Minio supports the STS api, enabling users possessing a valid oidc access_token (or id_token) to obtain a temporary set of credentials, which can then be used for regular S3 access.
The API expects a token as input, and returns a set of <AccessKeyId>,<SecretAccessKey>,<SessionToken>, valid until <Expiration>.
My proposal is to implement a new type of resource, called minio_sts_key which will support the Create action taking in input the required parameters and then enrich the resource with the newly obtained credentials.
Description
Minio supports the STS api, enabling users possessing a valid oidc
access_token
(orid_token
) to obtain a temporary set of credentials, which can then be used for regular S3 access.The API expects a token as input, and returns a set of
<AccessKeyId>,<SecretAccessKey>,<SessionToken>
, valid until<Expiration>
.My proposal is to implement a new type of resource, called
minio_sts_key
which will support the Create action taking in input the required parameters and then enrich the resource with the newly obtained credentials.Ref. https://github.com/minio/minio/blob/master/docs/sts/web-identity.md
Additional Information
I can contribute a proof-of-concept implementation. See https://github.com/scc-digitalhub/terraform-provider-minio/commit/1528ded7e2e5f5fa8e4b3273541fe131c27f0599