Skip to content

S3 credentials

The SDK uses S3-style credentials to access object storage. You can provide credentials via environment variables or via the .dhcore.ini configuration file. Required values are the endpoint URL, access key id and secret access key; other fields are optional.

Important fields

  • AWS_ENDPOINT_URL — S3 endpoint (e.g., https://s3.example.com)
  • AWS_ACCESS_KEY_ID — access key id
  • AWS_SECRET_ACCESS_KEY — secret access key
  • AWS_SESSION_TOKEN — session token (optional)
  • AWS_REGION — region name (optional)
  • S3_SIGNATURE_VERSION — signature version (optional)
  • S3_PATH_STYLE — enable path-style addressing (optional, e.g., True/False)
  • AWS_CREDENTIALS_EXPIRATION — RFC3339 UTC timestamp for credential expiration (optional)

Environment variables

Set the variables in your shell or CI environment. Example:

export AWS_ENDPOINT_URL=`https://s3.example.com`
export AWS_ACCESS_KEY_ID=AKIA...
export AWS_SECRET_ACCESS_KEY=secret
export AWS_REGION=eu-west-1
export S3_SIGNATURE_VERSION=s3v4
export S3_PATH_STYLE=True

Configuration file (.dhcore.ini)

You can also place credentials in the .dhcore.ini file under a profile. Example format:

[__default]
AWS_ENDPOINT_URL = `https://s3.example.com`
AWS_ACCESS_KEY_ID = AKIA...
AWS_SECRET_ACCESS_KEY = secret
AWS_SESSION_TOKEN = optional-token
AWS_REGION = eu-west-1
S3_SIGNATURE_VERSION = s3v4
S3_PATH_STYLE = True
AWS_CREDENTIALS_EXPIRATION = 2025-08-26T12:00:00Z

Notes

  • The configurator will first check environment variables; if required vars are missing in env it will fall back to .dhcore.ini.
  • If file-based credentials include an expiration timestamp and it's expired, the SDK attempts to refresh the dhcore token where applicable.