Generate an access key
Every API request you make to Filebase is authenticated with an access key pair — an Access Key ID and a Secret Access Key. The pair is presented to Filebase using the standard AWS Signature Version 4 (SigV4) protocol that every S3 client and SDK already speaks.
View your access keys
- Sign in to console.filebase.com.
- Click Access Keys in the left navigation.
You'll see your current Access Key and Secret Key.
Treat your Secret Key like a password. Anyone with both halves of the pair has full read-write access to every bucket on your account. Never check it into source control. Prefer environment variables or a secret manager.
Use them with an SDK
Every Filebase example in these docs uses the same shape:
export AWS_ACCESS_KEY_ID="<your-access-key>"
export AWS_SECRET_ACCESS_KEY="<your-secret-key>"
const s3 = new S3Client({
endpoint: 'https://s3.filebase.io',
region: 'auto',
credentials: {
accessKeyId: process.env.FILEBASE_KEY!,
secretAccessKey: process.env.FILEBASE_SECRET!,
},
});
s3 = boto3.client(
's3',
endpoint_url='https://s3.filebase.io',
region_name='auto',
aws_access_key_id=os.environ['FILEBASE_KEY'],
aws_secret_access_key=os.environ['FILEBASE_SECRET'],
)
Rotating keys
To rotate your keys:
- Go to Access Keys in the console.
- Click Rotate next to the key you want to replace.
- Update every place that uses the old key — applications, CI/CD secrets, deployed infrastructure — with the new pair.
The old key continues to work until you confirm rotation, giving you time to update consumers.
Multiple key pairs
Filebase currently issues one access key pair per account. Multiple key pairs and per-key scoped permissions are on the roadmap. If you need stricter separation today, consider creating separate Filebase accounts for each isolated workload.
Pre-signed URLs
If you need to give a third party temporary access to a single object — without sharing your access keys — generate a pre-signed URL. See pre-signed URLs for details.