DigitalOcean Spaces: Least Privilege Access Setup
Learn how to create API keys with minimal permissions for secure DigitalOcean Spaces access with Cloney.
Overview
When connecting your DigitalOcean Spaces to Cloney for data migration, it's essential to follow the principle of least privilege. This guide will walk you through creating Spaces access keys with only the permissions necessary for Cloney to read from or write to your Spaces, minimizing security risks.
DigitalOcean Spaces uses S3-compatible access keys. Create dedicated keys for Cloney rather than using your account-level API tokens.
Prerequisites
- A DigitalOcean account with Spaces enabled
- The name of the Space(s) you want to connect
- Knowledge of whether you need read-only (source) or write (destination) access
Step 1: Access the API Settings
- Sign in to your DigitalOcean Control Panel
- Click on API in the left sidebar
- Navigate to the Spaces Keys tab
- Click Generate New Key
Unlike AWS IAM, DigitalOcean Spaces keys have full access to all Spaces in your account. Consider using a dedicated DigitalOcean project for migration purposes.
Step 2: Generate Spaces Access Keys
- Enter a descriptive name (e.g.,
cloney-migration-key) - Click Generate Key
- Important: Copy both the Access Key and Secret Key immediately. The secret key will only be shown once and cannot be retrieved later.
Save your secret key in a secure password manager. If you lose it, you'll need to generate new keys.
Step 3: Note Your Space Details
You'll need these details to connect your Space to Cloney:
- Space Name: The name of your Space (visible in the Spaces tab)
- Region: The datacenter region (e.g., nyc3, sfo3, ams3, sgp1, fra1)
- Endpoint:
{region}.digitaloceanspaces.com(e.g., nyc3.digitaloceanspaces.com)
You can now use these credentials in Cloney to connect your DigitalOcean Space securely.
DigitalOcean Spaces Regions
Available DigitalOcean Spaces regions:
| Region Code | Location | Endpoint |
|---|---|---|
nyc3 | New York City, USA | nyc3.digitaloceanspaces.com |
sfo3 | San Francisco, USA | sfo3.digitaloceanspaces.com |
ams3 | Amsterdam, Netherlands | ams3.digitaloceanspaces.com |
sgp1 | Singapore | sgp1.digitaloceanspaces.com |
fra1 | Frankfurt, Germany | fra1.digitaloceanspaces.com |
syd1 | Sydney, Australia | syd1.digitaloceanspaces.com |
Best Practices
- Use Dedicated Keys: Create separate Spaces keys for each application or service to limit impact if a key is compromised.
- Rotate Keys Regularly: Periodically generate new keys and update your applications to maintain security.
- Use Projects: Organize Spaces into DigitalOcean Projects for better access control and team management.
- Enable CDN: DigitalOcean Spaces includes a free CDN - enable it for public content to improve performance.
Ready to Start Your Migration?
Create your Cloney account and begin migrating your data securely today.