Help Center> Object Storage Service> Tools Guide> obsutil> Best Practices> Configuring Auto Obtaining of Access Keys for obsutil

Configuring Auto Obtaining of Access Keys for obsutil

Feature Description

In addition to obtaining the access keys from the .obsutilconfig configuration file, obsutil has the feature of obtaining the access keys in the chain mode. After this feature is enabled, obsutil attempts to obtain access keys from the configuration file, environment variables, and then the ECS in sequence.

If your obsutil runs on an ECS that is bound with an agency, you can use this feature to implement auto obtaining of access keys.

Configuration Method

Set autoChooseSecurityProvider in the configuration file to true. If you want to obtain access keys from environment variables, set OBS_ACCESS_KEY_ID to ak, OBS_SECRET_ACCESS_KEY to sk, and OBS_SECURITY_TOKEN to token (or left it empty). Alternatively, bind the ECS to an agency, so that obsutil automatically obtains access keys from the ECS.

Process of Searching for Access Keys

obsutil searches for access keys in the configuration file (ak, sk, and token). If access keys are not empty, the search ends. If access keys are empty, the process moves on to step 2.
obsutil searches for access keys from the system environment variables (OBS_ACCESS_KEY_ID, OBS_SECRET_ACCESS_KEY, and OBS_SECURITY_TOKEN). If access keys are not empty, the search ends. If access keys are empty, the process moves on to step 3.
Then obsutil searches for access keys of the agency bound to the ECS. If access keys are not empty, the search ends. If access keys are still empty, you can only access OBS as an anonymous user.

The "access keys are not empty" means both AK and SK are not empty, but the token can be empty.
In the environment variables, the value of OBS_ACCESS_KEY_ID is the AK, that of OBS_SECRET_ACCESS_KEY is the SK, and that of OBS_SECURITY_TOKEN corresponds to the token.
If the cross-region replication mode is enabled, OBS_ACCESS_KEY_ID_CRR corresponds to akCrr, OBS_SECRET_ACCESS_KEY_CRR corresponds to skCrr, and OBS_SECURITY_TOKEN_CRR corresponds to tokenCrr.
The prerequisite for querying the access keys from an ECS is that obsutil is running on an ECS that is bound to an agency.
After the mechanism for automatic obtaining of access keys is enabled, you still need to specify the endpoint.

Parent topic: Best Practices

Last Article: Setting obsutil Commands as Built-in Commands

Next Article: Fine-Tuning obsutil Performance

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Configuring Auto Obtaining of Access Keys for obsutil

Feature Description

Configuration Method

Process of Searching for Access Keys