Key

A key, or bucket key, is a unique data key for objects in a bucket.

Keys avoid the need for additional KMS requests to complete encryption and to reduce request traffic.

You can create an unlimited number of keys for your account. This allows you to generate unique key pairs for each user or program. So, if it’s necessary to revoke specific access in the future, you can remove the keys or reset the secret without affecting other users.

Access Key

Access keys are random tokens that serve as a username to grant access to a Spaces bucket.

While they allow people or programs to connect to buckets with third-party clients and the API, they do not provide access to the control panel or other DigitalOcean resources.

To connect to your DigitalOcean resources this way, pair your access key with a secret key. Then, use the access key to sign requests that you send.

Users who connect with access keys can create, destroy, read, and write to all of the buckets for the account. However, the privileges granted by Spaces access keys do not provide access to the control panel and do not extend to other DigitalOcean resources.

Public and Private Key

A public key is a component of asymmetric encryption that is accessible to all users who need it as the public key it is meant to be distributed freely such as the key presented within public directories and certificates. Public keys are paired with a private key.

Data is encrypted using the public key and can only be decrypted using the corresponding private key. The encryption and decryption relationship between the public and private key is bidirectional.

Unlike public keys, the private key is secret and only known to the key owner. The security of the data is dependent on the private key’s confidentiality. Often, the private key is stored in hardware such as Hardware Security Modules (HSM) or in software wallets.

The private key typically has a backup or ways to recover the key in case the private key is lost. Furthermore, systems are set to allow the key owner to revoke access to the private key if the key is compromised or no longer in use.

API Key

An API key is a secret used for authentication in order to either permit a user to the application or to interact with another application. The API key is sent along with the API request so the API server can authenticate and then process the request.

An API key additionally provides the ability to control and monitor API usage which prevents overuse or abuse.

Secret Key

Secret keys are private, random tokens that serves as a username to grant access to a Spaces bucket.

While they allow people or programs to connect to Spaces with third-party clients and the API, they do not provide access to the control panel or other DigitalOcean resources.

You can pair a secret key with an access key which is a random token that serves as a password to grant access to a bucket.

To use the Spaces API, you need to create an access key and secret key for your bucket from the API page in the control panel.