S3 Compatible Storage Credential

Overview

S3 Compatible Storage credentials are used to authenticate requests from AutoSSL to any S3-compatible object storage service. By adding these credentials, you authorize AutoSSL to upload SSL certificate files to your bucket on your behalf.

This credential type works with services such as MinIO, Ceph RADOS Gateway, Wasabi, DigitalOcean Spaces, and other providers that expose an S3-compatible API.

Configuration Parameters

How to Obtain Credentials

The exact steps depend on your storage platform. In general:

1. Log in to your object storage management console or MinIO admin panel.
2. Create a dedicated user or service account for AutoSSL.
3. Generate an Access Key ID and Secret Access Key pair.
4. Grant the user permission to upload objects to the target bucket (e.g. PutObject / s3:PutObject).
5. Copy the credentials into AutoSSL.

MinIO Example

1. Open the MinIO Console and go to Access Keys.
2. Click Create access key and copy the Access Key and Secret Key.
3. Ensure the associated user has write access to the target bucket.

Security Recommendations

• Use Dedicated Credentials: Create a separate access key for AutoSSL rather than reusing admin credentials.
• Principle of Least Privilege: Only grant PutObject (and optionally ListBucket on the target prefix) on the specific bucket.
• Regular Rotation: Periodically rotate access keys to reduce the risk of leaked credentials.

Supported Deployment Targets

The S3 Compatible Storage credential is used by the following deployment provider in AutoSSL:

• S3 Compatible Storage: Uploads certificate files to a custom S3-compatible bucket with versioned and latest paths.