--- title: "Securing S3" date: "2019-April-03" summary: Ozone supports S3 protocol, and uses AWS Signature Version 4 protocol which allows a seamless S3 experience. weight: 4 icon: cloud --- To access an S3 bucket, users need AWS access key ID and AWS secret. Both of these are generated by going to AWS website. When you use Ozone's S3 protocol, you need the same AWS access key and secret. Under Ozone, the clients can download the access key directly from Ozone. The user needs to `kinit` first and once they have authenticated via kerberos they can download the S3 access key ID and AWS secret. Just like AWS S3, both of these are secrets that needs to be protected by the client since it gives full access to the S3 buckets. * S3 clients can get the secret access id and user secret from OzoneManager. ```bash ozone s3 getsecret ``` This command will talk to ozone, validate the user via kerberos and generate the AWS credentials. The values will be printed out on the screen. You can set these values up in your _.aws_ file for automatic access while working against Ozone S3 buckets.