0

We are trying to host Minio S3 as our public shared file repo. Management is asking to put a password on top of shared links to secure confidential data.

Is it possible to protect Minio S3 share link with credentials ?

smac2020
  • 9,637
  • 4
  • 24
  • 38
James Arems
  • 87
  • 3
  • 11
  • I don't know much about Minio, but I can assist with S3, and Minio is meant to be S3-compatible. In Minio, what is a 'shared link' and how is it generated in Minio? Can you point us to some documentation? What do you mean by a "public shared file repo"? – John Rotenstein Jun 27 '21 at 06:59

1 Answers1

1

If Minio mimics Amazon S3, then there is no concept of a 'password' for files.

Instead, there is the concept of an Amazon S3 pre-signed URLs, which is a time-limited URL that grants access to a private object. It is generated using the user's Secret Key (which could be considered a 'password'). Only somebody with the correct Secret Key can correctly generate a pre-signed URL.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • Minio works same as AWS s3, and we already have pre-signed URL. But we need to password protect that link (one time password), to prevent others from downloading it. – James Arems Jun 27 '21 at 07:06
  • The password is the `signature` that is part of the pre-signed URL. Without the correct signature as part of the URL, it is not possible to download the object. The signature is actually calculated from the other information (bucket, object, expiry time), so it is different for each pre-signed URL. If you wan to implement an additional 'password' feature, then you would need to write an app that requests the password and then generates the pre-signed URL. – John Rotenstein Jun 27 '21 at 12:00
  • @JohnRotenstein: We have a similar use case for AWS S3 . The problem is anyone with presigned url can access/download the file. Is there a way when that url is accessed, the user is requested to enter password/token? – jetty Feb 08 '23 at 14:08
  • @jetty You could certainly write your own web app that accepts the URL, authenticates the user, then redirects them to the website. However, it you would be responsible for coding all this logic. – John Rotenstein Feb 08 '23 at 20:54