DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-320 /
  • New idea
325 Vote

Spaces: custom API key permissions

Let us select which Spaces can be accessed on different API keys. Example: A key can only access a single Space.

  • Guest
  • Sep 11 2018
  • Needs review
Object Storage (Spaces)
  • Comments (88)
  • Votes (325)
  • Merged ideas (1)
  • Attach files
  • This Return commented
    9 Apr 11:37am

    Guys, this is indispensable. This is a crucial feature which is a must in 2021. This must happen rather sooner than later! This actually is blocker and a reason to move away from DO...

    ×

    Attachments Open full size

  • Guest commented
    31 Mar 08:51am

    Hey guys, any news? :)

    ×

    Attachments Open full size

  • Guest commented
    26 Mar 07:17am

    DO? Atleast make an effort to reply back. This really is a huge security concern for any developer serious about their services. The idea is still tagged as needs review, what review is needed? Isn't security a basic necessatiy in 2021? Or you think developers are still living in 2010 era?

    ×

    Attachments Open full size

  • Guest commented
    24 Mar 10:39pm

    This feature is a must have, as we want different applications ( each one using it's own space )

    ×

    Attachments Open full size

  • John Robinson commented
    24 Mar 07:27pm

    It seems to be the most basic of concepts and this single issue is holding me back from migrating over all my client's static assets. I can't allow one client's Spaces API key to gain access to every single Space in my account. It's absurd.

    ×

    Attachments Open full size

  • Alejandro Barrera commented
    24 Feb 08:46pm

    Almost march 2021 and there's not even a reply from the DO team. This is concerning.

    ×

    Attachments Open full size

  • Guest commented
    19 Feb 06:45pm

    I need this feature soon

    ×

    Attachments Open full size

  • Matt SUmmers commented
    21 Jan 05:22pm

    As an example, the Digital Ocean DNS plugin for Plesk requires an API key. This key that only needs to manage DNS entries, now has access to the resources of your entire team? It's kind of crazy.

    ×

    Attachments Open full size

  • Paul K commented
    5 Jan 08:21pm

    Lack of this feature was a dealbreaker for us, as separation of environments was a must.

    ×

    Attachments Open full size

  • Guest commented
    5 Jan 08:47am

    This feature is very useful for me

    ×

    Attachments Open full size

  • Guest commented
    25 Dec, 2020 06:58pm

    This is must have. What are you waiting for Digital Ocean? It cannot be that hard....

    ×

    Attachments Open full size

  • Lukasz Piliszczuk commented
    14 Dec, 2020 05:20pm

    How this is not a base feature is beyond me.

    ×

    Attachments Open full size

  • Guest commented
    27 Oct, 2020 02:53pm

    Any update on restricting access keys? Slightly absurd, this is not available.. are we supposed to create a different account just to separate dev/production?

    ×

    Attachments Open full size

  • Co van Leeuwen commented
    27 Oct, 2020 02:15am

    In this day and age where every DPO is breathing down our necks about data security, this seems like a non-starter.

    ×

    Attachments Open full size

  • Fernando Souza commented
    21 Oct, 2020 10:11pm

    This would be extremely useful. We need this functionality.

    ×

    Attachments Open full size

  • David T commented
    20 Oct, 2020 05:58pm

    I have 10+ apps that need object storage but I can't use Spaces because of the lack of access control. If 1 app is compromised, all my Spaces would be at risk. It is not production ready object storage without proper access control.

    ×

    Attachments Open full size

  • Alejandro Barrera commented
    18 Oct, 2020 03:45pm

    Dissapointing to see that there's no progress in this at all.

    This is super necessary.

    ×

    Attachments Open full size

  • Jorge Gonzalez commented
    10 Oct, 2020 03:11pm

    This is absolutely necessary, in fact, without this it is impossible to work with large development teams in which a large part of them should not have access to spaces in production.

    I do not understand how this has not been solved for more than two years, in DO they should realize that if this is losing thousands of potential clients that when realizing this they take a step back in the migration of their services to DO.

    ×

    Attachments Open full size

  • Dan Sherry commented
    7 Oct, 2020 09:44pm

    Also granular access to droplets, volumes, snapshots, etc. Related:

    Fine grained API tokens

    https://ideas.digitalocean.com/ideas/DO-I-966

    Restrict API personal access token to a specific project

    https://ideas.digitalocean.com/ideas/DO-I-7

    ×

    Attachments Open full size

  • Guest commented
    28 Sep, 2020 05:28am

    Any updates here?

    Trying to setup separate spaces for "test" and "prod" isolation. Having one key is super dangerous to expose access to production buckets while testing.

    ×

    Attachments Open full size

  • Load older comments
  • +225
  • 123 Vote

    Limiting an access/secret key to a certain bucket (Spaces) Merged

    On AWS, you can restrict an Access Key / Secret Key to certain S3 bucket(s). This way, your app A can hack bucket X, and your app B can have bucket Y, but if A gets compromised, It won't be able to delete files from Y. It is way too complicated o...
    Created 6 Jan 08:10am by Guest
    Object Storage (Spaces)
    0 Needs review
Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status