diff --git a/weed/iam/constants.go b/weed/iam/constants.go
index 7dea524e8..974645be7 100644
--- a/weed/iam/constants.go
+++ b/weed/iam/constants.go
@@ -3,7 +3,7 @@ package iam
 // Character sets for credential generation
 const (
 	CharsetUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-	Charset      = CharsetUpper + "abcdefghijklmnopqrstuvwxyz/"
+	Charset      = CharsetUpper + "abcdefghijklmnopqrstuvwxyz"
 )
 
 // Policy document version
diff --git a/weed/iam/helpers_test.go b/weed/iam/helpers_test.go
index f2da389c3..6b39a3779 100644
--- a/weed/iam/helpers_test.go
+++ b/weed/iam/helpers_test.go
@@ -58,6 +58,23 @@ func TestGenerateSecretAccessKey(t *testing.T) {
 	assert.Len(t, secretKey, SecretAccessKeyLength)
 }
 
+func TestGenerateSecretAccessKey_URLSafe(t *testing.T) {
+	// Generate multiple keys to increase probability of catching unsafe chars
+	for i := 0; i < 100; i++ {
+		secretKey, err := GenerateSecretAccessKey()
+		assert.NoError(t, err)
+
+		// Verify no URL-unsafe characters that would cause authentication issues
+		assert.NotContains(t, secretKey, "/", "Secret key should not contain /")
+		assert.NotContains(t, secretKey, "+", "Secret key should not contain +")
+
+		// Verify only expected characters are present
+		for _, char := range secretKey {
+			assert.Contains(t, Charset, string(char), "Secret key contains unexpected character: %c", char)
+		}
+	}
+}
+
 func TestStringSlicesEqual(t *testing.T) {
 	tests := []struct {
 		a        []string