / customers.
We, as services provider, are in a process of migrating most of our infrastructure on to digital ocean (from ovh, google cloud and scale way). We do host external backup in the cloud. For this purpose and to be compliant with the GDPR law, we must set different access for each buckets, the data of a client should not be accessible in any way with the key of another one.
I’m pretty sure CEPH can allow this kind of policy. Anyway, this absence of security is slowing our migration. Any info from the DO team ?
Assign different accesskeys at bucket level is a must have feature … If not how to acomplish the following scenario:
The target is to have all of them issolated to each other but, as far as I can see, currently, there is no way to assign a different AccessKeys to each one as all accesskey have same priviledges and can be used to see/ access all the mentioned buckets content at once.
Is there any news here? Can this be solved by creating teams, and basically putting each project, space and API key in a team? I hope there will be some news here soon. Otherwise, I would need to create one DO account per project, which would be very cumbersome.
Has anyone tried this team solution? It’s cumbersome, but could work on a small scale.
Absolute deal breaker. You should make this much clearer before people waste time and money creating “Spaces”. The way it works right now means that anyone with any key assigned to a “Space” can access all the other “Spaces”, even if the files they contain are specific to different servers! This makes the entire thing useless. Very disappointed.
Question
what is the status for this.. when is it going to be ready ? i need to store some static assets for an application in one bucket , which should not be modified by any one and another bucket where the application loads some files. The current setup will not allow me to do that.
@pchakravarthi some news?
This issue is exactly why Spaces can’t work for us, and we are staying on AWS S3.
@pchakravarthi care for an update?
DO, this is a must have for us.
We really need this feature.
Can you give an update?.
Regards.
Here is posted in the ideas page.
Let’s vote it up and comment.
up
A Space doesn’t seem to be all that versatile when you have a dedicated photo upload key, but that same key has access to all private backups of hundreds of other sites in a bucket that should be separate.
What is the reason for having more than one bucket if all are exposed to all keys?
I am dealing with this issue as well. It is really strange that we can’t put Spaces and API Keys within a Project and then only those Spaces would be accessible with those Keys. Seems simple enough - logically, but when you share an entire set of all spaces it just doesn’t work! This is a huge security hole.