Skip to main content

Amazon S3

Configure Amazon S3 credentials

You can safely store your Amazon S3 credentials in MotherDuck for convenience by creating a SECRET object using the CREATE SECRET command.

Create a SECRET object

note

The documentation provided relies on DuckDB version 0.10.x. To update to this version, please visit our migration page.

-- to configure a secret manually:
CREATE SECRET IN MOTHERDUCK (
TYPE S3,
KEY_ID 'access_key',
SECRET 'secret_key',
REGION 'us-east-1'
);
note

When creating a secret using the CONFIG (default) provider, be aware that the credential might be temporary. If so, a SESSION_TOKEN field also needs to be set for the secret to work correctly.

-- to store a secret configured through `aws configure`:
CREATE SECRET aws_secret IN MOTHERDUCK (
TYPE S3,
PROVIDER credential_chain
);
-- test the s3 credentials
SELECT count(*) FROM 's3://<bucket>/<file>';

You can update your secret by executing CREATE OR REPLACE SECRET command to overwrite your secret.

Delete a SECRET object

You can use the same method above, using the DROP SECRET command.

DROP SECRET <secret_name>;

Amazon S3 credentials as temporary secrets

MotherDuck supports DuckDB syntax for providing S3 credentials.

CREATE SECRET (
TYPE S3,
KEY_ID 's3_access_key',
SECRET 's3_secret_key',
REGION 'us-east-1'
);
note

Local/In-memory secrets are not persisted across sessions.