| title | description |
|---|---|
Static access keys compatible with the AWS API |
In this article, you will learn about the purpose of a static access key, its format, and about the services supporting this authentication method. |
A static access key is required to authenticate a service account in AWS-compatible APIs.
It consists of two parts:
- Key ID
- Secret key
Both parts are used in requests to the AWS-compatible API. A key ID is specified in open format. A secret key is used to sign request parameters and is not specified in the request.
It is the client's responsibility to store the secret key. {{ yandex-cloud }} gives access to it only when creating a static key.
A static key has no expiration date.
{% note alert %}
Make sure no third party has access to your secret key. Keep your key in a secure location. If your key has become known to a third party, reissue it.
{% endnote %}
{% include key-has-last-used-data %}
In addition to static access keys, you can use {{ sts-name }} temporary keys, also compatible with the AWS API, to work with {{ objstorage-full-name }}.
A key ID consists of 25 characters and always starts with YC. Other characters may include:
- Latin letters.
- Numbers.
- Underscores (
_) and hyphens (-).
Here is an example of a key ID: YCchbYEDdcsYFBnxSWbcjDJDn.
A secret key consists of 40 characters and always starts with YC. Other characters may include:
- Latin letters.
- Numbers.
- Underscores (
_) and hyphens (-).
Here is an example of a secret key: YCVdheub7w9bImcGAnd3dZnf08FRbvjeUFvehGvc.
For an example of using a secret key and its ID in an AWS-compliant API, see the AWS Command Line Interface section.
The following services support authentication based on static access keys: