> ## Documentation Index > Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt > Use this file to discover all available pages before exploring further. # Connect to Object Storage > Authentication methods and client setup for CoreWeave AI Object Storage This page helps you connect to CoreWeave AI Object Storage by selecting an authentication method, configuring an S3-compatible client, and starting to work with objects in your buckets. It's for developers and operators who prepare applications or tools to interact with Object Storage. ## Authentication methods Object Storage supports several authentication methods. Choose the method that best fits your use case, then continue to [Configure your client](#configure-your-client). ### OIDC Workload Identity Federation (recommended) For production workloads, [Workload Identity Federation with OIDC](/products/storage/object-storage/auth-access/workload-identity-federation/use-oidc-tokens) provides a secure authentication method. Your applications obtain tokens from your identity provider and exchange them for temporary CoreWeave access credentials that automatically expire. In Kubernetes environments, the [Container Credentials API](https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html) enables automatic credential rotation without application changes. For setup details, see [Configure AWS CLI and boto3](/products/storage/object-storage/using-object-storage/s3-clients/aws). ### Process Credential Provider For environments that need interactive sign-in flows or custom token exchange, AWS SDKs support a [Process Credential Provider](https://docs.aws.amazon.com/sdkref/latest/guide/feature-process-credentials.html) that invokes a custom command to fetch and refresh credentials. This approach works for both human and machine workloads. For examples, see [Configure AWS CLI and boto3](/products/storage/object-storage/using-object-storage/s3-clients/aws#workload-identity-federation-with-a-credential-process). ### Static credentials For initial testing and development, you can use static Access Keys created through the [Cloud Console](/products/storage/object-storage/auth-access/manage-access-keys/create-keys). Static credentials are long-lived and require manual rotation, so they aren't recommended for production use. Static Access Keys are a security risk in production environments because they are long-lived and can be leaked. Use [Workload Identity Federation](/products/storage/object-storage/auth-access/workload-identity-federation/about) instead. ## Configure your client After choosing an authentication method, configure your S3-compatible client: * [AWS CLI and boto3](/products/storage/object-storage/using-object-storage/s3-clients/aws) * [rclone](/products/storage/object-storage/using-object-storage/s3-clients/rclone) * [Cyberduck](/products/storage/object-storage/using-object-storage/cyberduck) * [s3cmd](/products/storage/object-storage/using-object-storage/s3-clients/s3cmd) ## Work with objects With authentication set up and your client configured, you're ready to interact with your data. You can [manage objects](/products/storage/object-storage/using-object-storage/manage-objects) in your buckets, including uploads, listings, deletions, and renames. For endpoint configuration details, including virtual-hosted addressing and LOTA endpoints, see [Set endpoints](/products/storage/object-storage/using-object-storage/configure-endpoints).