S3 credentials
The SDK uses S3-style credentials to access object storage. You can provide credentials via environment variables or via the .dhcore.ini configuration file. Required values are the endpoint URL, access key id and secret access key; other fields are optional.
Important fields
- AWS_ENDPOINT_URL — S3 endpoint to point to. MUST include the scheme (e.g.,
https://s3.example.com) - AWS_ACCESS_KEY_ID — access key id
- AWS_SECRET_ACCESS_KEY — secret access key
- AWS_SESSION_TOKEN — session token (optional)
- AWS_REGION — region name (optional)
- S3_SIGNATURE_VERSION — signature version (optional)
- S3_PATH_STYLE — enable path-style addressing (optional, e.g., True/False)
- AWS_CREDENTIALS_EXPIRATION — RFC3339 UTC timestamp for credential expiration (optional)
Environment variables
Set the variables in your shell or CI environment. Example:
export AWS_ENDPOINT_URL=`https://s3.example.com`
export AWS_ACCESS_KEY_ID=access-key
export AWS_SECRET_ACCESS_KEY=secret-key
export AWS_SESSION_TOKEN=session-token
export AWS_REGION=eu-west-1
export S3_SIGNATURE_VERSION=s3v4
export S3_PATH_STYLE=True
Configuration file (.dhcore.ini)
You can also place credentials in the .dhcore.ini file under a profile. Example format:
aws_endpoint_url = `https://s3.example.com`
aws_access_key_id = access-key
aws_secret_access_key = secret-key
aws_session_token = session-token
aws_region = eu-west-1
s3_signature_version = s3v4
s3_path_style = True
aws_credentials_expiration = 2025-08-26T12:00:00Z
Utils
The SDK provides an utility to get a configured boto3 S3 client:
Notes
- The configurator will first check environment variables; if required vars are missing in env it will fall back to
.dhcore.ini. - If file-based credentials include an expiration timestamp and it's expired, the SDK attempts to refresh the dhcore token where applicable.