How to Manage Administrative Access to Spaces

Spaces is an S3-compatible object storage service that lets you store and serve large amounts of data. Each Space is a bucket for you to store and serve files. The free, built-in Spaces CDN minimizes page load times, improves performance, and reduces bandwidth and infrastructure costs.

Spaces owners can create, destroy, and read all content in all the Spaces for an account. They also make decisions and manage what everyone else can see. If an owner wants to allow one or more people to co-manage Spaces, there are two options: access keys and DigitalOcean Teams.

  • Access keys allow people or programs to connect to Spaces with third-party clients and the API, but do not provide access to the control panel or other DigitalOcean resources.
  • DigitalOcean Teams allow Members to use the control panel, including creating and managing Spaces and Spaces access keys as well as other DigitalOcean resources (like billing information, Droplets, and more).

Sharing Access to Spaces with Access Keys

Users who connect with access keys can create, destroy, read, and write to all of the Spaces for the account. However, the privileges granted by Spaces access keys do not provide access to the control panel and do not extend to other DigitalOcean resources.

You can create an unlimited number of keys for your account. This allows you to generate unique key pairs for each person or program, so if it’s necessary to revoke access in the future, you can remove the keys or reset the secret without affecting other users.

To generate Spaces access keys, from the control panel, click API.

Within the Spaces access keys section, select Generate New Key. A text box in the Spaces access keys section will open. Name the key in a way that will allow you to identify who or what uses the key, then click the checkmark.

The text box to name a new key

Once you name the key, you’ll see the access key and, on the next line, the secret key. This is the only time the secret key will be displayed, so copy it immediately and store it in a secure place.

A newly-created Spaces access key with the secret key visible

If a secret gets lost, forgotten, or compromised, you can open its More menu, click Edit and choose Regenerate Token to create a new secret. When you regenerate a secret, any scripts or clients that use the key will need to be reconfigured to use the new secret value.

Sharing Access to the Control Panel with Teams

DigitalOcean Teams, like Spaces access keys, allow members to create, manage, and destroy Spaces associated with the Team account using the control panel’s web interface. Members can also create, delete, and regenerate access keys for Spaces.

However, unlike Spaces access keys, Members of a Team can also access other Team resources, like Droplets, Firewalls, and more.

Because Spaces cannot be transferred directly between accounts, we recommend you create the Team first, then create the Spaces.

To give one or more people access to co-manage Spaces using the control panel, open the User menu and choose Create a team, then follow the setup steps.

Once a user is a Member of the Team, they can manage Spaces with the web interface as well as generate their own keys for API or third-party clients.