Usermanagement¶
For Administration Tasks you can use the MinIO Admin Tool.
export HCLOUD_TOKEN=$(pass internet/hetzner.com/projects/personal_storage/token) && \
export STORAGE_NODE_ENDPOINT=$(curl -s -H "Authorization: Bearer $HCLOUD_TOKEN" 'https://api.hetzner.cloud/v1/servers?name=storagenode' | jq -r '.servers[0].public_net.ipv4.dns_ptr') && \
mc config host add mystoragebox \
https://$STORAGE_NODE_ENDPOINT \
$(pass internet/project/mystoragebox/minio_access_key) \
$(pass internet/project/mystoragebox/minio_secret_key)
mc admin info mystoragebox
Bucket Policy¶
The MinIO Bucket Policies ar AWS Compatible.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::backup"
},
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::backup/*"
}
]
}
Additional Links:
mc admin policy add mystoragebox backup_policy test.json
Access Keys¶
new_user=backupuser \
&& pass generate -n internet/project/mystoragebox/users/${new_user}/minio_access_key 25 \
&& pass generate internet/project/mystoragebox/users/${new_user}/minio_secret_key 45 \
&& mc admin user add mystoragebox \
$(pass internet/project/mystoragebox/users/${new_user}/minio_access_key) \
$(pass internet/project/mystoragebox/users/${new_user}/minio_secret_key) \
backup_policy
mc admin user remove mystoragebox $(pass internet/project/mystoragebox/users/${new_user}/minio_access_key)