The mc idp openid accesskey info outputs information about the specified access key(s). This command works against access keys created by an OIDC user after authenticating to AIStor. Authenticated users can manage their own long-term Access Keys using the AIStor Console. AIStor supports using AssumeRoleWithWebIdentity to generate temporary access keys using the Security Token Service. Example and syntax Example The following example outputs details for the access key mykey from the myaistor deployment:

The mc admin scanner status command displays a real-time summary of scanner information for an AIStor Server. This command has an alias of mc admin scanner info. Syntax Example The following example returns information about the current state of the scanner process.

The mc event rm command removes an event notification trigger from a bucket. The mc event remove command has equivalent functionality to mc event rm. Syntax Example The following command removes a configured event notifications for the specified bucket notification target for the mydata bucket on the myaistor AIStor deployment:

The mc anonymous set command sets anonymous (that is, unauthenticated or public) access policies for a bucket. Buckets with anonymous policies allow clients to access the bucket contents and perform actions consistent with the specified policy without authentication. To set anonymous bucket policies using an IAM JSON policy, use the mc anonymous set-json command. Syntax Example The following command sets the anonymous access policy for the mydata bucket on the myaistor AIStor deployment:

Description The mc anonymous command supports setting or removing anonymous policies to a bucket and its contents. Buckets with anonymous policies allow public access where clients can perform any action granted by the policy without authentication. Subcommands mc anonymous includes the following subcommands:

The mc idp ldap accesskey ls displays a list of LDAP access key pairs. mc idp ldap accesskey ls is also known as mc idp ldap accesskey list. This command works against access keys created by an AD/LDAP user after authenticating to AIStor. Create AD/LDAP service accounts with the mc idp ldap accesskey create command. Authenticated users can manage their own long-term Access Keys using the AIStor Console. AIStor supports using AssumeRoleWithLDAPIdentity to generate temporary access keys using the Security Token Service.

This page covers settings that control root (superuser) access for the AIStor process. The root user has complete access and permissions to perform operations on the AIStor deployment. Root User and Root Password are required even if you use the MinIO Key Encryption Service or other key management utility. You can establish or modify settings by defining: an environment variable on the host system prior to starting or restarting the AIStor Server. Refer to your operating system’s documentation for how to define an environment variable. a configuration setting using mc admin config set. If you define both an environment variable and the similar configuration setting, AIStor uses the environment variable value.

The AIStor Security Token Service (STS) APIs allow applications to generate temporary credentials for accessing the AIStor Server. The STS API is required for AIStor Servers configured to use external identity managers, as the API allows conversion of the external IDP credentials into AWS Signature v4-compatible credentials. STS API endpoints AIStor supports the following STS API endpoints:

AIStor Server uses the built-in scanner to check objects for healing and to take any scheduled object actions. Such actions may include: calculate data usage on drives evaluate and apply configured lifecycle management or object retention rules perform bucket or site replication check objects for missing or corrupted data or parity shards and perform healing The scanner performs these functions at two levels: cluster and bucket. At the cluster level, the scanner splits all buckets into groups and scans one group of buckets at a time. The scanner starts with any new buckets added since the last scan, then randomizes the scanning of other buckets. The scanner completes checks on all bucket groups before starting over with a new set of scans.

This page explains how to deploy AIStor with KES for Server Side Encryption. For instructions on running KES, see the KES docs. Broadly, the required steps are: Create a new external key (EK) for server-side encryption (SSE). Create or modify an AIStor deployment to support SSE with KES. Configure automatic bucket-default SSE. Enabling SSE on an AIStor deployment automatically encrypts the backend data for that deployment using the default encryption key.