s3keys gentempkey

Generates temporary access and secret keys for IAM user to access the Object Store.

NOTE
This command is available with the Data Fabric release version 7.7.0.6 (patch release) or higher. You must be the cluster administrator to be able to run this command for the generation of temporary secret key and access key for yourself or other users. The s3keys gentempkey command can be used to create a temporary access key and secret key to access an S3 object store for a limited period of time. The temporary access key and secret key generated by using the command expire after a default duration of 15 minutes, unless a different time duration is specified, while generating the temporary access key and secret key. To generate a secret key and access key that can be used for a longer duration, the s3keys generate command must be used.

Syntax

CLI
maprcli s3keys gentempkey	
        [-cluster cluster_name]
        [-username <user_name>]
        [-accountname <account_name>]
        [-domainname <domain_name>]
        [-duration <duration>]                            
REST http[s]://<host>:<port>/rest/s3keys/gentempkey?<parameters>

Parameters

Parameter Description
cluster The cluster on which to create the access and secret keys. The default is the current cluster.
domainname The domain to which the user belongs. The default value is primary. The domain contains multiple accounts.
accountname A unique administrative unit in a domain that owns buckets, policies, and users. The default value is default.
username The user for which to generate the keys. If not specified, the logged-in user is taken as the user to generate the keys.
duration Time duration, in seconds, for which the key is valid. The default value is 900 seconds (15 minutes). The temporary access key and secret key expire at the end of this time duration.
NOTE
If the s3keys gentempkey command is run before the end of the access key and secret key expiration time duration, the command returns the current access key and secret key, instead of generating a new access key and secret key. The access credentials cannot be renewed or refreshed.

Example

Generate temporary access and secret keys for the tempuser user in the default account and primary domain on a cluster by the name dfcluster.

CLI
maprcli s3keys gentempkey -cluster dfcluster -username tempuser -accountname default -domainname primary -duration 900 -json
{
        "timestamp":1725520096373,
        "timeofday":"2024-09-05 12:08:16.373 GMT-0700 AM",
        "status":"OK",
        "total":1,
        "data":[
                {
                        "accesskey":"VJR5BDOSI7SJIOZRHIDBXDAUDX1SHWQH6G7VWQSPEXL6U0PKEMQDJKY8GUJS20SPCQPT2346F6N",
                        "secretkey":"49UZ9TKCCE7MTJKUBLI8I",
                        "expiryTime":1725520996316
                }
        ]
}
REST
curl "https://<server_ip>:8443/rest/s3keys/gentempkey?cluster=dfcluster&domainname=primary&accountname=default&username=tempuser&duration=900"
--header 'Authorization: Bearer <bearer token>'