Hetzner Object Storage

Configure Hetzner Object Storage credentials

You can safely store your Hetzner Object Storage credentials in MotherDuck for convenience by creating a SECRET object using the CREATE SECRET command.

note

See Hetzner docs to create S3 access keys. Make sure to save your secret key immediately as it cannot be viewed again after creation.

Create a SECRET object

SQL
Python
UI

CREATE SECRET IN MOTHERDUCK (
    TYPE S3,
    KEY_ID 'your_access_key', # provided by Hetzner
    SECRET 'your_secret_key', # provided by Hetzner
    ENDPOINT 'fsn1.your-objectstorage.com', # provided by Hetzner
    SCOPE 'your_bucket_scope' # Example: s3://test-bucket
);

note

The endpoint must include the location (e.g., fsn1, nbg1, or hel1). Available endpoints:

fsn1.your-objectstorage.com (Falkenstein)
nbg1.your-objectstorage.com (Nuremberg)
hel1.your-objectstorage.com (Helsinki)

-- test the Hetzner Object Storage credentials
SELECT count(*) FROM 's3://[bucket]/[file]'

import duckdb

con = duckdb.connect('md:')
con.sql("CREATE SECRET IN MOTHERDUCK ( TYPE S3, KEY_ID 'your_access_key', SECRET 'your_secret_key', ENDPOINT 'fsn1.your-objectstorage.com', SCOPE 'your_bucket_scope' )");

# testing that our Hetzner credentials work
con.sql("SELECT count(*) FROM 's3://[bucket]/[file]'").show()

Click on your profile to access the Settings panel and click on Secrets menu.

menu_1 menu_2

Then click on Add secret in the secrets section.

menu_3

Select the Secret Type S3 and fill in the required fields. Make sure to add the endpoint URL (e.g., fsn1.your-objectstorage.com) in the endpoint field.

Delete a SECRET object

You can use the same method above, using the DROP SECRET command.

DROP SECRET <secret_name>;

Click on your profile and access the Settings menu. Click on the bin icon to delete the secret.

menu_4