# Secure Authentication for S3 Storage ## Overview {% hint style="info" %} If you're using **Whereby-hosted** storage, you can skip this guide. This only applies to **Self-hosted** cloud recordings and session transcriptions. {% endhint %} When storing cloud recordings and session transcriptions in S3, the system must authenticate with your S3 bucket to upload and manage objects securely. We support two authentication methods: 1. Access Key authentication 2. OIDC (OpenID Connect) authentication Both methods allow access to the same S3 functionality, but they differ in how credentials are managed and how they are configured. This documentation explains: * What each authentication type is and how it works * When to use each method * How to configure both Access Key and OIDC authentication ## At a glance * Access Key authentication uses long-lived AWS credentials (access key ID and secret access key). * OIDC authentication uses short-lived credentials by assuming an IAM role via an OpenID Connect identity provider. For most production environments, **OIDC authentication is recommended.** {% hint style="warning" %} Currently, we only support OIDC authentication with **AWS,** with hopes to expand this to other providers in the future. {% endhint %} ## See Also * [Understanding Authentication Types](https://docs.whereby.com/whereby-product-features/secure-authentication-for-s3-storage/understanding-authentication-types) * [Configure Access Key Authentication](https://docs.whereby.com/whereby-product-features/secure-authentication-for-s3-storage/configure-access-key-authentication) * [Configure OIDC Authentication](https://docs.whereby.com/whereby-product-features/secure-authentication-for-s3-storage/configure-oidc-authentication) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.whereby.com/whereby-product-features/secure-authentication-for-s3-storage.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.