s3cure.py is a Python-based automation tool designed to simplify the creation and management of MinIO buckets, admin accounts, service accounts, and policies. By leveraging the MinIO Client (mc), this tool provides a streamlined way to set up S3-compatible storage resources with secure credentials and policies, making it ideal for enterprise environments.
- 🪣 Automated MinIO bucket creation
Quickly create MinIO buckets with a single command. - 👤 Admin account generation
Securely generate admin accounts with random credentials. - 🔒 Custom policy creation
Automatically create and attach policies for bucket access. - 🔑 Service account generation
Generate service accounts with access and secret keys. - 🛡️ Security-first design
Implements the principle of least privilege and uses cryptographically secure random credentials.
Before using s3cure.py, ensure the following requirements are met:
-
Python 3.6 or higher
Install Python from python.org. -
MinIO Client (
mc) installed and configured
The script relies on themcCLI tool to interact with the MinIO server. Install it from the MinIO Client page. -
Set up the MinIO Client alias
You must configure themcclient with an admin account to interact with your MinIO server. Use the following command to set up the alias:mc alias set minio https://s3.example.com minioadmin minioadmin
Replace
https://s3.example.comwith your MinIO server endpoint, andminioadminwith your admin username and password. -
Access to a MinIO server
Ensure you have access to a running MinIO server.
-
Clone the Repository:
git clone /~https://github.com/netspeedy/python-s3cure.git cd python-s3cure -
Set Permissions:
chmod +x s3cure.py
-
Run the Script:
./s3cure.py --bucket-name <bucket_name> [--endpoint <s3_endpoint>]
❯ ./s3cure.py -b testbucket
🌟 MinIO Bucket Creator - Resource Details 🌟
============================================================
🔑 Admin Credentials:
• Username: testbucket
• Password: NRTKcgPGS2a9hLAiefh3g8JV
🔐 Service Account Credentials:
• Access Key: EFQQACIZ89I9HG5W9GX2
• Secret Key: PQXH4V6wrlvjqcpEDDmbneoxdDsCBczGRab9fjtx
• Bucket: testbucket
• Endpoint: https://s3.example.com
============================================================❯ ./s3cure.py -b testbucket
⚠️ Bucket 'testbucket' already exists.- 🔐 Random Credential Generation: Uses cryptographically secure methods to generate passwords and keys.
- 🔒 Principle of Least Privilege: Ensures that accounts and policies are scoped to the minimum required permissions.
- 🛡️ Isolated Accounts: Creates separate admin and service accounts for each bucket.
-
Bucket Creation Fails:
- Ensure the MinIO client (
mc) is installed and configured correctly. - Verify that the bucket name is valid and does not already exist.
- Ensure the MinIO client (
-
Service Account Issues:
- Check the MinIO server logs for errors.
- Ensure the admin policy is correctly attached to the admin user.
-
Policy Creation Fails:
- Verify that the MinIO client has the necessary permissions to create policies.
We welcome contributions! To contribute:
- Fork the repository.
- Create a feature branch:
git checkout -b feature/amazing-feature
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature
- Open a pull request.
- 🎫 Issue Tracker: GitHub Issues
- 🚀 Initial release
- 🪣 MinIO bucket creation
- 🔑 Admin and service account generation
- 🔒 Policy creation and attachment
This project is licensed under the MIT License - see the LICENSE file for details.
Built with ❤️ by the Netspeedy Team
Last updated: January 19, 2025