Amazon S3
Configure Amazon S3 credentials
You can safely store your Amazon S3 credentials in MotherDuck for convenience by creating a SECRET object using the CREATE SECRET command. Secrets are scoped to your user account and are not shared with other users in your organization.
Create a SECRET object
- SQL
- Python
- UI
-- to configure a secret manually:
CREATE SECRET IN MOTHERDUCK (
TYPE S3,
KEY_ID 'access_key',
SECRET 'secret_key',
REGION 'us-east-1',
SCOPE 'my-bucket-path'
);
When creating a secret using the CONFIG (default) provider, be aware that the credential might be temporary. If so, a SESSION_TOKEN field also needs to be set for the secret to work correctly.
-- to store a secret configured through `aws configure`:
CREATE SECRET aws_secret IN MOTHERDUCK (
TYPE S3,
PROVIDER credential_chain
);
-- test the s3 credentials
SELECT count(*) FROM 's3://<bucket>/<file>';
import duckdb
con = duckdb.connect('md:')
con.sql("CREATE SECRET IN MOTHERDUCK (TYPE S3, KEY_ID 'access_key', SECRET 'secret_key', REGION 'your_bucket_region')");
# testing that our s3 credentials work
con.sql("SELECT count(*) FROM 's3://<your_bucket>/<your_file>'").show()
# 42
Click on your profile to access the Settings panel and click on Secrets menu.
Then click on Add secret in the secrets section.
You will then be prompted to enter your Amazon S3 credentials.
You can update your secret by executing CREATE OR REPLACE SECRET command to overwrite your secret.
Delete a SECRET object
- SQL
- UI
You can use the same method above, using the DROP SECRET command.
DROP SECRET <secret_name>;
Click on your profile and access the Settings menu. Click on the bin icon to delete your current secrets.
Amazon S3 credentials as temporary secrets
MotherDuck supports DuckDB syntax for providing S3 credentials.
CREATE SECRET (
TYPE S3,
KEY_ID 's3_access_key',
SECRET 's3_secret_key',
REGION 'us-east-1'
);
Local/In-memory secrets are not persisted across sessions.
Troubleshooting
For detailed troubleshooting steps, see our AWS S3 Secrets Troubleshooting guide.