Credentials¶

S3 credentials come can be stored in a variety of places, and handtruck lets you specify.

Keywords¶

You can just specify your access key to S3Client:

client = S3Client(
    url="http://your-s3-host",
    access_key_id="key_id",
    secret_access_key="access_key",
    client=httpx.AsyncClient(),
)

Static¶

StaticCredentials works the same:

credentials = StaticCredentials(
    access_key_id='aaaa',
    secret_access_key='bbbb',
    region='us-east-1',
)
client = S3Client(
    url="http://your-s3-host",
    client=httpx.AsyncClient(),
    credentials=credentials,
)

URL¶

You can pull credentials from a URL with URLCredentials:

url = "http://key@hack-me:your-s3-host"
credentials = URLCredentials(url, region="us-east-1")
client = S3Client(
    url="http://your-s3-host",
    client=httpx.AsyncClient(),
    credentials=credentials,
)

This will also happen implicitly:

client = S3Client(
    url="http://key_id:access_key@your-s3-host",
    client=httpx.AsyncClient(),
)

Environment Variables¶

You can pull credentials from the usual environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and AWS_DEFAULT_REGION) with EnvironmentCredentials:

credentials = EnvironmentCredentials(region="us-east-1")
client = S3Client(
    url="http://your-s3-host",
    client=httpx.AsyncClient(),
    credentials=credentials,
)

Configuration File¶

ConfigCredentials will pull from an awscli configuration file:

credentials = ConfigCredentials("~/.my-custom-aws-credentials")
client = S3Client(
    url="http://your-s3-host",
    client=httpx.AsyncClient(),
    credentials=credentials,
)

If no path is given, the environment variables AWS_SHARED_CREDENTIALS_FILE and AWS_SHARED_CONFIG_FILE will be checked, and then typical defaults will be used.

AWS Metadata Service¶

If you’re running inside of AWS, you can ask it for credentials with MetadataCredentials:

async with MetadataCredentials() as credentials:
    client = S3Client(
        url="http://your-s3-host",
        client=httpx.AsyncClient(),
    )

MetadataCredentials runs a background task to keep credentials fresh. The context manager handles this and is not optional.

Multiple Credential Sources¶

It is extremely common to support multiple credential source. merge_credentials() handles this for you:

credentials = merge_credentials(
    EnvironmentCredentials(),
    ConfigCredentials(),
)
client = S3Client(
    url="http://your-s3-host",
    client=httpx.AsyncClient(),
    credentials=credentials,
)