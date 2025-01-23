DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service.

This feature provides customers with identity-based, bucket-level control over access permissions, helping to enhance their data security and simplifying management.

Prior to the introduction of Per-Bucket Access Keys, many customers chose to limit the types of applications they ran on DigitalOcean infrastructure to those without object storage requirements or with minimal access management requirements in order to better control access to their object data.

Customers also opted to limit their overall number of object workloads in order to help ensure their users did not inadvertently gain access to data unrelated to their own roles.

With Per-Bucket Access Keys, administrators can assign read-only or read-write permissions for accessing specific buckets to the appropriate users and applications within their organization. This targeted approach strengthens organizational security, helping to ensure that users and applications only have access to the data they need, and it unlocks customers’ ability to run a much wider range of applications within a single DigitalOcean account.

“Managing access to data can be tricky. Overly complex security controls can make it difficult for customers to manage their cloud environments and often require additional investments in security experts,” said Keshav Attrey, Senior Product Manager for Spaces at DigitalOcean. “With Per-Bucket Access Keys, DigitalOcean now provides developers and businesses with robust and intuitive core security controls for their users and applications while helping them maintain operational simplicity.”

Real-world use cases

Per-Bucket Access Keys open up a range of new possibilities for businesses and developers:

Enhanced security : Help ensure applications and team members only have access to the data they need.

: Help ensure applications and team members only have access to the data they need. Multi-tenant environments : Better safeguard customer data by isolating access for each tenant.

: Better safeguard customer data by isolating access for each tenant. Environment isolation : Keep development, staging, and production environments separate within the same account.

: Keep development, staging, and production environments separate within the same account. Application-specific access : Help reduce the impact of a compromised access key by limiting its scope to a single bucket.

: Help reduce the impact of a compromised access key by limiting its scope to a single bucket. Secure file sharing: Share content from one bucket without exposing content from any other buckets.

“Spaces Per-Bucket Access Keys has significantly enhanced our infrastructure capabilities. By offering simple and approachable settings, it enables us to enhance security within individual buckets, providing us with a sense of security by precisely controlling access where it is most critical,” said Adam Tharani, platform developer at Marketcircle. “This enhanced control provides clarity, ultimately improving our workflows and enabling us to grant more access than previously possible.”

Future enhancements

We’re continuously working to improve the user experience and capabilities of Per-Bucket Access Keys. Here’s what’s on the horizon: