Skip to content

Latest commit

 

History

History
34 lines (22 loc) · 3.11 KB

S3.md

File metadata and controls

34 lines (22 loc) · 3.11 KB
Raw

S3

If you want to use S3 storage for the sccache cache, you need to set the following environment variables:

  • SCCACHE_BUCKET with the name of the S3 bucket to use;
  • SCCACHE_REGION with the S3 region. If you have set SCCACHE_ENDPOINT, you can set SCCACHE_REGION to auto;
  • Optionally, SCCACHE_ENDPOINT=<ip>:<port> with a custom URL of a server you want a use, such as MinIO or DigitalOcean storage.

If your endpoint requires HTTPS/TLS, set SCCACHE_S3_USE_SSL=true. If you don't need a secure network layer, HTTP (SCCACHE_S3_USE_SSL=false) might be better for performance.

Enable server-side encryption with s3 managed key (SSE-S3), set SCCACHE_S3_SERVER_SIDE_ENCRYPTION=true.
More details about encryption here and documentation here.

You can also define a prefix that will be prepended to the keys of all cache objects created and read within the S3 bucket, effectively creating a scope. To do that use the SCCACHE_S3_KEY_PREFIX environment variable. This can be useful when sharing a bucket with another application.

R2

Cloudflare R2 is an S3-compatible object storage and works with the same configuration options as above. To use R2, you must define SCCACHE_ENDPOINT, otherwise sccache will default to AWS as the endpoint to hit. R2 also requires endpoint connections to be secure, therefore https:// either needs to be included in SCCACHE_ENDPOINT or SCCACHE_S3_USE_SSL=true can be used, if the protocol is omitted. There are no regions in R2, so SCCACHE_REGION must point to auto. The below environment variables are recommended.

  • SCCACHE_BUCKET is the name of your R2 bucket.
  • SCCACHE_ENDPOINT should follow the format of https://<ACCOUNT_ID>.r2.cloudflarestorage.com. It is recommended that https:// be included in this env var. Your account ID can be found here.
  • SCCACHE_REGION should be set to auto.

Credentials

Sccache is able to load credentials from various sources. Including:

  • Static: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
  • Profile: ~/.aws/credentials and ~/.aws/config. The AWS_PROFILE environment variable can be used to select a specific profile if multiple profiles are available.
  • EC2 Metadata Services: Via IMDSv2.
  • AssumeRole: assume role with the role specified by AWS_ROLE_ARN.
  • AssumeRoleWithWebIdentity: assume role with web webIdentity specified by AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE.

Alternatively, the SCCACHE_S3_NO_CREDENTIALS environment variable can be set to use public readonly access to the S3 bucket, without the need for credentials. Valid values for this environment variable are true, 1, false, and 0. This can be useful for implementing a readonly cache for pull requests, which typically cannot be given access to credentials for security reasons.