Managing Object Storage API Keys
Object Storage uses dedicated AWS S3 style API keys (an access key and secret key pair) for authentication. These are separate from your Crusoe Cloud API tokens and are required for all Object Storage client operations. Each bucket user can have a maximum of 2 keys, similar to AWS S3 key restrictions. By default the buckets are only accessible by up to 2 Object Storage API keys created by the bucket owner.
Creating an Object Storage API Key
- CLI
- UI
- Terraform
Use the storage tokens create command to generate a new Object Storage API key:
crusoe storage tokens create --alias my-training-key
Optional parameters:
--alias <alias>— A human-readable name for the key.--expires-at <date>— Expiration date for the key in RFC3339 format (e.g.,2021-12-03T19:58:34Z).
The command outputs an access key ID and a secret key. Save the secret key immediately — it cannot be retrieved again after creation.
Example output:
Access Key ID: CKIAXXXXXXXXXXXXXXXX
Secret Key: SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Alias: my-training-key
Expires At: 2026-12-31T00:00:00Z
- Visit the Crusoe Cloud Console.
- Navigate to the Manage Organizations section by clicking on your project name in the left top corner of the Crusoe Cloud Console
- Click on Security > Object Storage Keys in the left navigation.
- Click Create Object Storage Key button.
- Enter an alias for the key and optionally set an expiration date.
- Click Create.
- Copy and securely store the access key and secret key. The secret key is shown only once.
Terraform support for Object Storage API key management is coming soon. In the meantime, use the CLI or Console to create and manage keys.
Listing Object Storage API Keys
- CLI
- UI
- Terraform
crusoe storage tokens list
- Visit the Crusoe Cloud Console.
- Navigate to the Manage Organizations section by clicking on your project name in the left top corner of the Crusoe Cloud Console
- Click on Security > Object Storage Keys in the left navigation.
- All active keys are listed with their alias, access key ID, created date, and expiration date.
Terraform support for Object Storage API key management is coming soon. In the meantime, use the CLI or Console to list keys.
Deleting an Object Storage API Key
- CLI
- UI
- Terraform
crusoe storage tokens delete <token-id>
Replace <token-id> with the key ID of the key you wish to delete. For example, if the key ID is 4442dcd5-b2d1-45b7-b0bb-ec39b4a7ee96, then the command would be
crusoe storage tokens delete 4442dcd5-b2d1-45b7-b0bb-ec39b4a7ee96
The key ID can also be obtained using the list [../list/_cli.mdx] command.
- Visit the Crusoe Cloud Console.
- Navigate to the Manage Organizations section by clicking on your project name in the left top corner of the Crusoe Cloud Console
- Click on Security > Object Storage Keys in the left navigation.
- Click the delete icon next to the Object Storage API key you wish to remove.
- Confirm the deletion.
Terraform support for Object Storage API key management is coming soon. In the meantime, use the CLI or Console to delete keys.
Deleting an Object Storage API key immediately revokes access for any clients configured with that key.