Skip to content

Explain S3 credential and project lifecycle behavior#110

Merged
icepic merged 1 commit into
masterfrom
s3-credentials-info
May 7, 2026
Merged

Explain S3 credential and project lifecycle behavior#110
icepic merged 1 commit into
masterfrom
s3-credentials-info

Conversation

@gabrielpaues
Copy link
Copy Markdown
Contributor

@gabrielpaues gabrielpaues commented May 7, 2026

Summary

  • New section in storage/getting-started.md explaining that S3 credentials are issued per user while the S3 account itself is bound to the project — covering the practical consequences for user removal, re-adding users, and SSO sign-in disablement vs. underlying account removal.
  • Adds a "Personal vs. shared credentials" subsection recommending personal credentials over a shared service-account key pair, with a short rotation-blast-radius rationale (for-cause termination vs. amicable departure).
  • Rewords the "Minimum required info for S3 access" paragraph to match the per-user model (was previously stating keys "are not personal" and that they should be shared within a project).
  • Removes the now-obsolete admonition about a future update offering personal S3 credentials within a project — that is the current behavior.

Follow-up to #109, which added the openstack CLI flow for issuing S3 credentials.

Test plan

  • mkdocs serve locally and verify the new section renders under "Get S3 credentials" with correct heading hierarchy.
  • Confirm the in-page link from "Minimum required info for S3 access" resolves to #s3-credentials-users-and-project-lifecycle.
  • Spot-check that the rest of the page (URL list, client configuration links, bucket naming) is unaffected.

Document S3 credential and project lifecycle behavior
56489a0 
Adds a new section to storage/getting-started.md explaining that S3
credentials are issued per user while the S3 account itself is bound to
the project, and walks through the practical consequences for user
removal, project lifecycle, and credential rotation.

Includes a recommendation to keep credentials personal rather than using a
shared service-account key pair, with a short rotation-blast-radius
rationale covering both for-cause termination and amicable departure.

Also rewords the "Minimum required info for S3 access" paragraph to match
the per-user model and removes the now-obsolete future-state note about
personal S3 credentials.
@icepic icepic merged commit 7f6ea38 into master May 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@icepic icepic icepic approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gabrielpaues @icepic