From dc7b7af9eb33067908262c9975f676f549c6b7e5 Mon Sep 17 00:00:00 2001
From: Hector Valcarcel <hmvalcarcel@gmail.com>
Date: Thu, 6 Feb 2025 12:04:30 +0100
Subject: [PATCH 1/2] feat(s3_config): add support for S3 session token
 configuration

- Introduced logic to handle S3 session token using environment variables.
- Supports session token from both a file and direct environment variable.
- Defaults to an empty token if no value is provided.

Signed-off-by: Hector Valcarcel <hmvalcarcel@gmail.com>
---
 .config/s3.config.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.config/s3.config.php b/.config/s3.config.php
index a17e4037..40379fe6 100644
--- a/.config/s3.config.php
+++ b/.config/s3.config.php
@@ -40,6 +40,14 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['secret'] = '';
   }
 
+  if (getenv('OBJECTSTORE_S3_SESSION_TOKEN_FILE')) {
+    $CONFIG['objectstore']['arguments']['session_token'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SESSION_TOKEN_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SESSION_TOKEN')) {
+    $CONFIG['objectstore']['arguments']['session_token'] = getenv('OBJECTSTORE_S3_SESSION_TOKEN');
+  } else {
+    $CONFIG['objectstore']['arguments']['session_token'] = '';
+  }
+
   if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {

From ecbd2ab480e3fdec13345b32ccae2a5676c5eda8 Mon Sep 17 00:00:00 2001
From: Hector Valcarcel <hmvalcarcel@gmail.com>
Date: Mon, 10 Feb 2025 10:28:04 +0100
Subject: [PATCH 2/2] docs(readme): add new variable for the Object Storage
 section

- variable "OBJECTSTORE_S3_SESSION_TOKEN" to support AWS STS auth workflow

Signed-off-by: Hector Valcarcel <hmvalcarcel@gmail.com>
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ac5b0e28..0bae4628 100644
--- a/README.md
+++ b/README.md
@@ -271,6 +271,7 @@ To use an external S3 compatible object store as primary storage, set the follow
 - `OBJECTSTORE_S3_PORT`: The port that the object storage server is being served over
 - `OBJECTSTORE_S3_KEY`: AWS style access key
 - `OBJECTSTORE_S3_SECRET`: AWS style secret access key
+- `OBJECTSTORE_S3_SESSION_TOKEN`: AWS style session token for STS auth workflows
 - `OBJECTSTORE_S3_STORAGE_CLASS`: The storage class to use when adding objects to the bucket
 - `OBJECTSTORE_S3_SSL` (default: `true`): Whether or not SSL/TLS should be used to communicate with object storage server
 - `OBJECTSTORE_S3_USEPATH_STYLE` (default: `false`): Not required for AWS S3