Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt

Use this file to discover all available pages before exploring further.

This page shows you how to create the access keys you use to authenticate against CoreWeave AI Object Storage. You need access keys to call the Object Storage S3 endpoint and the Object Storage API. Access keys created using Cloud Console tokens can be permanent or temporary. Permanent keys don’t expire, while temporary keys are valid for a specified duration. You can create access keys in the CoreWeave Cloud Console or with the CoreWeave API. Choose the Cloud Console method for an interactive workflow, or the API method when you need to automate key creation.
Production workloads should use Workload Identity Federation instead of Cloud Console tokens. Workload Identity Federation provides a more secure, controlled way to generate time-limited access keys using SAML assertions.

Create access keys in the Cloud Console

Use this method to create a key interactively from the web UI. Key creation is restricted to administrators, so you must be signed in as a user with the Object Storage Admin IAM role (or equivalent legacy access, such as membership in the admin group).
  1. In the Cloud Console, navigate to the Access Keys page.
  2. Click the Create Key button at the top right corner of the page.
  3. In the dialog:
    • For a temporary key, enter the desired duration in seconds and click Create.
    • For a permanent key, select Enable Permanent Key and click Create.
Create access key

Create access keys with the API

Use this method to create keys programmatically, for example, from a script or automated workflow. To create access keys with the API, you must first create a JSON object that defines the key’s properties. The JSON object must include the durationSeconds property, which specifies how long the key is valid. The following sections show how to create permanent and temporary keys.

Permanent keys

Permanent keys don’t expire and can be used indefinitely. To create a permanent access key, set durationSeconds to 0 in a JSON object. The value of 0 in the example data.json indicates that the key doesn’t expire.
data.json
{
  "durationSeconds": 0
}
Then, submit the request to the /access-key endpoint with the JSON object in the body. Replace [API-ACCESS-TOKEN] with your API access token.
Example request
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer [API-ACCESS-TOKEN]" \
     -d @data.json
A successful response returns the key with the expiry field set to 1970-01-01T00:00:00Z, which indicates that the key doesn’t expire.
Response status code 200
{
    "accessKeyID": "CWABCDEFGHIJKLMN",
    "expiry": "1970-01-01T00:00:00Z",
    "principalName": "coreweave/my-user@test.com",
    "secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"
}

Temporary keys

To create temporary access keys, set durationSeconds to the desired duration in seconds. Temporary keys expire after the specified duration. To begin, create a JSON object that defines durationSeconds. The following example creates a key with a 300-second (5-minute) duration.
data.json
{
  "durationSeconds": 300
}
Submit the request to the /access-key endpoint with the JSON object in the body. Replace [API-ACCESS-TOKEN] with your API access token.
Example request
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer [API-ACCESS-TOKEN]" \
     -d @data.json
A successful response returns the key. The expiry field is set to the time the key expires.
Response status code 200
{
    "accessKeyID": "CWABCDEFGHIJKLMN",
    "expiry": "2024-01-01T09:15:01Z",
    "principalName": "coreweave/my-user@test.com",
    "secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"
}
Last modified on May 29, 2026