Your access key and secret key are in final.yml

[dsboulder]

They belong in private.yml, not checked into git.

[drnic]

Dave, you can put the read-only creds in final.yml (or mark the assets public via console); and read-write creds in private.yml. 

Is there a way to setup an s3 bucket to mark all uploaded blobs as public via bosh sync blobs?

Brian, is this what you did?

On Tue, Jan 21, 2014 at 5:48 PM, David Stevenson [email protected]
wrote:

They belong in private.yml, not checked into git.

Reply to this email directly or view it on GitHub:
#5

[adamstegman]

It looks like you can set a bucket policy to allow anonymous downloads of any object in a bucket. Since the object ids are known to bosh it seems like it would work.

[adamstegman]

Yes, we were able to make that work.

1. We created an S3 bucket and set the anonymous access permission example as the bucket policy, and uploaded our blobs to that bucket.
2. We removed the local caches of blobs and changed final.yml to exclude credentials.
3. We ran bosh create release and it successfully downloaded all the blobs and created a release.

Here's our final.yml:

---
blobstore:
  provider: s3
  options:
    bucket_name: <bucket-name>
min_cli_version: 1.5.0.pre.1117

[BrianMMcClain]

@drnic is correct, those are RO credentials, however I'm glad you brought this up @adamstegman, I think this is a good route as well. I havn't followed any recent changes to proper blob management with BOSH recently, but this may be a better route to go.