Programmatic Tigris token management?

AstraLuma · May 5, 2024, 5:37pm

Is there an API, CLI, SOAP email address, etc to allow code to manage bucket access tokens? It’s not in the Tigris docs or the fly CLI token docs.

jmj · May 9, 2024, 12:53am

Hi AstraLuma - are you referring to access keys or AWS session tokens?

AstraLuma · May 9, 2024, 1:41am

Either? The thing you need to access the Tigris S3 API.

jmj · May 9, 2024, 2:28am

For the first time you have to create/grab the keys manually using

fly storage create

or

fly storage dashboard

or

going straight to the Tigris dashboard at https://console.tigris.dev - later on using AWS SDKs you can create access key

AstraLuma · May 9, 2024, 2:52am

Ok. How do I make a new token through code?

jmj · May 9, 2024, 5:10am

You can use AWS SDK, Here is an example for GoLang

	// Initialize a new AWS session
	sess, err := session.NewSession(&aws.Config{
		Endpoint: aws.String("https://fly.storage.tigris.dev:8009"),
		Region:   aws.String("auto"),
		Credentials: credentials.NewStaticCredentials("<your_access_key_id>",
			"<your_access_key_secret>", ""), // <--- place your credentials here
	})
	if err != nil {
		fmt.Println("Failed to create AWS session:", err)
		return
	}

	// Create a new IAM service client
	iamSvc := iam.New(sess)

	// Create access key
	result, err := iamSvc.CreateAccessKey(&iam.
		CreateAccessKeyInput{UserName: aws.String("test-access-key-name")})
	if err != nil {
		fmt.Println("Failed to create access key:", err)
		return
	}

	// Print the access key details
	fmt.Println("Access Key ID:", *result.AccessKey.AccessKeyId)
	fmt.Println("Secret Access Key:", *result.AccessKey.SecretAccessKey)

with imports

	"fmt"
	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/iam"

Similarly for other languages you can refer to AWS SDKs documents here

Java Manage IAM access keys - AWS SDK for Java 2.x

NodeJS Managing IAM Access Keys - AWS SDK for JavaScript

Similarly you can refer to other languages SDK example usage here Use CreateAccessKey with an AWS SDK or command line tool - AWS Identity and Access Management

Note

You still have to create initial one time key as mentioned above
The IAM service is served at port 8009 as shown in the example code above

Please do not hesitate to reach out if you have additional question.

AstraLuma · May 9, 2024, 5:52pm

Ah ok, thanks!

system · May 16, 2024, 5:53pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.