About Authentication and Access Control
Authentication and authorization for AI Object Storage
Before you start using AI Object Storage, you must set up access tokens, access keys, and organization access policies. Bucket access policies are optional for finer-grained control. The Object Storage API lets you manage access keys and policies programmatically, while the Object Storage S3 endpoint lets you create and manage buckets and objects.
Authentication summary table
This table summarizes the authentication required to use each AI Object Storage API and interface:
| API/Interface | Purpose | Authentication Required |
|---|---|---|
Object Storage APIapi.coreweave.com | IAM management Create access keys, org policies | Access tokens with admin or write permissions for AI Object Storage |
Object Storage S3-compatible endpointscwobject.com or cwlota.com | Storage operations Manage buckets, upload objects | Access keys to authenticate users |
| Cloud Console | Both IAM and Storage | Access Tokens (IAM) Access Keys (Storage) |
When ready to move to production, you can use Workload Identity Federation to create more secure access keys.
Using policies for access control
After you create access tokens and access keys for authentication, you must create an organization policy to control access to AI Object Storage resources in your project. Optionally, you can also set bucket-level policies for finer-grained access control. Learn how organization and bucket policies are evaluated, and create an organization policy.
Get started
- See How-To: Get Started with AI Object Storage for a step-by-step guide to set up your environment and start using CoreWeave AI Object Storage.
- Use server-side encryption with customer keys (SSE-C) to encrypt your data in AI Object Storage using keys that you provide and manage.