read only private keys please!

Massive +1 - this is the only thing holding me back from ditching AWS

Yes please +1

This is a must have for us.

For people that need this feature now. Take a look at https://www.minio.io/.

It can act as a gateway for digitalocean spaces in the meantime. I have used minio for some time. It works really well. It looks to be working with spaces aswell!

Please we need this done, its very important for enterprise customers

Create Two types of tokens:

• master spaces token to access all spaces/buckets (like now)
• space token, just to access only one space/bucket

Totally agree, should not be too complicated to add a bucket-specific key? Now you could create another project but if you want to combine a Kubernetes cluster with multiple apps with spaces you really need to seperate one bucket from another.

Agreed with others... need a way to isolate API access.

Different API access based on a "Project" is a good solution for me.

What about this topic? When can we expect a solution here?

Its really important that we have this, especially when managing a lot of projects. At the moment the projects arent that useful other than just for categorizing. Invoicing should be based on project as well as access per project. THIS IS A MUST

Even if you can't offer a more granular permissions system (ie. read only keys, keys that can only access particular folders, etc.), the ability to isolate API keys to a specific Space is absolutely fundamental.

Questions:

• Why has no one from DO has even responded to this?
• When this system was being conceived, did no one consider the massive security and usability issues inherent to universal Spaces API keys?

Will keep using S3 for primary storage needs until this glaring oversight is addressed.

I really need this as well. I will have to move on to S3 otherwise, but I like the ease of use with DO, so it would be fantastic to see the feature here!

This is a major oversight, and as others have said, a blocker for using this in production.

This seems about the silliest design concept.  Why would any key be able to access any space?  A DO account can have tons of different groups and servers for different things. But when it comes to spaces it seems if one gets access we all get access?

Please dear god. Implement this. S3 is expensive and DO has a gaping large security vulnerability.

Totally dead breaker not having this for sooo many ppl.

Please, please, please DO, we beg you, prioritize this pleaaasee!!!

+1, this, etc, etc...

This really should have been a Day 1 feature, considering Amazon's offerings. I do trust DO security, but if one little thing goes wrong than all spaces across multiple projects become compromised, which i find disturbing.

The ability to isolate API keys to a specific Space (bucket isolation in cloud lingo) is absolutely fundamental.

Please DO, we need this, and personally - I'm prepared to pay extra for this feature.

+1!

Guys, it's a little worrysome one key can access all of our data. Is there a workaround?

How is this not done after > 1 year? So obviously necessary.

A Space doesn't seem to be all that versatile when you have a dedicated photo upload key, but that same key has access to all private backups of hundreds of other sites in a bucket that should be separate.

What is the reason for having more than one bucket if all are exposed to all keys?

Being able to restrict API keys to a subset of buckets is crucial for us to segment which site can affect which buckets. As is, we've decided to use Spaces for our main site and come up with terrible, hacked-together solutions for the less important sites. With restrict-able keys, even if the restriction is only possible at the bucket level, we'd be able to simplify our codebase and worry less about headaches from these hacked solutions. In the future, we may move to Amazon S3/CloudFront until this feature becomes available natively with DigitalOcean just to simplify our workload

It doesn't make sense that different projects share the same credentials... Please fix this.

It has been 14 months since this was first suggested.  Where does this stand?  I think as a customer and others have commented we need to come up with an alternative solution if one isn't on the horizon?

This feature, which honestly should have been implemented from day one, is preventing our team from utilizing spaces for more than the small amount we do now. We alone would be paying hundreds of dollars more a month if we could simply create space specific API keys with basic read/write permission options. I'm sure many other companies are in the same boat. It's beyond me that this hadn't gotten a single response from DO as it's such a fundamental and basic part of any data storage system...

PLEASE CONSIDER IMPLEMENTING EVEN THE MOST BASIC OF PERMISSIONS SYSTEMS!

Otherwise spaces are great. The price is right, it's compatible with standard S3 management tools, and the auto-CDN feature is great...buuut we absolutely can't use it for anything more than public files. The only time I ever dare use an API key is one off uploads from our build server that I perform manually. I'm afraid to continue to use Spaces at all once we switch to an automated build system as I don't want to have an all access key sitting around anywhere...

+1 on this feature request. 

Without keys per bucket, we can't possibly host buckets that are visible without any user/key controls. 

Please implement the bucket level access feature.

Agree, very need this feature.. 

Unbeblievable that this is still not implemented. Unfortunately this is also a dealbraker for us. Not possible to migrate several different customer projects to DO without this feature.

We need to separate different projects / customers!

It boggles my mind that the only way to compartmentalize access is creating whole new sets of teams and spinning up and managing what amounts a venn diagram of unique individual spaces. 

It is really important. So far we have to create separate accounts for spaces

No reason to have multiple buckets and multiple keys if an key can access any bucket

Isolating key access to specific spaces is essential - spaces is unusable in the real world without it.

read only keys would also be nice

How is this feature going?