Skip to main content

Manage Object Storage Access Keys

To access Object Storage, users must authenticate their requests with access keys. This guide explains how to create and revoke access keys with the Object Storage API. To manage access keys, you need an API Access Token with admin permissions.

Create access keys

The Object Storage API provides an endpoint to create permanent keys, or temporary access keys with a specified duration.

Permanent keys

Permanent keys do not expire and can be used indefinitely. To create a permanent access key, first create a JSON object with durationSeconds set to 0.

data.json
{

  "durationSeconds": 0

}

Then, submit the request to the /access-key endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \

       -H "Content-Type: application/json" \

       -H "Authorization: Bearer {API_ACCESS_TOKEN}" \

       -d @data.json

A successful response returns the key.

Response status code 200
{

    "accessKeyID": "CWABCDEFGHIJKLMN",

    "expiry": "1970-01-01T00:00:00Z",

    "principalName": "coreweave/[email protected]",

    "secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"

}

Temporary access keys

Create temporary access keys in the same manner as permanent keys, but with a duration in seconds. The maximum duration is 43200 seconds (12 hours).

To begin, create a JSON object that defines durationSeconds as the desired duration, such as the example data.json that creates a key with a 5-minute duration.

data.json
{

  "durationSeconds": 300

}

Submit the request to the /access-key endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/access-key \

       -H "Content-Type: application/json" \

       -H "Authorization: Bearer {API_ACCESS_TOKEN}" \

       -d @data.json

A successful response returns the key.

Response status code 200
{

    "accessKeyID": "CWABCDEFGHIJKLMN",

    "expiry": "2024-01-01T09:15:01Z",

    "principalName": "coreweave/[email protected]",

    "secretKey": "cwo1234567890abcdefghijklmnopqrstuvwxyz1234"

}

Revoke access keys

The Object Storage API provides endpoints to revoke individual access keys, or all keys associated with a principal.

Revoke an individual access key

To revoke an access key, first create a JSON object that specifies the key ID, such as the example data.json.

data.json
{

  "accessKey": "CWABCDEFGHIJKLMN"

}

Then, submit the request to the /revoke-access-key/access-key endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/revoke-access-key/access-key \

       -H "Content-Type: application/json" \

       -H "Authorization: Bearer {API_ACCESS_TOKEN}" \

       -d @data.json

A successful response returns an empty object and the key is revoked.

Response status code 200
{}

Revoke all access keys for a principal

To revoke all access keys for a principal, create a JSON object that specifies the principal name.

data.json
{

  "principalName": "coreweave/[email protected]"

}

Then, submit the request to the /revoke-access-key/principal endpoint with the JSON object in the body. Replace {API_ACCESS_TOKEN} with your API access token.

Example request
$
curl -X POST https://api.coreweave.com/v1/cwobject/revoke-access-key/principal \

       -H "Content-Type: application/json" \

       -H "Authorization: Bearer {API_ACCESS_TOKEN}" \

       -d @data.json

A successful response returns an empty object and all keys for the principal are revoked.

Response status code 200
{}

Additional resources

Last updated on