Request a Demo
23.1. Creating a Simple Secret (duckdb.create_simple_secret)
Prev UpChapter 23. SecretsHome Next

23.1. Creating a Simple Secret (duckdb.create_simple_secret) #

You can only create one simple secret for an S3 storage.

Execute the following command: 

  SELECT duckdb.create_simple_secret(
      type := 'S3',
      key_id := 'access_key',
      secret := 'secret_access_key',
      session_token := 'session_security_token',
      region := 'region',
      url_style := 'URL_style',
      provider := 'credentials_provider',
      endpoint := 'endpoint_URL',
      scope := 'scope_restriction',
      validation := '',
      use_ssl := 'true_or_false'
  );

Where:

  • access_key and secret_access_key: The access key and secret access key for connecting to the S3 storage.

  • session_security_token: A temporary security session token required when using short-lived credentials (STS).

    Default value: '' (empty string) — a permanent access key is used.

    Optional parameter.

  • region: The region where the S3 storage is located.

    Optional parameter.

  • URL_style: The URL format used to access the bucket within the S3 storage.

    Possible values:

    path: The bucket name is included in the path of the URL, for example, storage.example.com/my-bucket.

    Optional parameter.

  • credentials_provider: Specifies how the access key and secret access key are provided.

    Possible values:

    '' (empty string): Use the provided access_key and secret_access_key.

    Optional parameter.

  • endpoint_URL: The endpoint URL of the S3 storage.

    Optional parameter.

  • scope_restriction: A bucket path prefix that restricts the scope of the secret to a specific location in the S3 storage.

    Default value: '' (empty string) — the secret applies to all paths in the S3 storage.

    Optional parameter.

  • validation: A service parameter, leave it empty.

  • true_or_false: Specifies whether to encrypt communication between Postgres Pro AXE and the S3 storage.

    Optional parameter.

Postgres Pro AXE performs the following actions:

  1. Creates a foreign server (simple_s3_secret) using the specified public S3 storage connection parameters: 

      CREATE SERVER simple_s3_secret
    TYPE 'S3'
    FOREIGN DATA WRAPPER duckdb
    OPTIONS (
      region      'region',
      url_style   'URL_style',
      provider    'credentials_provider',
      endpoint    'endpoint_URL',
      scope       'scope_restriction',
      validation  '',
      use_ssl     'true_or_false'
    );

  2. Creates a user mapping for the PUBLIC role using the specified private S3 storage connection parameters: 

      CREATE USER MAPPING FOR PUBLIC
    SERVER simple_s3_secret
    OPTIONS (
      key_id        'access_key',
      secret        'secret_access_key',
      session_token 'session_security_token'
    );

  3. Outputs the name of the created simple secret.

Example 23.1. Calling the duckdb.create_simple_secret() function

  SELECT duckdb.create_simple_secret(
      type      := 'S3',
      key_id    := 'AKIAIOSFODNN7EXAMPLE',
      secret    := 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
      region    := 'us-east-1',
      url_style := 'path',
      endpoint  := 'minio.example.com:9000',
      use_ssl   := 'false'
  );

Inside the function call: 

  CREATE SERVER simple_s3_secret
    TYPE 'S3'
    FOREIGN DATA WRAPPER duckdb
    OPTIONS (region 'us-east-1', endpoint 'minio.example.com:9000', url_style 'path', use_ssl 'false');

  CREATE USER MAPPING FOR PUBLIC
    SERVER simple_s3_secret
    OPTIONS (
      key_id 'AKIAIOSFODNN7EXAMPLE',
      secret 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
    );

Prev Up Next
Chapter 23. Secrets Home 23.2. Retrieving Information About a Simple Secret (duckdb.show_simple_secret)
epub pdf