R2 token that only allows uploading to bucket and not deleting?

Is it possible to generate such a token that only has permission to upload to a bucket? An example use case is:

  1. I use R2 to backup my database
  2. The mysqldump file is regularly uploaded to R2 using the API key
  3. Server gets hacked and the hacker gains access to the secret key
  4. They can list and delete all the backup files

However, if the token only has permission to upload and not delete then it will be much safer to use R2 for backups.

Not currently - the only way to have such functionality would be via a Worker where you can bind to a specific bucket and only the bindings you setup, like .get or .put, would be available.

Workers have 100 MB body size limits. Not at all usable for backups.

1 Like

Sure - I was just saying that’s the only way, viable or not.

Tokens that can be scoped with more granularity, like per-bucket or with fine grained ACLs, are being discussed and will likely be on the roadmap.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.