CloudRaya Documentation
Storage ServicesStorageRaya

Access & Credentials

Access credentials allow applications, Virtual Machines, and external tools to securely interact with your StorageRaya buckets, CloudRaya’s S3-compatible object storage service.

This page explains how credentials work, how to use them safely, and best practices to avoid common security mistakes.

Understanding StorageRaya Credentials

StorageRaya uses an access key–based authentication model, compatible with the Amazon S3 API.

Each credential pair consists of:

  • Access Key
  • Secret Key

Together, these keys authorize operations such as:

  • Uploading objects
  • Downloading files
  • Listing bucket contents
  • Managing objects programmatically

Credentials identify who is making a request and whether that request is allowed.

Credential Lifecycle in CloudRaya

When Credentials Are Created

Credentials are generated automatically when a bucket is created in StorageRaya.

Immediately after creation, CloudRaya displays a one-time credentials popup containing:

  • Bucket Name
  • Access Key
  • Secret Key
⚠️ Important

The Secret Key is shown only once and cannot be retrieved later.
You must store it securely before closing the dialog.

One-Time Credential Display (Critical)

After a bucket is successfully created, a confirmation dialog appears with the credentials.

What You Should Do Immediately

  • Copy both the Access Key and Secret Key
  • Store them securely, such as in:
    • A password manager
    • A secrets management system
    • An encrypted configuration vault

If the Secret Key is lost, you must reset the credentials.

Where Credentials Are Used

StorageRaya credentials are commonly used by:

  • Applications (backend services, APIs)
  • Virtual Machines
  • Backup and archive tools
  • Data pipelines
  • S3-compatible CLI tools
  • Third-party integrations

They are typically configured as:

  • Environment variables
  • Application configuration files
  • Kubernetes Secrets (for KubeRaya workloads)

Security Responsibilities

CloudRaya secures the storage platform and infrastructure.

You are responsible for how credentials are stored, shared, and used.

Your Responsibilities

  • Protect Secret Keys
  • Never expose credentials in:
    • Source code repositories
    • Client-side applications
    • Public scripts or documentation
  • Rotate credentials if compromised
  • Restrict usage to trusted systems only

Treat Secret Keys like root passwords for bucket access.

Resetting Access Credentials

If credentials are compromised, lost, or no longer trusted, you can reset them.

What Happens When You Reset

  • A new Access Key and Secret Key are generated
  • Previous credentials are immediately invalidated
  • Applications using old credentials will fail until updated

Resetting credentials is a safe and expected security operation.

📄 See: Manage Buckets -> Reset Access Key

Common Credential Mistakes to Avoid

  • Hardcoding credentials in source code
  • Sharing credentials via chat or email
  • Using one credential for multiple unrelated applications
  • Forgetting to rotate credentials after exposure
  • Leaving unused credentials active indefinitely

Most object storage security incidents result from poor credential handling, not platform vulnerabilities.

Best Practices for Secure Access

  • Store credentials as environment variables or secrets
  • Use a secrets manager when available
  • Rotate credentials periodically
  • Separate credentials per application or environment
  • Limit access to only required systems

Environment Separation Example

  • Development bucket → Dev credentials
  • Staging bucket → Staging credentials
  • Production bucket → Production credentials

This reduces blast radius if a credential is exposed.

Access Control Scope

StorageRaya credentials grant access only to the associated bucket.

They do not provide access to:

  • Other buckets
  • Other CloudRaya services
  • Infrastructure or Virtual Machines

Each bucket is isolated by design.

When to Review Credentials

Review or rotate credentials when:

  • A team member leaves
  • Credentials are exposed or suspected compromised
  • An application is decommissioned
  • Security policies change
  • Compliance audits require rotation

Credential hygiene is an ongoing operational responsibility.

Next Steps

With credentials in place, you can:

  • Upload and manage objects
  • Integrate StorageRaya with applications and tools
  • Configure bucket limits and access behavior
  • Apply lifecycle and cost controls

📄 Manage Buckets

📄 StorageRaya Overview

📄 Create a Bucket

📄 Use Cases & Best Practices

StorageRaya

Access & Integration

© 2026 CloudRaya Product Team. All rights reserved.

On this page

Understanding StorageRaya CredentialsCredential Lifecycle in CloudRayaWhen Credentials Are CreatedOne-Time Credential Display (Critical)What You Should Do ImmediatelyWhere Credentials Are UsedSecurity ResponsibilitiesYour ResponsibilitiesResetting Access CredentialsWhat Happens When You ResetCommon Credential Mistakes to AvoidBest Practices for Secure AccessRecommended PracticesEnvironment Separation ExampleAccess Control ScopeWhen to Review CredentialsNext StepsRelated Guides