Skip to main content

How to Retrieve Access Key and Secret Key From Your Object Storage Provider

If your cloud service provider supports configuring bucket access policy for virtual machines, and achieve access to object storage without credentials (like AWS IAM), you can omit those keys during juicefs auth or juicefs mount (provide empty value), see juicefs auth for details.

Amazon Web Service

Please refer to Managing Access Keys. Moreover, if you have configured your EC2 instances with S3 access without credentials, you can omit credentials during juicefs mount.

Google Cloud Platform

First, you should create a project in the console of Google Cloud Platform, please remember your Project ID :

Download and install gcloud SDK

curl | bash

Run the following command after installation:

sudo gcloud auth application-default login

Congratulation, you have done the authentication job that would be executed only once.

Finally, you could run sudo juicefs mount to mount your JuiceFS filesystem, the Project ID will be requested (you could set it as GOOGLE_CLOUD_PROJECT in environment variable.)

When you mount a filesystem with sudo, you also should run gcloud auth with sudo. Otherwise, the JuiceFS may not load the credential.

If JuiceFS is used inside Compute Engine, it's recommended to grant the virtual machines full access to Storage API.

Microsoft Azure

Currently, service is only available at Microsoft Azure Chinese Region, contact us and other regions can be supported promply.

When the JuiceFS use the Azure Blob Storage as the underlying storage, you should create a storage account. Find Storage Accounts from the navigation of left panel.

Create a new account in Storage accounts, the name will be requested at mounting the JuiceFS filesystem, the account kind should be "Blob stroage".

Enter the Access key from your storage account, there're two keys available.


Enter the object storage console, you could see the enterance of Access Key:

Create a key for JuiceFS mount:

Tencent Cloud

If your filesystem is on the Tencent COS, you should provide AppID, Secret ID, Secret Key.

First, login the console, AppID is in the Account Info.

Secret ID and Secret Key are managed in the API Key Management, you need to create a pair if it's empty.


Login the UCloud console, you'll find your API key in UAPI in the Monitoring management of Product and service.


Login the Qingcloud Console, you'll find Access Keys in the dropdown menu of your account at the right corner.


Please refer to their official document on User Access Key Management (Chinese).


Please refer to their official document on How to get Access Key and Secret Key (Chinese).

Baidu Cloud

Login the Baidu Cloud Console, enter the Security Authentication in the dropdown menu of the account at the right-upper corner of the page.

Huawei Cloud

Please refer to their official document on How Do I Manage Access Keys?


Please refer to their official document on How To Create a DigitalOcean Space and API Key


Please create an application key with read and write permission on Application Keys

The master application key is required to create a bucket by JuiceFS. It's recommended to create a bucket manually, using a name like juicefs-NAME, then create an application key with read-write access for JuiceFS.


Please refer to their official document on Creating a Root Access Key and Secret Key

IBM Cloud Object Storage

It requires API Key and Resource Instance ID to access Cloud Object Storage, please refer to their official document on Retrieving your instance ID .