s3cure.py is a Python-based automation tool designed to simplify the creation and management of MinIO buckets, admin accounts, service accounts, and policies. By leveraging the MinIO Client (mc), this tool provides a streamlined way to set up S3-compatible storage resources with secure credentials and policies, making it ideal for enterprise environments.

• 🪣 Automated MinIO bucket creation
  Quickly create MinIO buckets with a single command.
• 👤 Admin account generation
  Securely generate admin accounts with random credentials.
• 🔒 Custom policy creation
  Automatically create and attach policies for bucket access.
• 🔑 Service account generation
  Generate service accounts with access and secret keys.
• 🛡️ Security-first design
  Implements the principle of least privilege and uses cryptographically secure random credentials.

Before using s3cure.py, ensure the following requirements are met:

1. Python 3.6 or higher
   Install Python from python.org.

2. MinIO Client (mc) installed and configured
   The script relies on the mc CLI tool to interact with the MinIO server. Install it from the MinIO Client page.

3. Set up the MinIO Client alias
   You must configure the mc client with an admin account to interact with your MinIO server. Use the following command to set up the alias:

   mc alias set minio https://s3.example.com minioadmin minioadmin

   Replace https://s3.example.com with your MinIO server endpoint, and minioadmin with your admin username and password.

4. Access to a MinIO server
   Ensure you have access to a running MinIO server.

1. Clone the Repository:

   git clone https://github.com/netspeedy/python-s3cure.git
   cd python-s3cure

2. Set Permissions:

   chmod +x s3cure.py

3. Run the Script:

   ./s3cure.py --bucket-name <bucket_name> [--endpoint <s3_endpoint>]

❯ ./s3cure.py -b testbucket

🌟 MinIO Bucket Creator - Resource Details 🌟
============================================================

🔑 Admin Credentials:
   • Username: testbucket
   • Password: NRTKcgPGS2a9hLAiefh3g8JV

🔐 Service Account Credentials:
   • Access Key: EFQQACIZ89I9HG5W9GX2
   • Secret Key: PQXH4V6wrlvjqcpEDDmbneoxdDsCBczGRab9fjtx
   • Bucket: testbucket
   • Endpoint: https://s3.example.com

============================================================

❯ ./s3cure.py -b testbucket

⚠️  Bucket 'testbucket' already exists.

• 🔐 Random Credential Generation: Uses cryptographically secure methods to generate passwords and keys.
• 🔒 Principle of Least Privilege: Ensures that accounts and policies are scoped to the minimum required permissions.
• 🛡️ Isolated Accounts: Creates separate admin and service accounts for each bucket.

1. Bucket Creation Fails:

   • Ensure the MinIO client (mc) is installed and configured correctly.
   • Verify that the bucket name is valid and does not already exist.

2. Service Account Issues:

   • Check the MinIO server logs for errors.
   • Ensure the admin policy is correctly attached to the admin user.

3. Policy Creation Fails:

   • Verify that the MinIO client has the necessary permissions to create policies.

We welcome contributions! To contribute:

1. Fork the repository.
2. Create a feature branch:

   git checkout -b feature/amazing-feature

3. Commit your changes:

   git commit -m 'Add amazing feature'

4. Push to the branch:

   git push origin feature/amazing-feature

5. Open a pull request.

• 🎫 Issue Tracker: GitHub Issues

• 🚀 Initial release
• 🪣 MinIO bucket creation
• 🔑 Admin and service account generation
• 🔒 Policy creation and attachment

This project is licensed under the MIT License - see the LICENSE file for details.

Built with ❤️ by the Netspeedy Team

Last updated: January 19, 2025