Add support for STORAGE_S3_TOKEN #5010

New Issue

Open

opened 2026-02-05 09:33:30 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 09:33:30 +03:00

Owner

Copy Link

Originally created by @vlaborie on GitHub (Oct 16, 2024).

Describe the feature you'd like

Add support for defining STORAGE_S3_TOKEN in addition to STORAGE_S3_KEY and STORAGE_S3_SECRET for S3 storage.

Temporay S3 credentials generated by STS (Security Token Service) need to define credentials['token'] in addition to credentials['key'] and credentials['secret'].

See AWS SDK docs about this: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_temporary.html#providing-temporary-credentials-to-the-sdk-php

Describe the benefits this would bring to existing BookStack users

This permit to use temporary and limited-privilege S3 credentials which increase security and permit some automation process.

Can the goal of this request already be achieved via other means?

No.

Have you searched for an existing open/closed issue?

• I have searched for existing issues and none cover my fundamental request

How long have you been using BookStack?

1 to 5 years

Additional context

I only use temporary and auto-generated credentials everywhere i can as a security principle.

Originally created by @vlaborie on GitHub (Oct 16, 2024). ### Describe the feature you'd like Add support for defining **STORAGE_S3_TOKEN** in addition to **STORAGE_S3_KEY** and **STORAGE_S3_SECRET** for S3 storage. Temporay S3 credentials generated by **STS** ([Security Token Service](https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html)) need to define **credentials['token']** in addition to **credentials['key']** and **credentials['secret']**. See AWS SDK docs about this: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_temporary.html#providing-temporary-credentials-to-the-sdk-php ### Describe the benefits this would bring to existing BookStack users This permit to use **temporary** and **limited-privilege** S3 credentials which increase security and permit some automation process. ### Can the goal of this request already be achieved via other means? No. ### Have you searched for an existing open/closed issue? - [X] I have searched for existing issues and none cover my fundamental request ### How long have you been using BookStack? 1 to 5 years ### Additional context I only use temporary and auto-generated credentials everywhere i can as a security principle.

OVERLORD added the 🔨 Feature Request label 2026-02-05 09:33:30 +03:00

OVERLORD commented 2026-02-05 09:33:33 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 16, 2024):

Hi @vlaborie, thanks for the request.

Just so I understand, you'd be fetching the token externally then regularly be updating the token value for BookStack?

Just trying to understand the use and scenario, since I really don't want to expand the scope/support of these settings, especially where service specific and/or where not commonly needed or desired.

@ssddanbrown commented on GitHub (Oct 16, 2024): Hi @vlaborie, thanks for the request. Just so I understand, you'd be fetching the token externally then regularly be updating the token value for BookStack? Just trying to understand the use and scenario, since I really don't want to expand the scope/support of these settings, especially where service specific and/or where not commonly needed or desired.

OVERLORD commented 2026-02-05 09:33:34 +03:00

Author

Owner

Copy Link

@vlaborie commented on GitHub (Oct 16, 2024):

Hi @ssddanbrown,

Yes that's what i do. This is very usefull because the fetching process is fully automated.

I just need to create an S3 bucket and an S3 policy and the credentials are automaticaly managed.

Should be noted that is not specific to AWS but common to multiple S3 providers (i use it with Minio).

@vlaborie commented on GitHub (Oct 16, 2024): Hi @ssddanbrown, Yes that's what i do. This is very usefull because the fetching process is fully automated. I just need to create an S3 bucket and an S3 policy and the credentials are automaticaly managed. Should be noted that is not specific to AWS but common to multiple S3 providers (i use it with Minio).

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🔨 Feature Request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5010