# Users and Access Keys

> Manage users and access keys for secure access to your object storage.

Users and Access Keys
---------------------

Control access to your object storage by creating users and generating access keys. This allows you to grant different levels of access to different applications or team members.

### Understanding Users

Users in object storage represent an identity that can access your buckets and objects. Each user can have one or more access keys for authentication.

### Creating a User

1. Navigate to your object storage instance
2. Go to the **Users** tab
3. Click **Create user**
4. Enter a **username** (e.g., `my-app`, `backup-service`)
5. Click **Create**

### Access Keys

Access keys are credentials used to authenticate API requests to your object storage. Each access key consists of:

- **Access Key ID:** A public identifier (similar to a username)
- **Secret Access Key:** A private key (similar to a password)

### Creating an Access Key

1. Navigate to your object storage instance
2. Go to the **Users** tab
3. Find the user you want to create a key for
4. Click **Create access key**
5. **Important:** Copy the secret access key immediately - it will only be shown once!

### Security Best Practices

Follow these best practices to keep your object storage secure:

- **Never share secret keys:** Treat them like passwords
- **Use separate users per application:** Don't reuse credentials across apps
- **Rotate keys regularly:** Create new keys and delete old ones periodically
- **Store keys securely:** Use environment variables or secret management tools
- **Delete unused keys:** Remove access keys that are no longer needed

### Using Access Keys

When configuring your application, you'll need both the access key ID and secret access key. For example, in a Laravel `.env` file:

```
AWS_ACCESS_KEY_ID=your-access-key-id
AWS_SECRET_ACCESS_KEY=your-secret-access-key
```

### Revoking Access

To revoke access for a user or application:

1. Navigate to your object storage instance
2. Go to the **Users** tab
3. Find the access key you want to revoke
4. Click the delete button to remove the access key

The access key will be immediately invalidated and any applications using it will lose access.

### Deleting a User

To delete a user:

1. First, delete all access keys associated with the user
2. Navigate to the **Users** tab
3. Find the user and click delete
4. Confirm the deletion

### Next Steps

- [Laravel Integration](/documentation/object-storage/laravel-integration) - Configure your Laravel app with access keys
