Back to Details

tigris-access-keys

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Tigris Access Keys

Tigris Access Keys

Access keys are programmatic credentials for the Tigris API. Key IDs use the 
tid_
prefix, secrets use the 
tsec_
prefix.
访问密钥是Tigris API的编程凭据。密钥ID使用
tid_
前缀,密钥密码使用
tsec_
前缀。

Commands

命令

tigris access-keys list
(alias: 
l
)

tigris access-keys list
(别名:
l

List all access keys in the current organization.
bash
tigris access-keys list
tigris access-keys list --json
FlagAliasDescriptionDefault
--format
-f
Output format (
json
, 
table
, 
xml
)
table
--json
Output as JSON
列出当前组织中的所有访问密钥。
bash
tigris access-keys list
tigris access-keys list --json
标志(Flag)别名(Alias)描述(Description)默认值(Default)
--format
-f
输出格式(
json
table
xml
table
--json
以JSON格式输出

tigris access-keys create <name>
(alias: 
c
)

tigris access-keys create <name>
(别名:
c

Create a new access key with the given name. The secret is shown only once — save it immediately.
bash
tigris access-keys create my-ci-key
tigris access-keys create my-ci-key --json
FlagAliasDescriptionDefault
--format
-f
Output format (
json
, 
table
)
table
--json
Output as JSON
创建一个带有指定名称的新访问密钥。密钥密码仅显示一次——请立即保存。
bash
tigris access-keys create my-ci-key
tigris access-keys create my-ci-key --json
标志(Flag)别名(Alias)描述(Description)默认值(Default)
--format
-f
输出格式(
json
table
table
--json
以JSON格式输出

tigris access-keys get <id>
(alias: 
g
)

tigris access-keys get <id>
(别名:
g

Show details for an access key including its name, creation date, and assigned bucket roles.
bash
tigris access-keys get tid_AaBbCcDdEeFf
tigris access-keys get tid_AaBbCcDdEeFf --json
FlagAliasDescriptionDefault
--format
-f
Output format (
json
, 
table
)
table
--json
Output as JSON
显示访问密钥的详细信息,包括其名称、创建日期和已分配的存储桶角色。
bash
tigris access-keys get tid_AaBbCcDdEeFf
tigris access-keys get tid_AaBbCcDdEeFf --json
标志(Flag)别名(Alias)描述(Description)默认值(Default)
--format
-f
输出格式(
json
table
table
--json
以JSON格式输出

tigris access-keys delete <id>
(alias: 
d
)

tigris access-keys delete <id>
(别名:
d

Permanently delete an access key. This revokes all access immediately.
bash
tigris access-keys delete tid_AaBbCcDdEeFf --force
FlagDescription
--force
Skip confirmation prompt
--format
/ 
-f
Output format (
json
, 
table
; default: 
table
)
--json
Output as JSON
永久删除访问密钥。这会立即撤销所有访问权限。
bash
tigris access-keys delete tid_AaBbCcDdEeFf --force
标志(Flag)描述(Description)
--force
跳过确认提示
--format
/ 
-f
输出格式(
json
table
;默认值:
table
--json
以JSON格式输出

tigris access-keys assign <id>
(alias: 
a
)

tigris access-keys assign <id>
(别名:
a

Assign per-bucket roles to an access key. Pair each 
--bucket
with a 
--role
(Editor or ReadOnly), or use 
--admin
for org-wide access.
bash
undefined
为访问密钥分配每个存储桶的角色。将每个
--bucket
与一个
--role
(Editor或ReadOnly)配对,或使用
--admin
获取组织级访问权限。
bash
undefined

Single bucket

单个存储桶

tigris access-keys assign tid_AaBb --bucket my-bucket --role Editor
tigris access-keys assign tid_AaBb --bucket my-bucket --role Editor

Multiple buckets with different roles

多个存储桶,不同角色

tigris access-keys assign tid_AaBb --bucket a,b --role Editor,ReadOnly
tigris access-keys assign tid_AaBb --bucket a,b --role Editor,ReadOnly

Org-wide admin access

组织级管理员权限

tigris access-keys assign tid_AaBb --admin
tigris access-keys assign tid_AaBb --admin

Revoke all roles

撤销所有角色

tigris access-keys assign tid_AaBb --revoke-roles

| Flag             | Alias | Description                                                                                                  |
| ---------------- | ----- | ------------------------------------------------------------------------------------------------------------ |
| `--bucket`       | `-b`  | Bucket name(s), comma-separated. Each bucket pairs positionally with a `--role` value                        |
| `--role`         | `-r`  | Role(s) to assign (`Editor`, `ReadOnly`), comma-separated. Each role pairs with the corresponding `--bucket` |
| `--admin`        |       | Grant admin access to all buckets in the organization                                                        |
| `--revoke-roles` |       | Revoke all bucket roles from the access key                                                                  |
| `--format`       | `-f`  | Output format (`json`, `table`; default: `table`)                                                            |
| `--json`         |       | Output as JSON                                                                                               |
tigris access-keys assign tid_AaBb --revoke-roles

| 标志(Flag) | 别名(Alias) | 描述(Description) |
| ---------------- | ----- | ------------------------------------------------------------------------------------------------------------ |
| `--bucket`       | `-b`  | 存储桶名称(多个用逗号分隔)。每个存储桶与对应的`--role`值按位置配对 |
| `--role`         | `-r`  | 要分配的角色(`Editor`、`ReadOnly`,多个用逗号分隔)。每个角色与对应的`--bucket`配对 |
| `--admin`        |       | 授予组织内所有存储桶的管理员权限 |
| `--revoke-roles` |       | 撤销访问密钥的所有存储桶角色 |
| `--format`       | `-f`  | 输出格式(`json`、`table`;默认值:`table`) |
| `--json`         |       | 以JSON格式输出 |

Workflow

工作流程

bash
undefined
bash
undefined

1. Create a key

1. 创建密钥

tigris access-keys create my-app-key --json
tigris access-keys create my-app-key --json

Save the tid_ and tsec_ values from the output!

保存输出中的tid_和tsec_值!

2. Scope it to specific buckets

2. 将其限定到特定存储桶

tigris access-keys assign tid_AaBb --bucket my-bucket --role Editor
tigris access-keys assign tid_AaBb --bucket my-bucket --role Editor

3. Configure your environment (Tigris env vars)

3. 配置您的环境(Tigris环境变量)

export TIGRIS_STORAGE_ACCESS_KEY_ID=tid_AaBb export TIGRIS_STORAGE_SECRET_ACCESS_KEY=tsec_XxYy export TIGRIS_STORAGE_ENDPOINT=https://t3.storage.dev export TIGRIS_STORAGE_BUCKET=my-bucket
undefined
export TIGRIS_STORAGE_ACCESS_KEY_ID=tid_AaBb export TIGRIS_STORAGE_SECRET_ACCESS_KEY=tsec_XxYy export TIGRIS_STORAGE_ENDPOINT=https://t3.storage.dev export TIGRIS_STORAGE_BUCKET=my-bucket
undefined

Security Best Practices

安全最佳实践

  • Scope to specific buckets — avoid 
    --admin
    unless truly needed
  • Use minimal roles — prefer 
    ReadOnly
    when writes aren't required
  • Separate keys per app — create dedicated keys for each application or environment
  • Rotate keys regularly — delete old keys and create new ones
  • Never commit secrets — use environment variables or secret managers, not source code
  • 限定到特定存储桶——除非确实需要,否则避免使用
    --admin
  • 使用最小权限角色——当不需要写入权限时,优先选择
    ReadOnly
  • 为每个应用单独创建密钥——为每个应用或环境创建专用密钥
  • 定期轮换密钥——删除旧密钥并创建新密钥
  • 切勿提交密钥密码——使用环境变量或密钥管理器,而非源代码