v.24.11Improvement

Added access_header for S3 endpoints in user authentication

Published: November 25, 2025

Added a new header type for S3 endpoints for user authentication (access_header). This allows to get some access header with the lowest priority, which will be overwritten with access_key_id from any other source (for example, a table schema or a named collection). #71011 (MikhailBurdukov).

Added a new authentication header type for S3 endpoints called access_header, which serves as a low-priority access header that can be overridden by access_key_id from other sources.

Why it matters

This feature provides greater flexibility in specifying user authentication for S3 endpoints by allowing multiple sources of authentication keys, with a clear priority order. It solves the problem of rigid authentication management by enabling an initial access header that can be replaced by more specific credentials such as those from table schemas or named collections.

How to use it

To use this feature, specify the access_header as a type of header for the S3 endpoint credentials. The access_key_id from other sources (e.g., table schema or named collections) will override this header if present, allowing seamless prioritization of authentication keys.

Related resources

Pull Request #71011