Managing Access Keys
Not connected yet? Start with Connecting an S3 Client.
Each bucket has three key slots, one per permission level. Activate them as you need them.
Permission levels
Admin (RWO) has full control: read, write, delete. Use for backups and migrations. Don't hand this to apps that only need read access.
Read / Write can upload and download but cannot delete objects or manage the bucket. Use for applications.
Read Only can download and list objects. Use for CDNs and third-party integrations.
Activating a key
Inactive keys show "Not activated" with an Activate button. Click it. The key is created and your secret is shown once. Copy it.
Rotating a key
Rotation replaces the current secret with a new one. The old secret stops working immediately.
-
Click Rotate on the key
-
Confirm through the two-step prompt
-
Copy the new secret
-
Update your apps before they lose access
Deactivating a key
Deactivation revokes access instantly. The key slot stays and can be reactivated later with a new secret.
Any app using a deactivated key loses access immediately.