Limting a token to a certain storage bucket


On AWS, you can restrict an access key to an S3 bucket (or many). This way, your app A can access bucket X, and your app B can access bucket Y, but if A gets compromised, It won’t be able to delete files from Y.

It is way too complicated to configure on AWS, but very powerful.

Being able, on our lovely made-in-France Scaleway, to check “all buckets” or “bucket A” or “bucket A + bucket B” as access rights for a given access key would be great.

Like selecting “all repos” or “repo A” on Github when you configure an app !

Thanks :slight_smile:


Restricting scope of access keys in general would be a big plus.

As far as I can see I need an access key to pull an image from the image registry - that means the key is on the target host where I’m running docker. I’d much rather not put a key with full authority there.