Key Management

IONOS S3 Object Storage authenticates users by using a pair of keys — Access Key and Secret Key.

An Object Storage key must be generated manually using Generate a Key or Object Storage Management API. Only upon generating the first key, the Canonical User ID is displayed in the S3 Credentials and Users & Groups > Users > Object Storage Keys > S3 section.

You will need the keys to work with Object Storage through supported applications or develop your own using API. Using the Key management, you can view and share your S3 Credentials and manage Access keys.

S3 Credentials

There are two forms of user identification: Contract User ID and Canonical User ID. Depending on the Bucket Types to get access to, use the appropriate user ID as follows:

• Share your Contract User ID with other S3 users to get access to the contract-owned buckets and objects.

• Share your Canonical User ID with other S3 users to get access to the user-owned buckets and objects. This is the ID assigned to a user by the IONOS S3 Object Storage.

For more information, see Retrieve User ID.

Access keys

Logging on to IONOS S3 Object Storage requires an access key as part of the authentication process. Your S3 credentials consist of an Access Key and a Secret Key. The web console automatically uses these credentials to set up Object Storage. Hence, deactivating an access key restricts your access through the web interface. These credentials are also required to set up access to IONOS S3 Object Storage using S3 Tools.

In the Access keys list,

• Each key shows whether it is valid for all buckets (contract-owned buckets and user-owned buckets) or valid only for user-owned buckets.

• The ADMIN KEY refers to the key valid for all the buckets and provides the same access permissions as the contract owner or administrator.

Access Key and Secret Key Length: To prepare new functionalities of IONOS S3 Object Storage, effective April 25, 2024, the key character length is modified as follows:

• Access Key: The key length is increased from 20 to 92 characters.

  • Previous format example: 23cbca2790edd9f62100

  • New format example: EAAAAAFaSZEvg5hC2IoZ0EuXHRB4UNMpLkvzWdKvecNpEUF-YgAAAAEB41A3AAAAAAHnUDl-h_Lwot1NVP6F_MARJv_o

• Secret Key: The key length is increased from 40 to 64 characters.

  • Previous format example: 0Q1YOGKz3z6Nwv8KkkWiButqx4sVmSJW4bTGwbzO

  • New format example: Opdxr7mG09tK4wX4s6J3nrl1Z4EJgYRui/rldkgiPmrI5bavWHuThswRqPwgbeLP

Generate object storage keys: A user can have multiple Object Storage keys, which can be given to other users or automated scripts. Users using such an additional Object Storage key to access the IONOS S3 Object Storage automatically inherit the credentials and access rights of the user.

This can be useful for allowing users automated (scripted) or temporary access to object storage. For more information, see Generate a Key.

Activate or deactivate keys: A key when generated is in an active state by default. You can change the key status between active and inactive. Deactivating an Object Storage key will block its access to the IONOS S3 Object Storage. You can reactivate the key and restore access to manage buckets and objects. For more information, see Manage Keys.

Delete: If a key is no longer needed or if it should no longer be possible to gain access to the IONOS S3 Object Storage with this key, it can be deleted. This cannot be undone.