(ozone) branch master updated: HDDS-13801. [Docs] ozone s3 getsecret command and REST API supports user parameter (#9164)

Thu, 23 Oct 2025 07:34:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

weichiu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new cc730871b27 HDDS-13801. [Docs] ozone s3 getsecret command and REST API 
supports user parameter (#9164)
cc730871b27 is described below

commit cc730871b27f2e5300bb8a0166736731d05f96e7
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Thu Oct 23 07:34:15 2025 -0700

    HDDS-13801. [Docs] ozone s3 getsecret command and REST API supports user 
parameter (#9164)
---
 hadoop-hdds/docs/content/security/SecuringS3.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/hadoop-hdds/docs/content/security/SecuringS3.md 
b/hadoop-hdds/docs/content/security/SecuringS3.md
index 74d457adfb0..561531d2d8b 100644
--- a/hadoop-hdds/docs/content/security/SecuringS3.md
+++ b/hadoop-hdds/docs/content/security/SecuringS3.md
@@ -37,18 +37,32 @@ The user needs to `kinit` first and once they have 
authenticated via kerberos
 
 ## Obtain Secrets
 
-* S3 clients can get the secret access id and user secret from OzoneManager.
+S3 clients can get the secret access id and user secret from OzoneManager.
 
+### Using the command line
+
+For a regular user to get their own secret:
 ```bash
 ozone s3 getsecret
 ```
 
-* Or by sending request to /secret S3 REST endpoint.
+An Ozone administrator can get a secret for a specific user by using the `-u` 
flag:
+```bash
+ozone s3 getsecret -u <username>
+```
+
+### Using the REST API
 
+A user can get their own secret by making a `PUT` request to the `/secret` 
endpoint:
 ```bash
 curl -X PUT --negotiate -u : https://localhost:9879/secret
 ```
 
+An Ozone administrator can get a secret for a specific user by appending the 
username to the path:
+```bash
+curl -X PUT --negotiate -u : https://localhost:9879/secret/<username>
+```
+
 This command will talk to ozone, validate the user via Kerberos and generate
 the AWS credentials. The values will be printed out on the screen. You can
 set these values up in your _.aws_ file for automatic access while working


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to