Add support for STORAGE_S3_TOKEN

[vlaborie]

Describe the feature you'd like

Add support for defining STORAGE_S3_TOKEN in addition to STORAGE_S3_KEY and STORAGE_S3_SECRET for S3 storage.

Temporay S3 credentials generated by STS (Security Token Service) need to define credentials['token'] in addition to credentials['key'] and credentials['secret'].

See AWS SDK docs about this: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_temporary.html#providing-temporary-credentials-to-the-sdk-php

Describe the benefits this would bring to existing BookStack users

This permit to use temporary and limited-privilege S3 credentials which increase security and permit some automation process.

Can the goal of this request already be achieved via other means?

No.

Have you searched for an existing open/closed issue?

• [X] I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

1 to 5 years

Additional context

I only use temporary and auto-generated credentials everywhere i can as a security principle.

[ssddanbrown]

Hi @vlaborie, thanks for the request.

Just so I understand, you'd be fetching the token externally then regularly be updating the token value for BookStack?

Just trying to understand the use and scenario, since I really don't want to expand the scope/support of these settings, especially where service specific and/or where not commonly needed or desired.

[vlaborie]

Hi @ssddanbrown,

Yes that's what i do. This is very usefull because the fetching process is fully automated.

I just need to create an S3 bucket and an S3 policy and the credentials are automaticaly managed.

Should be noted that is not specific to AWS but common to multiple S3 providers (i use it with Minio).