Security Tokens as AWS Secret Access Keys

To communicate with Hedvig's S3 Service, you must generate a security token, which serves as the aws_secret_access_key.

This token is either:

  • specified in the AWS credentials file for the AWS CLI on the client, or

  • supplied to the S3 application in the format required for that application.

The AWS credentials file is found on the S3 client machine at ~/.aws/credentials.

In the following example:

Security Tokens as AWS Secret Access Keys (1)

  • The aws_access_key_id is the Hedvig user, for example, HedvigAdmin.

  • The aws_secret_access_key is the security token, for example, ehoFGrkHd6qnYhp7ufJYEtA5/gzuDP0Ydc+gPsdl


  • The security token email can be sent to the user any number of times.

  • Only the actual user, or the superuser, can send the security token email.

  • For LDAP/AD users to get a security token, you must save the user locally to Hedvig. See the Hedvig RBAC User Guide for more information.