From 624fb923dd0334c6dee07cce1359353a9f7488c9 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Mon, 12 Jan 2026 10:29:13 -0800 Subject: [PATCH] Update weed/s3api/s3api_sts.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- weed/s3api/s3api_sts.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/weed/s3api/s3api_sts.go b/weed/s3api/s3api_sts.go index 590c210a2..6d8ee6e00 100644 --- a/weed/s3api/s3api_sts.go +++ b/weed/s3api/s3api_sts.go @@ -500,8 +500,7 @@ func (h *STSHandlers) prepareSTSCredentials(roleArn, roleSessionName, principalA // We use 8 bytes (16 hex chars) accessKeyId := "ASIA" + fmt.Sprintf("%X", randBytes[:8]) - // Generate SecretAccessKey (base64 of 30 bytes is 40 characters) - // We use the remaining bytes or generate new ones? Let's assume we need 32 bytes for strong secret + // Generate SecretAccessKey: 30 random bytes, base64-encoded to a 40-character string secretBytes := make([]byte, 30) if _, err := rand.Read(secretBytes); err != nil { return STSCredentials{}, nil, fmt.Errorf("failed to generate secret bytes: %w", err)