# Manage Access Keys Each storage bucket in a region can be accessed with one **master key pair** that provides full access.\ However, when using Stook with client applications (e.g., Cyberduck) or custom integrations, it is often better to create **specific access keys** with limited permissions. Through the [**Medianova Control Panel**](https://cloud.medianova.com), you can create credentials that allow: * **Read Only** – Permission to list and retrieve objects from a specified bucket. * **Read & Write** – Permission to list, retrieve, add, delete, and modify objects in the specified bucket. ## Creating Credentials Follow these steps to create a new credential and access keys: 1. From the left-hand menu, select **Stook Object Storage → Credentials**. 2. On the **Stook Credentials** page, click **Create Credential**.

Create Credential form with granular permission controls

* Enter a descriptive **Credential Name**. * Choose the target **Stook Bucket** and, if needed, provide a **Path** to restrict the credential to a specific folder. * Use **Filter Actions** or the **Expand All / Collapse All** links to browse permissions. * Either select **All S3 Actions** or expand the **Read**, **Write**, and **Bucket Management** categories to pick the exact actions the credential should allow. * Click **Submit** to create the credential. 3. The new credential will appear in the list with the selected permission set. 4. To view the **Access Key** and **Secret Key**, open the credential detail drawer. * To display the Secret Key, you must re-enter your login password.

By creating dedicated credentials, you can: * Limit access to specific buckets. * Control whether users get full S3 access or only selected Read/Write/Bucket Management actions. * Use secure keys for external tools and integrations. This ensures better security and more granular control over your Stook Object Storage environment.