Syntax of gateway access and secret keys

The AWS access and secret keys have a very specific format (e.g. [A-Z0-9](20}). It’s easy to filter out “obviously-wrong” strings if they don’t match those patterns and provide a good error message to the user.

It appears Storj/Tardigrade does not insist on the same format, otherwise I would not be getting insecure-dev-access-key as a valid value :slight_smile: Is there a similar regex, or could it be simply .+ in the general case?

We stick with “base58” keys (alphanumeric case sensitive) when generating keys automatically (so, [a-zA-Z0-9], where there are 20 encoded bytes), but the development default as you pointed out is insecure-dev-access-key.

I think I mentioned this on another thread but generally the best thing to do is to configure the access key to a value chosen yourself. I’m concerned if you’re trying to parse access keys? Can you share more about what you’re trying to do?

Just trying to find them in the config file and print them, for making things easier for the user.

BTW, these can be freely chosen? As in 1) change them in config file, 2) restart gateway, 3) everything works? So if security wasn’t an issue (e.g. 127.0.0.1:7777 only or suitable firewall, all users on system are allowed to use gateway etc) I could hard-code them?

BTW, these can be freely chosen? As in 1) change them in config file, 2) restart gateway, 3) everything works? So if security wasn’t an issue (e.g. 127.0.0.1:7777 only or suitable firewall, all users on system are allowed to use gateway etc) I could hard-code them?

Yep! The minio credentials can be freely chosen to whatever you want. All requests to the gateway use the same uplink-level configuration, so it will use the same Tardigrade project and the same access restrictions. The gateway can’t (currently) serve two different Tardigrade projects at the same time.

1 Like