mc admin user svcacct add


The mc admin user svcacct add command adds a new access key to an existing MinIO or AD/LDAP user.

Access keys for OpenID Connect users

To generate service account access keys for OpenID Connect users, use the MinIO Console.

The following command creates a new access key associated to an existing MinIO user:

mc admin user svcacct add                       \
   --access-key "myuserserviceaccount"          \
   --secret-key "myuserserviceaccountpassword"  \
   --policy "/path/to/policy.json"              \
   myminio myuser

The command returns the access key and secret key for the new account.

The command has the following syntax:

mc [GLOBALFLAGS] admin user svcacct add             \
                                    [--access-key]  \
                                    [--secret-key]  \
                                    [--policy]      \
                                    [--comment]     \
                                    ALIAS           \
  • Brackets [] indicate optional parameters.

  • Parameters sharing a line are mutually dependent.

  • Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.



The alias of the MinIO deployment.


The username of the user to which MinIO adds the new access key.


A string to use as the access key for this account. Omit to let MinIO autogenerate a random 20 character value.

Access Key names must be unique across all users.


Changed in version RELEASE.2023-05-18T16-59-00Z: Replaced by --description and --name.

Originally added in version RELEASE.2023-01-28T20-29-38Z.

This option has been removed. Use --description or --name instead.


New in version RELEASE.2023-05-18T16-59-00Z.

Add a description for the service account. For example, you might specify the reason the service account exists.


New in version RELEASE.2023-05-30T22-41-38Z.

Set an expiration date for the service account. The date must be in the future, you may not set an expiration date that has already passed.

Allowed date and time formats:

  • 2023-06-24

  • 2023-06-24T10:00

  • 2023-06-24T10:00:00

  • 2023-06-24T10:00:00Z

  • 2023-06-24T10:00:00-07:00


New in version RELEASE.2023-05-18T16-59-00Z.

Add a human-readable name for the service account.


The path to a policy document to attach to the new access key, with a maximum size of 2048 characters. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user’s policies.


The secret key to associate with the new account. Omit to let MinIO autogenerate a random 40-character value.

Global Flags

This command supports any of the global flags.


S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with MinIO and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported. While mc commands may work as documented, any such usage is at your own risk.