Let us select which Spaces can be accessed on different API keys. Example: A key can only access a single Space.
This would be really important for me too.
I need to use different spaces for different clients and they must not be able to view/change anything in a space which is not one of theirs.
I really think that this feature is essential for the spaces product, many use cases cannot provide proper privacy/security without it!
Is there any status update on this idea/feature request? Is this something that is on the roadmap or may possibly be in the future?
In our case we are storing terraform state in a space, alongside a different space for a private docker registry. We also have a public space for static files for a platform we're building. We generated 3 different keys ( 1 for each section ) but just thinking of the fact that the public spaces key has access to our terraform backend makes me cringe :/. Definitely would be a sweet improvement :)
In a one-bucket:one-website scenario (eventually running for different companies), there is no reason that any website could mess with other website's buckets...
The way works API key is really surprising...
This is a show stopper.
I recently created a Support Ticket (#1670481) stating the following:
>Right now, when we generate SAKs, there's no way to limit access to different Spaces (Eg: One SAK for One Space, Another SAK for Another Space.).
>How can this be achieved?
To which I was prompted to share my voice here.
I am glad that there are other who share the same need.
I think this is a critical requirement, and the lack of this is a potential security issue.
I would be glad if this could be implemented ASAP.
Graham Wheeler said it best, having multiple sites with their own spaces shouldn't give them the ability to access each other's files.
What if the key and secret are somehow compromised? Not only do you have to generate a new pair, but data in ALL spaces can now be considered compromised. As soon as the 1-1 ability is possible, I'd be able to start using spaces for my customers.
I agree this is a much-needed requirement for a lot of us out there. A single key having access to *all* spaces on the account? That is a security concern and why I haven't started using spaces for my various projects.
It should be possible to generate an access key that has read/write or read-only access to a particular bucket/space. If I have a spaces account and multiple websites, each with its own space, they shouldn't be able to potentially read and write each other's files.
Read-Only Access Keys for files or spaces please!
The Read-only key for private files is a must! How else can you control what a system might do to the data?
We want to limit our attack surface, and would like to create several Spaces for different systems we use. System A should not be able to access information of System B; they should both get their own Space.
Why this should be a priority? Maximize Revenue for DO
I would create at least 3 seperate spaces if I was able to limit an API key to a specific Space;
This would mean we'd be throwing $15 to DO instead of $5 per month at a minimum.
Because we cannot limit an API Key to a Space at the moment we just have one Space with three virtual folders:
product : /production
product : /staging
product : /test
The benefit for DO: more revenue because of more Spaces
The benefit for Customers: being able to reduce the attack surface
We need this too!
I agree, I also need this level of control
We need this too.
DO did suggest creating teams to accomplish this but it would be nice to have something closer to S3.
Yes we need this ability to allow a single client to manage files in their own bucket / space.
This is a must. Also a key where we can give just *read only* access to a single/all spaces.
You won't be notified about changes to this idea.