accessKeys - Code Search

cmd/signature-v4-parser.go

	if len(credElements) < 5 {
		return ch, ErrCredMalformed
	}
	accessKey := strings.Join(credElements[:len(credElements)-4], SlashSeparator) // The access key may contain one or more `/`
	if !auth.IsAccessKeyValid(accessKey) {
		return ch, ErrInvalidAccessKeyID
	}
	// Save access key id.
	cred := credentialHeader{
		accessKey: accessKey,
	}
	credElements = credElements[len(credElements)-4:]
	var e error

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Oct 10 18:57:35 GMT 2025

- 9.4K bytes

- Click Count (0)

github.com/minio/minio

helm-releases/minio-3.6.4.tgz

Install the chart, specifying the users you want to create after install: ```bash helm install --set users[0].accessKey=accessKey,users[0].secretKey=secretKey,users[0].policy=none,users[1].accessKey=accessKey2,users[1].secretRef=existingSecret,users[1].secretKey=password,users[1].policy=none minio/minio ``` Description of the configuration parameters used above - - `users[].accessKey` - accessKey of user - `users[].secretKey` - secretKey of usersecretRef - `users[].existingSecret` - secret name that contains...

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Tue Apr 12 01:30:28 GMT 2022

- 17.9K bytes

- Click Count (0)

github.com/minio/minio

cmd/auth-handler.go

	}
	secret := globalActiveCred.SecretKey
	if globalSiteReplicationSys.isEnabled() && cred.AccessKey != siteReplicatorSvcAcc {
		nsecret, err := getTokenSigningKey()
		if err != nil {
			return nil, toAPIErrorCode(r.Context(), err)
		}
		// sign root's temporary accounts also with site replicator creds
		if cred.ParentUser != globalActiveCred.AccessKey || cred.IsTemp() {
			secret = nsecret
		}
	}
	if cred.IsServiceAccount() {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Aug 29 02:39:48 GMT 2025

- 25.4K bytes

- Click Count (0)

github.com/minio/minio

cmd/signature-v4-utils.go

	}

	claims, s3Err := checkClaimsFromToken(r, cred)
	if s3Err != ErrNone {
		return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
	if owner && !globalAPIConfig.permitRootAccess() {
		// We disable root access and its service accounts if asked for.

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Mon Nov 25 17:10:22 GMT 2024

- 9.1K bytes

- Click Count (0)

github.com/minio/minio

cmd/bucket-targets.go

			return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket, Err: err}
		case "AccessDenied":
			return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, AccessKey: tgt.Credentials.AccessKey, Err: err}
		}
		return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, AccessKey: tgt.Credentials.AccessKey, Err: err}
	}
	if !exists {
		return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket}
	}
	if tgt.Type == madmin.ReplicationService {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 20.9K bytes

- Click Count (0)

github.com/minio/minio

cmd/signature-v4-parser_test.go

func validateCredentialfields(t *testing.T, testNum int, expectedCredentials credentialHeader, actualCredential credentialHeader) {
	if expectedCredentials.accessKey != actualCredential.accessKey {
		t.Errorf("Test %d: AccessKey mismatch: Expected \"%s\", got \"%s\"", testNum, expectedCredentials.accessKey, actualCredential.accessKey)
	}
	if !expectedCredentials.scope.date.Equal(actualCredential.scope.date) {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Oct 10 18:57:35 GMT 2025

- 27.8K bytes

- Click Count (0)

github.com/minio/minio

cmd/bucket-lifecycle-handlers_test.go

		method     string
		bucketName string
		accessKey  string
		secretKey  string
		// Sent body
		body []byte
		// Expected response
		expectedRespStatus int
		lifecycleResponse  []byte
		errorResponse      APIErrorResponse
		shouldPass         bool
	}{
		// GET empty credentials
		{
			method: http.MethodGet, bucketName: bucketName,
			accessKey:          "",
			secretKey:          "",

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Mon Jun 10 15:50:49 GMT 2024

- 11.3K bytes

- Click Count (0)

github.com/minio/minio

internal/jwt/parser.go

}

// SetAccessKey sets access key as jwt subject and custom
// "accessKey" field.
func (c *StandardClaims) SetAccessKey(accessKey string) {
	c.Subject = accessKey
	c.AccessKey = accessKey
}

// Valid - implements https://godoc.org/github.com/golang-jwt/jwt#Claims compatible
// claims interface, additionally validates "accessKey" fields.
func (c *StandardClaims) Valid() error {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 14.1K bytes

- Click Count (0)

github.com/minio/minio

cmd/warm-backend-s3.go

		return nil, errors.New("both the token file and the role ARN are required")
	case conf.AccessKey == "" && conf.SecretKey != "" || conf.AccessKey != "" && conf.SecretKey == "":
		return nil, errors.New("both the access and secret keys are required")
	case conf.AWSRole && (conf.AWSRoleWebIdentityTokenFile != "" || conf.AWSRoleARN != "" || conf.AccessKey != "" || conf.SecretKey != ""):

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Jun 08 16:13:30 GMT 2025

- 5.8K bytes

- Click Count (0)

github.com/minio/minio

cmd/iam.go

	switch {
	case usersPrefix:
		accessKey := path.Dir(strings.TrimPrefix(event.keyPath, iamConfigUsersPrefix))
		err = sys.store.UserNotificationHandler(ctx, accessKey, regUser)
	case stsPrefix:
		accessKey := path.Dir(strings.TrimPrefix(event.keyPath, iamConfigSTSPrefix))
		err = sys.store.UserNotificationHandler(ctx, accessKey, stsUser)
	case svcPrefix:

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Wed Oct 15 17:00:45 GMT 2025

- 76.5K bytes

- Click Count (0)

Search Options