Chapter 8. Creating a Simple Secret (duckdb.create_simple_secret)
You can only create one simple secret for an S3 storage.
Execute the following command:
SELECT duckdb.create_simple_secret(
type := 'S3',
key_id := 'access_key',
secret := 'secret_access_key',
session_token := 'session_security_token',
region := 'region',
url_style := 'URL_style',
provider := 'credentials_provider',
endpoint := 'endpoint_URL',
scope := 'scope_restriction',
validation := '',
use_ssl := 'true_or_false'
);
Where:
access_keyandsecret_access_key: The access key and secret access key for connecting to the S3 storage.session_security_token: A temporary security session token required when using short-lived credentials (STS).Default value: '' (empty string) — a permanent access key is used.
Optional parameter.
region: The region where the S3 storage is located.Optional parameter.
URL_style: The URL format used to access the bucket within the S3 storage.Possible values:
path: The bucket name is included in the path of the URL, for example,storage.example.com/my-bucket.Optional parameter.
credentials_provider: Specifies how the access key and secret access key are provided.Possible values:
''(empty string): Use the providedaccess_keyandsecret_access_key.Optional parameter.
endpoint_URL: The endpoint URL of the S3 storage.Optional parameter.
scope_restriction: A bucket path prefix that restricts the scope of the secret to a specific location in the S3 storage.Default value: '' (empty string) — the secret applies to all paths in the S3 storage.
Optional parameter.
validation: A service parameter, leave it empty.true_or_false: Specifies whether to encrypt communication between Postgres Pro AXE and the S3 storage.Optional parameter.
For more detailed instructions, refer to Section 23.1.