Working with Customer Secret Keys

Object Storage provides an API to enable interoperability with Amazon S3.

To use this Amazon S3 Compatibility API, you need to generate the signing key required to authenticate with Amazon S3. This special signing key is an Access Key/Secret Key pair. Oracle provides the Access Key that is associated with your Console user login. You or your administrator generates the Customer Secret key to pair with the Access Key.

Note

"Customer Secret keys" were previously named "Amazon S3 Compatibility API keys". Any keys you had created are now listed in the Console as Customer Secret keys. You can continue to use the existing keys.

Each user created in the IAM service automatically can create, update, and delete their own Customer Secret keys in the Console or the API. An administrator doesn't need to create a policy to give a user those abilities. Administrators (or anyone with permission to the tenancy) also have the ability to manage Customer Secret keys for other users.

Any user of the Amazon S3 Compatibility API with Object Storage needs permission to work with the service. If you're not sure if you have permission, contact your administrator. For information about policies, see IAM Policies Overview.

Customer Secret keys don't expire. Each user can have up to two Customer Secret keys at a time. To create keys using the Console, see Creating a Customer Secret Key.