github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/sts/etcd.md (about) 1 # etcd V3 Quickstart Guide [](https://slack.min.io) 2 3 etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. 4 5 ## Get started 6 7 ### 1. Prerequisites 8 9 - Docker 18.03 or above, refer here for [installation](https://docs.docker.com/install/). 10 11 ### 2. Start etcd 12 13 etcd uses [gcr.io/etcd-development/etcd](https://console.cloud.google.com/gcr/images/etcd-development/GLOBAL/etcd) as a primary container registry. 14 15 ``` 16 rm -rf /tmp/etcd-data.tmp && mkdir -p /tmp/etcd-data.tmp && \ 17 podman rmi gcr.io/etcd-development/etcd:v3.3.9 || true && \ 18 podman run \ 19 -p 2379:2379 \ 20 -p 2380:2380 \ 21 --mount type=bind,source=/tmp/etcd-data.tmp,destination=/etcd-data \ 22 --name etcd-gcr-v3.3.9 \ 23 gcr.io/etcd-development/etcd:v3.3.9 \ 24 /usr/local/bin/etcd \ 25 --name s1 \ 26 --data-dir /etcd-data \ 27 --listen-client-urls http://0.0.0.0:2379 \ 28 --advertise-client-urls http://0.0.0.0:2379 \ 29 --listen-peer-urls http://0.0.0.0:2380 \ 30 --initial-advertise-peer-urls http://0.0.0.0:2380 \ 31 --initial-cluster s1=http://0.0.0.0:2380 \ 32 --initial-cluster-token tkn \ 33 --initial-cluster-state new 34 ``` 35 36 You may also setup etcd with TLS following this documentation [here](https://coreos.com/etcd/docs/latest/op-guide/security.html) 37 38 ### 3. Setup MinIO with etcd 39 40 MinIO server expects environment variable for etcd as `MINIO_ETCD_ENDPOINTS`, this environment variable takes many comma separated entries. 41 42 ``` 43 export MINIO_ETCD_ENDPOINTS=http://localhost:2379 44 minio server /data 45 ``` 46 47 NOTE: If `etcd` is configured with `Client-to-server authentication with HTTPS client certificates` then you need to use additional envs such as `MINIO_ETCD_CLIENT_CERT` pointing to path to `etcd-client.crt` and `MINIO_ETCD_CLIENT_CERT_KEY` path to `etcd-client.key` . 48 49 ### 4. Test with MinIO STS API 50 51 Once etcd is configured, **any STS configuration** will work including Client Grants, Web Identity or AD/LDAP. 52 53 For example, you can configure STS with Client Grants (KeyCloak) using the guides at [MinIO STS Quickstart Guide](https://min.io/docs/minio/linux/developers/security-token-service.html) and [KeyCloak Configuration Guide](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md). Once this is done, STS credentials can be generated: 54 55 ``` 56 go run client-grants.go -cid PoEgXP6uVO45IsENRngDXj5Au5Ya -csec eKsw6z8CtOJVBtrOWvhRWL4TUCga 57 58 ##### Credentials 59 { 60 "accessKey": "IRBLVDGN5QGMDCMO1X8V", 61 "secretKey": "KzS3UZKE7xqNdtRbKyfcWgxBS6P1G4kwZn4DXKuY", 62 "expiration": "2018-08-21T15:49:38-07:00", 63 "sessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJJUkJMVkRHTjVRR01EQ01PMVg4ViIsImF1ZCI6IlBvRWdYUDZ1Vk80NUlzRU5SbmdEWGo1QXU1WWEiLCJhenAiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiZXhwIjoxNTM0ODkxNzc4LCJpYXQiOjE1MzQ4ODgxNzgsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIiwianRpIjoiMTg0NDMyOWMtZDY1YS00OGEzLTgyMjgtOWRmNzNmZTgzZDU2In0.4rKsZ8VkZnIS_ALzfTJ9UbEKPFlQVvIyuHw6AWTJcDFDVgQA2ooQHmH9wUDnhXBi1M7o8yWJ47DXP-TLPhwCgQ" 64 } 65 ``` 66 67 These credentials can now be used to perform MinIO API operations, these credentials automatically expire in 1hr. To understand more about credential expiry duration and client grants STS API read further [here](https://github.com/minio/minio/blob/master/docs/sts/client-grants.md). 68 69 ## Explore Further 70 71 - [MinIO STS Quickstart Guide](https://min.io/docs/minio/linux/developers/security-token-service.html) 72 - [The MinIO documentation website](https://min.io/docs/minio/linux/index.html)