Help Center> My Credentials> User Guide> Temporary Access Key (for Federated Users)
Updated on 2022-09-15 GMT+08:00

Temporary Access Key (for Federated Users)

A temporary access key is an identity credential that has temporary access permissions. It consists of an access key ID (AK) and a secret access key (SK). AK is used together with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

After logging in to the management console, users authorized by the administrator can create and delete their own temporary access key on the My Credentials page. Only federated users can create a temporary access key on the My Credentials page. For accounts and IAM users, see Access Keys.

If a user cannot log in to the console or does not have permissions to visit the My Credentials page, the administrator can manage permanent access keys for the user in IAM.

If you are a federated user, you are advised to use a temporary access key.

Differences Between Temporary and Permanent Access Keys

Temporary and permanent access keys work almost in the same way and only have slight differences.

Table 1 Differences between temporary and permanent access keys


Temporary Access Keys

Permanent Access Keys

Validity period

15 minutes to 24 hours

Unlimited validity


Unlimited and can be generated repeatedly

2 access keys for each IAM user

Creation method

Generated dynamically, cannot be embedded into applications or stored for later use, and must be generated again after expiration. For details, see Creating a Temporary Access Key.


Credential management

Cannot be deleted, enabled, or disabled and will be automatically invalidated and cleared when they expire.

Can be deleted, enabled, and disabled by the administrator on the IAM console.


  1. To ensure account security, keep the temporary access key secure and set a proper validity period for it.
  2. If you are an administrator, you can view the AK of an IAM user on the user details page. The SK is kept by the user.

Creating a Temporary Access Key

  1. On the management console, hover over the username in the upper right corner and choose My Credentials from the drop-down list.
  2. Choose Permanent Access Key from the navigation pane.
  3. In the upper right corner of the page, set a validity period from 15 minutes to 24 hours.
  4. Click Generate in the Operation column.

    After the access key is created, view the AK, SK, and STS token in the access key list.

    When you refresh the Temporary Access Key page, the AK, SK, and STS token content are cleared, but they will stay valid before they expire. Keep the access key properly.