diff options
| author | Rowan Bohde <rowan.bohde@gmail.com> | 2024-05-27 07:56:04 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-27 20:56:04 +0800 |
| commit | c0880e7695346997c6a93f05cd01634cb3ad03ee (patch) | |
| tree | 3cb3a12dfbc25696f470ecdf00006d75cad20172 /custom | |
| parent | 98751108b11dc748cc99230ca0fc1acfdf2c8929 (diff) | |
| download | gitea-c0880e7695346997c6a93f05cd01634cb3ad03ee.tar.gz gitea-c0880e7695346997c6a93f05cd01634cb3ad03ee.zip | |
feat: add support for a credentials chain for minio access (#31051)
We wanted to be able to use the IAM role provided by the EC2 instance
metadata in order to access S3 via the Minio configuration. To do this,
a new credentials chain is added that will check the following locations
for credentials when an access key is not provided. In priority order,
they are:
1. MINIO_ prefixed environment variables
2. AWS_ prefixed environment variables
3. a minio credentials file
4. an aws credentials file
5. EC2 instance metadata
Diffstat (limited to 'custom')
| -rw-r--r-- | custom/conf/app.example.ini | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index afbd20eb56..7c05e7fefd 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -1872,7 +1872,10 @@ LEVEL = Info ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio` ;MINIO_ENDPOINT = localhost:9000 ;; -;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio` +;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`. +;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known +;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files +;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata. ;MINIO_ACCESS_KEY_ID = ;; ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio` @@ -2573,7 +2576,10 @@ LEVEL = Info ;; Minio endpoint to connect only available when STORAGE_TYPE is `minio` ;MINIO_ENDPOINT = localhost:9000 ;; -;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio` +;; Minio accessKeyID to connect only available when STORAGE_TYPE is `minio`. +;; If not provided and STORAGE_TYPE is `minio`, will search for credentials in known +;; environment variables (MINIO_ACCESS_KEY_ID, AWS_ACCESS_KEY_ID), credentials files +;; (~/.mc/config.json, ~/.aws/credentials), and EC2 instance metadata. ;MINIO_ACCESS_KEY_ID = ;; ;; Minio secretAccessKey to connect only available when STORAGE_TYPE is `minio` |