Live Demo: Getting Started with MotherDuck and the DuckDB UIRegister Now

Skip to main content

Amazon S3

Configure Amazon S3 credentials

You can safely store your Amazon S3 credentials in MotherDuck for convenience by creating a SECRET object using the CREATE SECRET command.

Create a SECRET object

-- to configure a secret manually:
CREATE SECRET IN MOTHERDUCK (
TYPE S3,
KEY_ID 'access_key',
SECRET 'secret_key',
REGION 'us-east-1'
);
note

When creating a secret using the CONFIG (default) provider, be aware that the credential might be temporary. If so, a SESSION_TOKEN field also needs to be set for the secret to work correctly.

-- to store a secret configured through `aws configure`:
CREATE SECRET aws_secret IN MOTHERDUCK (
TYPE S3,
PROVIDER credential_chain
);
-- test the s3 credentials
SELECT count(*) FROM 's3://<bucket>/<file>';

You can update your secret by executing CREATE OR REPLACE SECRET command to overwrite your secret.

Delete a SECRET object

You can use the same method above, using the DROP SECRET command.

DROP SECRET <secret_name>;

Amazon S3 credentials as temporary secrets

MotherDuck supports DuckDB syntax for providing S3 credentials.

CREATE SECRET (
TYPE S3,
KEY_ID 's3_access_key',
SECRET 's3_secret_key',
REGION 'us-east-1'
);
note

Local/In-memory secrets are not persisted across sessions.