Configure S3 Artifact

Spinnaker stages that read data from artifacts can read S3 files directly.

All that’s required are the following values:

API_ENDPOINT=
API_REGION=
REGION=
ARTIFACT_ACCOUNT_NAME=my-s3-account

Download credentials

Create a user with an accessKey or secretKey. Otherwise, spinnaker will use the credentials of the clouddriver pod to attempt to access the s3 resource.

Add the accesskey and secret key either to a secrets manager for use by reference or to a volume mounted into the clouddriver pods by modifying the deployment.yaml for clouddriver.

Add the account and enable it

Add the following to clouddriver-local.yml

artifacts:
  enabled: true
  s3: 
    enabled: true
    accounts:
    - name: my-local-bucket
      region: region
      apiEndpoint: swift-or-ceph-s3-endpoint
      apiRegion: region
      awsAccessKeyId: accessKey
      awsSecretAccessKey:  secretAccessKey
      signerOverride: signerOverride

Note: Setting apiEndpoint & apiRegion is optional. It is needed only if you are using a S3 clone such as Minio.

Additional configuration properties are avaialble in the source code for things like timeout configurations and similar.

Last modified April 17, 2026: chore(docs): Redo install docs off of halyard (#591) (c7a31a6)