mc idp openid accesskey ls

The mc idp openid accesskey ls displays a list of OIDC access key pairs.

mc idp openid accesskey ls is also known as mc idp openid accesskey list.

This command works against access keys created by an OIDC user after authenticating to AIStor.

Authenticated users can manage their own long-term Access Keys using the AIStor Console. AIStor supports using AssumeRoleWithWebIdentity to generate temporary access keys using the Security Token Service.

Example and Syntax

Example

The following example returns a list of access keys associated with the authenticated user on the minio alias:

mc idp openid accesskey ls minio/

If the authenticated user has the admin:ListUsers permission, the example command returns a list of all users and their associated access keys.

Syntax

The command has the following syntax:

mc [GLOBALFLAGS] idp openid accesskey ls           \
                                 ALIAS           \
                                 [--all]         \
                                 [--self]        \
                                 [--svcacc-only] \
                                 [--temp-only]   \
                                 [--users-only]  \
                                 [--all-configs]

Replace ALIAS with the alias of an AIStor deployment configured for OIDC integration.
Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as needed before running the command in the terminal/shell.

Parameters

ALIAS

Required

The alias of the AIStor deployment configured for OIDC integration.

For example:

mc idp openid accesskey ls minio

--all

Optional

List all access keys for all OIDC users.

--self

Optional

List access keys for the currently authenticated user.

--svcacc-only

Optional

Output only service account access keys.

Mutually exclusive with --temp-only.

--temp-only

Optional

Output only temporary access keys.

Mutually exclusive with --svcacc-only.

--users-only

Optional

Output only the OIDC user IDs.

Examples

List All Access Keys

To return a list of all access keys, you must first authenticate as the admin user. Once authenticated, the following command returns all OIDC access keys on the minio deployment.

mc idp openid accesskey ls minio

If the user does not have the admin:ListUsers permission, the command returns a list of access keys for the authenticated user only.

List Temporary Access Keys

To return a list of all temporary access keys for a deployment, you must first authenticate as a user with the admin:ListUsers permission. Once authenticated, the following command outputs a list of user IDs with their associated temporary access keys.

mc idp oidc accesskey ls minio --temp-only

List Access Keys for Authenticated User

The following command returns the OIDC access keys for the currently authenticated user on the minio deployment.

mc idp oidc accesskey list minio

If the authenticated user has the admin:ListUsers permission, the command returns a list of all users and access keys on the deployment.

Global Flags

This command supports any of the global flags.

Behavior

S3 Compatibility

The mc command line tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

AIStor provides no guarantees for other S3-compatible services, because their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.