[SoftNAS KB]: Changing/Rotating S3 Keys


 Your organization requires that you change your S3 keys on a regular basis in order to ensure security. 


This article provides the steps required to switch your S3 keys for a new set. These instructions will be performed on a recurring basis. This article assumes you know how to create/obtain/deactivate S3 keys in the AWS console.


  • 1. Log into your instance using SSH.
    • For guidance on how to connect to your Linux instance, click here.
    • For Guidance on how to connect to your Windows Instance, click here.
  • 2. Log into AWS, and create new keys via the Amazon AWS console, under IAM Management. Deactivate the old keys.
  • 3. Encrypt the new key using the cmd_encrypt.php utility in your command shell.

php /var/www/softnas/snserver/cmd_encrypt.php encrypt AKIAXXXXXXXXSPZ5XxXA

php /var/www/softnas/snserver/cmd_encrypt.php encrypt aXj46XcPjSKXxXxXxszZAx2xXxxXqdXxxxQbxM0n

  • 4. Insert the output into /var/www/softnas/config/s3config.ini instead of the old awsAccessKey and awsSecretKey entries.




  • 5. Reboot the instance.
  • 6. Confirm that the S3-backed volumes remain accessible and operational.

Outage required: