Documentation

Security Token Service (STS)

The MinIO Security Token Service (STS) APIs allow applications to generate temporary credentials for accessing the MinIO deployment.

The STS API is required for MinIO deployments configured to use external identity managers, as the API allows conversion of the external IDP credentials into AWS Signature v4-compatible credentials.

STS API Endpoints

MinIO supports the following STS API endpoints:

Endpoint

Supported IDP

Description

AssumeRoleWithWebIdentity

OpenID Connect

Generates an access key and secret key using the JWT token returned by the OIDC provider

AssumeRoleWithLDAPIdentity

Active Directory / LDAP

Generates an access key and secret key using the AD/LDAP credentials specified to the API endpoint.

AssumeRoleWithCustomToken

MinIO Identity Plugin

Generates a token for use with an external identity provider and the MinIO Identity Plugin.