Skip to main content
GET
Create access key from container credentials

gRPC method: CreateAccessKeyFromContainerCreds

  • The API server is https://api.coreweave.com.
  • This endpoint uses the ContainerCredentialsAuth scheme: send a raw JWT/OIDC token as the Authorization header value, with no Bearer prefix. This shape matches the AWS container-credentials provider for in-cluster workloads.
Returns a short-lived CoreWeave AI Object Storage access key for an in-cluster workload, authenticated by the workload’s own OIDC token. The response uses the AWS-compatible PascalCase shape (AccessKeyId, SecretAccessKey, Token, Expiration) so existing AWS SDKs and tooling that consume the AWS_CONTAINER_CREDENTIALS_FULL_URI environment variable can adopt it without code changes. Substitute {orgId} with your organization ID.
Example request

Authorizations

Authorization
string
header
required

Raw JWT/OIDC token sent as the Authorization header value with no Bearer prefix. Only used by GET /v1/cwobject/temporary-credentials/oidc/{orgId} for the AWS-style container-credentials provider.

Path Parameters

orgId
string
required

Response

OK

AWS-compatible container-credentials response shape. The property names use PascalCase (AccessKeyId, SecretAccessKey, Token, Expiration) so existing AWS SDKs and tooling that consume AWS_CONTAINER_CREDENTIALS_FULL_URI can adopt this endpoint without code changes. This is intentional and differs from every other endpoint, which uses camelCase.

AccessKeyId
string

The access-key ID.

SecretAccessKey
string

The secret access key. Treat as a credential.

Token
string

An optional session token. May be empty for non-session credentials.

Expiration
string<date-time>

The expiration time of the credentials.

attributes
object

Free-form caller-supplied attributes attached to the key (for example, name).

multiAttributes
object

Free-form caller-supplied multi-valued attributes attached to the key. Each value is an AttributeList (an array of strings).

Last modified on July 13, 2026