Regenerate ONTAP S3 keys and modify their retention period
Access keys and secret keys are automatically generated during user creation for enabling S3 client access. You can regenerate keys for a user if a key is expired or compromised.
For information about generation of access keys, see Create an S3 user.
-
Click Storage > Storage VMs and then select the storage VM.
-
In the Settings tab, click in the S3 tile.
-
In the Users tab, verify that there is no access key, or the key has expired for the user.
-
If you need to regenerate the key, click next to the user, then click Regenerate Key.
-
By default, generated keys are valid for an indefinite amount of time. Beginning with 9.14.1, you can modify their retention period, after which the keys automatically expire. Enter the retention period in days, hours, minutes, or seconds.
-
Click Save. The key is regenerated. Any change in the key retention period takes effect immediately.
-
Download or save the access key and secret key. They will be required for access from S3 clients.
-
Regenerate access and secret keys for a user by running the
vserver object-store-server user regenerate-keys
command. -
By default, generated keys are valid indefinitely. Beginning with 9.14.1, you can modify their retention period, after which the keys automatically expire. You can add the retention period in this format:
P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W
For example, if you want to enter a retention period of one day, two hours, three minutes, and four seconds, enter the value asP1DT2H3M4S
.vserver object-store-server user regenerate-keys -vserver svm_name -user user -key-time-to-live 0
-
Save the access and secret keys. They will be required for access from S3 clients.