Key Management
IONOS Object Storage authenticates users by using a pair of keys — Access Key and Secret Key.
An Object Storage key must be generated manually using Generate a Key or Object Storage Management API. Only upon generating the first key, the Canonical User ID is displayed in the Object Storage Credentials and Users & Groups > Users > Object Storage Keys > IDs section.
You will need the keys to work with Object Storage through supported applications or develop your own using API. Using the Key management, you can view and share your Object Storage Credentials and manage Access keys.
Object Storage Credentials
There are two forms of user identification: Contract User ID and Canonical User ID. Depending on the Bucket Types to get access to, use the appropriate user ID as follows:
Share your Contract User ID with other users to get access to the contract-owned buckets and objects.
Share your Canonical User ID with other users to get access to the user-owned buckets and objects. This is the ID assigned to a user by the IONOS Object Storage.
For more information, see Retrieve User ID.
Access keys
Logging on to IONOS Object Storage requires an access key as part of the authentication process. Your Object Storage credentials consist of an Access Key and a Secret Key. The DCD automatically uses these credentials to set up Object Storage. Hence, deactivating an access key restricts your access through the web interface. These credentials are also required to set up access to IONOS Object Storage using S3 Tools.
Note:
— Starting May 30, 2024, a new endpoint eu-central-3
is added in Berlin, Germany to support contract-owned bucket types.
— All the newly generated keys from April 25, 2024, are valid for both the Bucket Types by default and are usable at all the Endpoints.
— The keys generated before April 25, 2024, will only have access to the user-owned buckets and be usable only in the endpoints that support user-owned buckets. For more information, see Service availability.
In the Access keys list,
Each key shows whether it is valid for all buckets (contract-owned buckets and user-owned buckets) or valid only for user-owned buckets.
The
ADMIN KEY
refers to the key valid for all the buckets and provides the same access permissions as the contract owner or administrator.
Access Key and Secret Key Length: To prepare new functionalities of IONOS Object Storage, effective April 25, 2024, the key character length is modified as follows:
Access Key: The key length is increased from 20 to 92 characters.
Previous format example:
23cbca2790edd9f62100
New format example:
EAAAAAFaSZEvg5hC2IoZ0EuXHRB4UNMpLkvzWdKvecNpEUF-YgAAAAEB41A3AAAAAAHnUDl-h_Lwot1NVP6F_MARJv_o
Secret Key: The key length is increased from 40 to 64 characters.
Previous format example:
0Q1YOGKz3z6Nwv8KkkWiButqx4sVmSJW4bTGwbzO
New format example:
Opdxr7mG09tK4wX4s6J3nrl1Z4EJgYRui/rldkgiPmrI5bavWHuThswRqPwgbeLP
Note: The keys generated before April 25, 2024, continue to exist in the previous key length format and remain functional. However, these keys may not enable you to use the new functionalities in the Object Storage.
Generate object storage keys: A user can have multiple Object Storage keys, which can be given to other users or automated scripts. Users using such an additional Object Storage key to access the IONOS Object Storage automatically inherit the credentials and access rights of the user.
This can be useful for allowing users automated (scripted) or temporary access to object storage. For more information, see Generate a Key.
Note: A maximum of five object storage keys per user is possible. You can create technical users to assign a different set of permissions and share access to the bucket with them. For more information, see Retrieve the User ID of a new user.
Activate or deactivate keys: A key when generated is in an active state by default. You can change the key status between active
and inactive
. Deactivating an Object Storage key will block its access to the IONOS Object Storage. You can reactivate the key and restore access to manage buckets and objects. For more information, see Manage Keys.
Delete: If a key is no longer needed or if it should no longer be possible to gain access to the IONOS Object Storage with this key, it can be deleted. This cannot be undone.
Note:
— Deleting all the Object Storage keys does not affect the stored objects. However, the contract is charged for the data stored. You can create a new key and continue to work with Object Storage.
— You need to delete all the objects from the user-owned bucket before you delete a user or all of their Object Storage Keys from your account; otherwise, the contract continues to be charged for the stored data. In this case, contact IONOS Cloud Support.
Last updated