MigraDrive Docs Open Console

Access Keys

Access keys are credentials used by tools and applications to access MigraDrive S3. Treat them like passwords.

Best practices

  • Use one key per app/workload (not shared across everything)
  • Rotate keys on a schedule (e.g., every 60–90 days)
  • Store secrets in a password manager or secret manager
  • Prefer least privilege (bucket-scoped where possible)
  • Never hardcode secrets in source code or Git

Naming strategy

Name keys so you can audit and rotate safely. 

srv1-backups-rclone
wp-media-uploader
analytics-export-job
client-acme-backups

Use keys with AWS CLI

Use environment variables only (no config files written to disk). 

export AWS_ACCESS_KEY_ID="REPLACE_ME"
export AWS_SECRET_ACCESS_KEY="REPLACE_ME"
export AWS_DEFAULT_REGION="us-east-1"

aws s3 ls --endpoint-url "https://s3.migradrive.com"

Rotation procedure (safe)

  1. Create a new key for the same workload (do not delete the old key yet).
  2. Update the app/tool to use the new key.
  3. Verify uploads/downloads succeed.
  4. Disable or delete the old key.

Never rotate by deleting first. Always overlap and validate.