Skip to content

Allow the AWS SDK to get auth from the environment (fixes #28) #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LouisHaftmann merged 8 commits into from
Apr 8, 2025
Merged

Allow the AWS SDK to get auth from the environment (fixes #28) #88

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ddb231c
fix(s3): support s3 auth via env
Makeshift Jan 10, 2025
07e852b
chore(docs): remove uneeded env vars
Makeshift Jan 10, 2025
c005a8b
chore(s3): remove unneeded optional
Makeshift Jan 11, 2025
6aa22ab
Merge branch 'dev' into dev
DrJume Feb 17, 2025
166a548
feat: remove custom env var validation for s3 driver
Makeshift Mar 30, 2025
dcb5fdb
Merge remote-tracking branch 'upstream/dev' into dev
Makeshift Mar 30, 2025
dc6de04
fix: re-add accidentally-removed key
Makeshift Mar 30, 2025
8328de8
fix(s3): update test env vars
Makeshift Apr 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 2 additions & 23 deletions docs/content/2.storage-drivers/s3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,7 @@ services:

STORAGE_DRIVER: s3
STORAGE_S3_BUCKET: gh-actions-cache
STORAGE_S3_ACCESS_KEY: access_key
STORAGE_S3_SECRET_KEY: secret_key

STORAGE_S3_ENDPOINT: s3.amazonaws.com
STORAGE_S3_PORT: '443'
STORAGE_S3_USE_SSL: 'true'
volumes:
- cache-data:/app/.data

Expand All @@ -79,36 +74,20 @@ volumes:

Don't forget to set the `STORAGE_DRIVER` environment variable to `s3` to use the S3 storage driver.

The AWS SDK will automatically use any AWS credentials available in the environment, e.g. `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_REGION`.

#### `STORAGE_S3_BUCKET`

Example: `gh-actions-cache`

The name of the S3 bucket used for storage.

#### `STORAGE_S3_ACCESS_KEY`

Example: `access_key`

The access key for S3 storage.

#### `STORAGE_S3_SECRET_KEY`

Example: `secret_key`

The secret key for S3 storage.

#### `STORAGE_S3_ENDPOINT`

Example: `s3.amazonaws.com`, `minio`

The endpoint hostname for S3 storage.

#### `STORAGE_S3_REGION`

Example: `us-west-1`

The region for AWS S3. Not needed with MinIO.

#### `STORAGE_S3_PORT`

Example: `443`, `9000`
Expand Down
32 changes: 22 additions & 10 deletions lib/storage/drivers/s3.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,24 +17,36 @@ import { streamToBuffer } from '~/lib/utils'
export const s3Driver = defineStorageDriver({
envSchema: z.object({
STORAGE_S3_BUCKET: z.string().min(1),
STORAGE_S3_ENDPOINT: z.string().min(1),
STORAGE_S3_ENDPOINT: z.string().optional(),
STORAGE_S3_REGION: z.string().min(1).default('us-east-1'),
STORAGE_S3_PORT: z.coerce.number().positive(),
STORAGE_S3_USE_SSL: z.string().transform((v) => v === 'true'),
STORAGE_S3_ACCESS_KEY: z.string().min(1),
STORAGE_S3_SECRET_KEY: z.string().min(1),
STORAGE_S3_PORT: z.coerce.number().positive().optional(),
STORAGE_S3_USE_SSL: z
.string()
.transform((v) => v === 'true')
.optional(),
STORAGE_S3_ACCESS_KEY: z.string().optional(),
STORAGE_S3_SECRET_KEY: z.string().optional(),
AWS_REGION: z.string().optional(),
AWS_DEFAULT_REGION: z.string().optional(),
}),
async setup(options) {
const protocol = options.STORAGE_S3_USE_SSL ? 'https' : 'http'
const port = options.STORAGE_S3_PORT ? `:${options.STORAGE_S3_PORT}` : ''
let credentials

const s3 = new S3Client({
credentials: {
if (options.STORAGE_S3_ACCESS_KEY && options.STORAGE_S3_SECRET_KEY) {
Copy link
Contributor Author

@Makeshift Makeshift Jan 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This being separate is required, because having secretAccessKey and accessKeyId keys set to undefined in a credential object will cause the AWS SDK to throw and not actually grab from the env

credentials = {
secretAccessKey: options.STORAGE_S3_SECRET_KEY,
accessKeyId: options.STORAGE_S3_ACCESS_KEY,
},
endpoint: `${protocol}://${options.STORAGE_S3_ENDPOINT}${port}`,
region: options.STORAGE_S3_REGION,
}
}

const s3 = new S3Client({
credentials,
endpoint: options.STORAGE_S3_ENDPOINT
? `${protocol}://${options.STORAGE_S3_ENDPOINT}${port}`
: undefined,
region: options.AWS_REGION ?? options.AWS_DEFAULT_REGION ?? options.STORAGE_S3_REGION,
forcePathStyle: true,
})

Expand Down