As an example, the Digital Ocean DNS plugin for Plesk requires an API key. This key that only needs to manage DNS entries, now has access to the resources of your entire team? It's kind of crazy.
Any update on restricting access keys? Slightly absurd, this is not available.. are we supposed to create a different account just to separate dev/production?
I have 10+ apps that need object storage but I can't use Spaces because of the lack of access control. If 1 app is compromised, all my Spaces would be at risk. It is not production ready object storage without proper access control.
This is absolutely necessary, in fact, without this it is impossible to work with large development teams in which a large part of them should not have access to spaces in production.
I do not understand how this has not been solved for more than two years, in DO they should realize that if this is losing thousands of potential clients that when realizing this they take a step back in the migration of their services to DO.
Trying to setup separate spaces for "test" and "prod" isolation. Having one key is super dangerous to expose access to production buckets while testing.
Yet another web developer with multiple clients and websites going elsewhere because of this severely lacking feature.
If anyone from Digital Ocean is listening, you might want to do some analysis on how much money you're losing by not implementing this. Especially as it hits the power users the hardest.
Not holding out too much hope though since only 1 idea has been "shipped" in the last year and the copyright notice is stuck on 2018.
Did the staff just up and leave a couple of years ago or something?
In case it helps anyone, I ended up going with Backblaze B2. They reputable, have the cheapest prices on the market[0], have an S3 compatible API (like DO), and they have per-space/bucket permissions! I honestly would have preferred to stick within the DO ecosystem even if it is 4x more expensive (since I don't need to store a lot of data anyway), but without this very basic feature, it's impossible for my use case.
Right now I need to create an intermediary service just to handle authorization to buckets and use presigned URLs. It would be a lot easier if I could just give the users rights to their specific buckets without needing a server in the middle.
This is more or a less a must have. Signed up for Spaces and started some experiments when I soon realised that an IAM-like system wasn't possible. Dropped Spaces immediately. Will revisit if this is implemented though.
As an example, the Digital Ocean DNS plugin for Plesk requires an API key. This key that only needs to manage DNS entries, now has access to the resources of your entire team? It's kind of crazy.
Attachments Open full size
Lack of this feature was a dealbreaker for us, as separation of environments was a must.
Attachments Open full size
This feature is very useful for me
Attachments Open full size
This is must have. What are you waiting for Digital Ocean? It cannot be that hard....
Attachments Open full size
How this is not a base feature is beyond me.
Attachments Open full size
Any update on restricting access keys? Slightly absurd, this is not available.. are we supposed to create a different account just to separate dev/production?
Attachments Open full size
In this day and age where every DPO is breathing down our necks about data security, this seems like a non-starter.
Attachments Open full size
This would be extremely useful. We need this functionality.
Attachments Open full size
I have 10+ apps that need object storage but I can't use Spaces because of the lack of access control. If 1 app is compromised, all my Spaces would be at risk. It is not production ready object storage without proper access control.
Attachments Open full size
Dissapointing to see that there's no progress in this at all.
This is super necessary.
Attachments Open full size
This is absolutely necessary, in fact, without this it is impossible to work with large development teams in which a large part of them should not have access to spaces in production.
I do not understand how this has not been solved for more than two years, in DO they should realize that if this is losing thousands of potential clients that when realizing this they take a step back in the migration of their services to DO.
Attachments Open full size
Also granular access to droplets, volumes, snapshots, etc. Related:
Fine grained API tokens
https://ideas.digitalocean.com/ideas/DO-I-966
Restrict API personal access token to a specific project
https://ideas.digitalocean.com/ideas/DO-I-7
Attachments Open full size
Any updates here?
Trying to setup separate spaces for "test" and "prod" isolation. Having one key is super dangerous to expose access to production buckets while testing.
Attachments Open full size
Yet another web developer with multiple clients and websites going elsewhere because of this severely lacking feature.
If anyone from Digital Ocean is listening, you might want to do some analysis on how much money you're losing by not implementing this. Especially as it hits the power users the hardest.
Not holding out too much hope though since only 1 idea has been "shipped" in the last year and the copyright notice is stuck on 2018.
Did the staff just up and leave a couple of years ago or something?
Attachments Open full size
This is a must for any serious organization using Spaces. Please add support.
Attachments Open full size
Any update on this?
This is really a blocker
Attachments Open full size
In case it helps anyone, I ended up going with Backblaze B2. They reputable, have the cheapest prices on the market[0], have an S3 compatible API (like DO), and they have per-space/bucket permissions! I honestly would have preferred to stick within the DO ecosystem even if it is 4x more expensive (since I don't need to store a lot of data anyway), but without this very basic feature, it's impossible for my use case.
[0] https://www.backblaze.com/b2/cloud-storage-pricing.html
Attachments Open full size
Right now I need to create an intermediary service just to handle authorization to buckets and use presigned URLs. It would be a lot easier if I could just give the users rights to their specific buckets without needing a server in the middle.
Attachments Open full size
I finally sat down to start migrating from S3 to DO Spaces, and quickly found out that every API key gives access to every Space.
It boggles my mind that there is no way to restrict an API key to a specific Space.
Until this is implemented, there is absolutely no way I can use Spaces.
Attachments Open full size
This is more or a less a must have. Signed up for Spaces and started some experiments when I soon realised that an IAM-like system wasn't possible. Dropped Spaces immediately. Will revisit if this is implemented though.
Attachments Open full size