Pular para o conteúdo principal

Alibaba Cloud OSS

Casdoor supports Alibaba Cloud OSS with two auth options: static credentials (AccessKey) or RRSA (RAM Roles for Service Accounts) for environments that provide OIDC tokens (e.g. Alibaba Cloud ACK).

Static credentials

  1. Create an AccessKey in the Alibaba Cloud console.
  2. In Casdoor, create a Storage provider, set Type to Alibaba Cloud OSS, and fill Client ID (AccessKey ID), Client secret (AccessKey Secret), Endpoint, Bucket, and Region as needed.

Criar OSS OSS

RRSA (no long-term credentials)

In environments that provide OIDC tokens (e.g. ACK with RRSA), set these environment variables from your RAM console:

ALIBABA_CLOUD_ROLE_ARN=acs:ram::YOUR_ACCOUNT_ID:role/YOUR_ROLE_NAME
ALIBABA_CLOUD_OIDC_PROVIDER_ARN=acs:ram::YOUR_ACCOUNT_ID:oidc-provider/YOUR_PROVIDER_NAME
ALIBABA_CLOUD_OIDC_TOKEN_FILE=/var/run/secrets/tokens/oidc-token

In the Casdoor storage provider, leave Client ID and Client secret empty. Casdoor will use the OIDC token to obtain temporary credentials. If RRSA is unavailable, it falls back to static credentials.

dica

For production on Alibaba Cloud ACK, RRSA is recommended: no stored secrets and short-lived tokens.