This works fine if you are not using session tokens, but if you are, it fails because mc doesn't have a place to accept the session token.
~$ env | grep AWS
AWS_SECRET_ACCESS_KEY=Fxxxxxxxxxxxxxxx8
AWS_DEFAULT_REGION=us-east-1
AWS_SESSION_TOKEN=XxxxxxxxxY
AWS_ACCESS_KEY_ID=AxxxxxxxxxxxxxxxQ
~$ aws s3 ls
# .. s3 output follows, successfully ..
~$ mc config host add s3 https://s3.amazonaws.com \
$AWS_ACCESS_KEY_ID \
$AWS_SECRET_ACCESS_KEY
~$ mc ls s3
mc: <ERROR> Unable to list folder. The AWS Access Key Id you provided does not exist in our records.
~$ mc version
Version: 2017-10-14T00:51:16Z
Release-tag: RELEASE.2017-10-14T00-51-16Z
Commit-id: 785e14a725357b39e22b74483cd202e7effa6195
Yep we need to support this.. we only currently support long term keys.
@TJC we will plan on this for the future.
We will close this and mark it future. Will reopen when we are done with current priorities.
Will you support this feature?
@deekoder Has there been any progress on this? Would be really good to have support for temporary AWS credentials.
Unfortunately no @varkey
Hello,
I would love this feature for our organisation.
Any chance to have any progress on this ?
Would you accept PR for this if I submit one (not sure if I can handle it yet) ?
Thanks !
Sure feel free to submit a PR currently we don't see working on this feature
mc
does support temporary session tokens if you're willing to edit ~/.mc/config.json
directly or use the new ENV alias settings. The data model supports it, there's just no way to set the token through the command line.
I went poking around to see how hard it would be to add and found that it already existed in configV10
You could even generate a temporary file and load it with mc --config-dir
if you needed to script it.
Apparently you can also use a new ENV mode for setting aliases
This was introduced 4 months ago by @harshavardhana -- thanks for addingsessionToken
support!
Here's my config file, works just fine.
{
"version": "10",
"aliases": {
"local": {
"url": "http://localhost:9000",
"accessKey": "CHANGE",
"secretKey": "CHANGE",
"sessionToken": "CHANGE",
"api": "s3v4",
"path": "auto"
}
}
}
Edit: Yep, found that as you were typing.
workaround
I'm not sure why maintainers haven't mentioned this, but
mc
does support temporary session tokens if you're willing to edit~/.mc/config.json
directly. The data model supports it, there's just no way to set the token through the command line.I went poking around to see how hard it would be to add and found that it already existed in configV10
You could even generate a temporary file and load it with
mc --config-dir
if you needed to script it.Here's my config file, works just fine.
{ "version": "10", "aliases": { "local": { "url": "http://localhost:9000", "accessKey": "CHANGE", "secretKey": "CHANGE", "sessionToken": "CHANGE", "api": "s3v4", "path": "auto" } } }
No need to modify the config, that is not recommend we do mention it openly in the docs.
https://github.com/minio/mc/blob/master/docs/minio-client-complete-guide.md#specify-temporary-host-configuration-through-environment-variable
I don't know if you happen to read this documentation.
Most helpful comment
Hello,
I would love this feature for our organisation.
Any chance to have any progress on this ?
Would you accept PR for this if I submit one (not sure if I can handle it yet) ?
Thanks !