Configuring Auto Obtaining of Access Keys for obsutil

Feature Description

In addition to obtaining access keys (AK/SK) from the .obsutilconfig file, obsutil has the feature of automatically obtaining access keys in chain mode, to obtain access keys from system environment variables or to obtain temporary access keys through ECS APIs.

With this feature enabled, obsutil attempts to obtain available access keys from the .obsutilconfig file, system environment variables, and then ECS in sequence.

Configuration Method

1. Enable the feature of automatically obtaining access keys in chain mode.

   Set autoChooseSecurityProvider in the .obsutilconfig file to true.

2. Configure the methods of obtaining access keys for obsutil.
   • .obsutilconfig file: Configure parameters ak and sk. The AK and SK have been automatically written into the .obsutilconfig file during initialization (see Performing the Initial Configuration). You can modify them if needed.
   • System environment variables: Set OBS_ACCESS_KEY_ID to ak, OBS_SECRET_ACCESS_KEY to sk, and OBS_SECURITY_TOKEN to token (can be left blank).
   • ECS APIs: Ensure that the ECS has been bound to an IAM agency that has OBS permissions configured. For details, see Obtaining a Security Key from an ECS.

Process of Searching for Access Keys

1. Search for access keys in the .obsutilconfig file (ak, sk, and token). If access keys are not left blank, the search ends. If they are not blank, continue to the next step.
2. Search for access keys from system environment variables (OBS_ACCESS_KEY_ID, OBS_SECRET_ACCESS_KEY, and OBS_SECURITY_TOKEN). If access keys are not left blank, the search ends. If they are left blank, continue to the next step.
3. Search for temporary access keys from the ECS where obsutil runs. If the temporary access keys are not left blank, the search ends. Otherwise, access OBS as an anonymous user.