mc does not support AWS temporary access tokens
Expected behaviour
This works fine if you are not using session tokens, but if you are, it fails because mc doesn't have a place to accept the session token.
~$ env | grep AWS
AWS_SECRET_ACCESS_KEY=Fxxxxxxxxxxxxxxx8
AWS_DEFAULT_REGION=us-east-1
AWS_SESSION_TOKEN=XxxxxxxxxY
AWS_ACCESS_KEY_ID=AxxxxxxxxxxxxxxxQ
~$ aws s3 ls
# .. s3 output follows, successfully ..
~$ mc config host add s3 https://s3.amazonaws.com \
$AWS_ACCESS_KEY_ID \
$AWS_SECRET_ACCESS_KEY
~$ mc ls s3
mc: <ERROR> Unable to list folder. The AWS Access Key Id you provided does not exist in our records.
~$ mc version
Version: 2017-10-14T00:51:16Z
Release-tag: RELEASE.2017-10-14T00-51-16Z
Commit-id: 785e14a725357b39e22b74483cd202e7effa6195
TJC
All 10 comments
Yep we need to support this.. we only currently support long term keys.
harshavardhana
on 9 May 2018
@TJC we will plan on this for the future.
deekoder
on 10 May 2018
We will close this and mark it future. Will reopen when we are done with current priorities.
deekoder
on 1 Nov 2018
Will you support this feature?
fcomte
on 7 Apr 2019
@deekoder Has there been any progress on this? Would be really good to have support for temporary AWS credentials.
varkey
on 24 Jul 2019
Unfortunately no @varkey
harshavardhana
on 24 Jul 2019
Hello,
I would love this feature for our organisation.
Any chance to have any progress on this ?
Would you accept PR for this if I submit one (not sure if I can handle it yet) ?
Thanks !
olevitt
on 8 Nov 2019
Sure feel free to submit a PR currently we don't see working on this feature
harshavardhana
on 8 Nov 2019
Update
mc does support temporary session tokens if you're willing to edit ~/.mc/config.json directly or use the new ENV alias settings. The data model supports it, there's just no way to set the token through the command line.
I went poking around to see how hard it would be to add and found that it already existed in configV10
You could even generate a temporary file and load it with mc --config-dir if you needed to script it.
Apparently you can also use a new ENV mode for setting aliases
This was introduced 4 months ago by @harshavardhana -- thanks for addingsessionToken support!
Here's my config file, works just fine.
{
"version": "10",
"aliases": {
"local": {
"url": "http://localhost:9000",
"accessKey": "CHANGE",
"secretKey": "CHANGE",
"sessionToken": "CHANGE",
"api": "s3v4",
"path": "auto"
}
}
}
Edit: Yep, found that as you were typing.
subdavis
on 24 Aug 2020
workaround
I'm not sure why maintainers haven't mentioned this, but
mcdoes support temporary session tokens if you're willing to edit~/.mc/config.jsondirectly. The data model supports it, there's just no way to set the token through the command line.I went poking around to see how hard it would be to add and found that it already existed in configV10
You could even generate a temporary file and load it with
mc --config-dirif you needed to script it.Here's my config file, works just fine.
{ "version": "10", "aliases": { "local": { "url": "http://localhost:9000", "accessKey": "CHANGE", "secretKey": "CHANGE", "sessionToken": "CHANGE", "api": "s3v4", "path": "auto" } } }
No need to modify the config, that is not recommend we do mention it openly in the docs.
https://github.com/minio/mc/blob/master/docs/minio-client-complete-guide.md#specify-temporary-host-configuration-through-environment-variable
I don't know if you happen to read this documentation.
harshavardhana
on 24 Aug 2020
Related issues
zllovesuki
·
19Comments
richarson
·
5Comments
lavvy
·
15Comments
z0rc
·
7Comments
ramosisw
·
4Comments
Most helpful comment
Hello,
I would love this feature for our organisation.
Any chance to have any progress on this ?
Would you accept PR for this if I submit one (not sure if I can handle it yet) ?
Thanks !