Edge
Documentation / Storage

Storage

Access Keys

Access keys authenticate your applications with Edge Storage. Each key consists of an Access Key ID and a Secret Access Key.

Key Components

Access Key ID

A unique identifier for your key. Safe to store in configuration files.

EDGE1234567890ABCDEF

Secret Access Key

A secret token used to sign requests. Keep this secure!

wJalrXUtnFEMI/K7MDENG...

Generate a New Key

  1. 1 Navigate to Storage → Access Keys
  2. 2 Click Generate New Key
  3. 3 Copy both the Access Key ID and Secret Access Key
  4. 4 Store them securely (e.g., environment variables, secrets manager)

Important: Save Your Secret Key

The Secret Access Key is only shown once when the key is created. If you lose it, you'll need to generate a new key.

Permissions & Bucket Scoping

When creating a key, you can restrict its permissions and scope it to specific buckets. This follows the principle of least privilege — give each key only the access it needs.

Read & Write

Full access: upload, download, delete objects, create and delete buckets. Use for applications that manage content.

Read Only

Download and list only. Cannot upload, delete, or modify objects. Use for analytics, reporting, or public-facing read access.

Bucket Scope

By default, keys can access all buckets in the account. You can restrict a key to one or more specific buckets. A scoped key cannot see, access, or modify any bucket outside its scope.

All buckets — no scope set. Key works with any bucket. This is the default.

Specific buckets — key only works with the selected buckets. Requests to other buckets return AccessDenied.

Backward Compatible

Existing keys continue to work with full account-wide access. Scoping only applies to newly created keys where you explicitly set a bucket scope.

Security Best Practices

Use Environment Variables

Never hardcode credentials in your source code. Use environment variables or a secrets manager.

Rotate Keys Regularly

Create new keys periodically and delete old ones. This limits exposure if a key is compromised.

One Key Per Application

Use separate keys for different applications or environments. Makes it easy to revoke access if needed.

Separate Dev and Production

Use different keys (and ideally different buckets) for development and production environments.

Delete a Key

To revoke access for a key:

  1. Go to Storage → Access Keys
  2. Find the key you want to delete
  3. Click the delete button and confirm

The key is revoked immediately. Any applications using this key will no longer be able to authenticate.

Example: Using Environment Variables

Set variables in your shell:

export AWS_ACCESS_KEY_ID="your-access-key-id"
export AWS_SECRET_ACCESS_KEY="your-secret-access-key"
export AWS_ENDPOINT_URL="https://storage.edge.network"

Use in your code:

import { S3Client } from '@aws-sdk/client-s3'

// SDK automatically picks up environment variables
const client = new S3Client({
  endpoint: process.env.AWS_ENDPOINT_URL,
  region: 'us-east-1',
  forcePathStyle: true
})
Back to Docs Need help?