Authentication methods
Object Storage supports several authentication methods. Choose the method that best fits your use case, then continue to Configure your client.OIDC Workload Identity Federation (recommended)
For production workloads, Workload Identity Federation with OIDC provides a secure authentication method. Your applications obtain tokens from your identity provider and exchange them for temporary CoreWeave access credentials that automatically expire. In Kubernetes environments, the Container Credentials API enables automatic credential rotation without application changes. For setup details, see Configure AWS CLI and boto3.Process Credential Provider
For environments that need interactive sign-in flows or custom token exchange, AWS SDKs support a Process Credential Provider that invokes a custom command to fetch and refresh credentials. This approach works for both human and machine workloads. For examples, see Configure AWS CLI and boto3.Static credentials
For initial testing and development, you can use static Access Keys created through the Cloud Console. Static credentials are long-lived and require manual rotation, so they aren’t recommended for production use.Configure your client
After choosing an authentication method, configure your S3-compatible client:- Cloud Console: no additional client configuration required. Sign in to the Cloud Console and browse objects directly.
- AWS CLI and boto3
- rclone
- Cyberduck
- s3cmd