Access key per space | Voters

DigitalOcean

Create

Home

Storage

Access key per space

Michael

Please prioritise having individual keys for individual spaces. It's pretty useless with multiple products or clients. I can't use it for backup for instance, because every other project will be able to access these backups if compromised.

September 15, 2021

Roland Nemeth

At least we should be able to separate access keys by projects like the spaces are separated.

Anonymous

This is pretty embarrassing this feature is missing. Ability to segregate buckets into different security boundaries is so important.

Will Harford

I am shocked that this is missing. Obviously making some of my use cases insecure for my customers.

Disapointing.

Deichscheich

I still can't wrap my head around this. DO, what are you thinking?! Unfortunately, I just wasted 5 bucks. I really really wanted to use this for customer backups, but there's no way.

James Tiplady

I've just had to abandon a plan to migrate all my S3 buckets to Spaces because I didn't realise this capability was missing. I'm sure it's difficult to implement but this seems like an absolutely essential feature to me. I'm hosting a slate of client sites on DO Droplets and each needs compartmentalised access to its own Space for media files. Having all access keys able to access all Spaces is completely unworkable. Any update on this would be massively appreciated!

Morten Birkelund

I am surprised that this essential feature is missing. Anybody from DO that will explain the reasoning behind this?

Guus Leeuw

This really should be implemented. Even within one application that has multiple Spaces, I do not want Spaces to share access keys. A compromised access key for e.g. encrypted backups should not be usable to retrieve files from the "customers" spaces, revealing GDPR data... Please increase the priority accordingly!

João Lourenco

Kinda rediculous the way space permissions work, or should I say lack there of.

Never the less development seems super slow even for critical stuff like this, I guess AWS it is.

Pär Sandgren

This is a mayor security and privacy issue. One keypair shouldn't have unlimited access to everything. It's just plain stupid, and you know it :).

We need to be able to have isolated buckets for each environment (dev/stage/prod), or have isolated buckets for each customer.

Kas

+1 
This can also help with a variety of automation workflows, and having scoped keys can help reduce the risk / exposure should the keys get compromised. 
For example having a dedicated key (scoped to a space) to uploading release artefacts from GitHub action workflows, another key that's read-only to download those artefacts on droplets etc...
Hope to see improvements in this area to aid such workflows. 
Thanks!

→