s3keys gentempkey

Generates temporary access and secret keys for IAM user to access the Object Store.

NOTE

This command is available with the Data Fabric release version 7.7.0.6 (patch release) or higher. You must be the cluster administrator to be able to run this command for the generation of temporary secret key and access key for yourself or other users. The

s3keys
                        gentempkey

command can be used to create a temporary access key and secret key to access an S3 object store for a limited period of time. The temporary access key and secret key generated by using the command expire after a default duration of 15 minutes, unless a different time duration is specified, while generating the temporary access key and secret key. To generate a secret key and access key that can be used for a longer duration, the s3keys generate command must be used.

Syntax

CLI	`maprcli s3keys gentempkey [-cluster cluster_name] [-username <user_name>] [-accountname <account_name>] [-domainname <domain_name>] [-duration <duration>]`
REST	`http[s]://<host>:<port>/rest/s3keys/gentempkey?<parameters>`

Parameters

Parameter	Description
`cluster`	The cluster on which to create the access and secret keys. The default is the current cluster.
`domainname`	The domain to which the user belongs. The default value is `primary`. The domain contains multiple accounts.
`accountname`	A unique administrative unit in a domain that owns buckets, policies, and users. The default value is `default`.
`username`	The user for which to generate the keys. If not specified, the logged-in user is taken as the user to generate the keys.
`duration`	Time duration, in seconds, for which the key is valid. The default value is 900 seconds (15 minutes). The temporary access key and secret key expire at the end of this time duration. NOTE If the `s3keys gentempkey` command is run before the end of the access key and secret key expiration time duration, the command returns the current access key and secret key, instead of generating a new access key and secret key. The access credentials cannot be renewed or refreshed.

Example

Generate temporary access and secret keys for the tempuser user in the default account and primary domain on a cluster by the name dfcluster.

CLI

maprcli s3keys gentempkey -cluster dfcluster -username tempuser -accountname default -domainname primary -duration 900 -json
{
        "timestamp":1725520096373,
        "timeofday":"2024-09-05 12:08:16.373 GMT-0700 AM",
        "status":"OK",
        "total":1,
        "data":[
                {
                        "accesskey":"VJR5BDOSI7SJIOZRHIDBXDAUDX1SHWQH6G7VWQSPEXL6U0PKEMQDJKY8GUJS20SPCQPT2346F6N",
                        "secretkey":"49UZ9TKCCE7MTJKUBLI8I",
                        "expiryTime":1725520996316
                }
        ]
}

REST

curl "https://<server_ip>:8443/rest/s3keys/gentempkey?cluster=dfcluster&domainname=primary&accountname=default&username=tempuser&duration=900"
--header 'Authorization: Bearer <bearer token>'

HPE Ezmeral Data Fabric – Customer-Managed 7.9.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.9.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	November 2024
Edition	7.9.0