# Manage Access Keys

Each storage bucket in a region can be accessed with one **master key pair** that provides full access.\
However, when using Stook with client applications (e.g., Cyberduck) or custom integrations, it is often better to create **specific access keys** with limited permissions.

Through the [**Medianova Control Panel**](https://cloud.medianova.com), you can create credentials that allow:

* **Read Only** – Permission to list and retrieve objects from a specified bucket.
* **Read & Write** – Permission to list, retrieve, add, delete, and modify objects in the specified bucket.

## Creating Credentials

Follow these steps to create a new credential and access keys:

1. From the left-hand menu, select **Stook Object Storage → Credentials**.
2. On the **Stook Credentials** page, click **Create Credential**.

   <figure><img src="/files/MA14qjt9xzPHD19se4we" alt="" width="563"><figcaption><p>Create Credential form with granular permission controls</p></figcaption></figure>

   * Enter a descriptive **Credential Name**.
   * Choose the target **Stook Bucket** and, if needed, provide a **Path** to restrict the credential to a specific folder.
   * Use **Filter Actions** or the **Expand All / Collapse All** links to browse permissions.
   * Either select **All S3 Actions** or expand the **Read**, **Write**, and **Bucket Management** categories to pick the exact actions the credential should allow.
   * Click **Submit** to create the credential.
3. The new credential will appear in the list with the selected permission set.
4. To view the **Access Key** and **Secret Key**, open the credential detail drawer.

   * To display the Secret Key, you must re-enter your login password.

   <figure><img src="/files/QX9pJ8FdjzsNENX0rLb7" alt=""><figcaption><p>Creating Credentials</p></figcaption></figure>

By creating dedicated credentials, you can:

* Limit access to specific buckets.
* Control whether users get full S3 access or only selected Read/Write/Bucket Management actions.
* Use secure keys for external tools and integrations.

This ensures better security and more granular control over your Stook Object Storage environment.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://clients.medianova.com/products/object-storage-stook/manage-access-keys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.