If you want to use S3 storage for the sccache cache, you need to set the SCCACHE_BUCKET
environment variable to the name of the S3 bucket to use.
You can configure the region using the SCCACHE_REGION
environment variable, or specify the region
key in ~/.aws/credentials
. Alternatively you can specify the endpoint URL using the SCCACHE_ENDPOINT
environment variable. To connect to a minio storage for example you can set SCCACHE_ENDPOINT=<ip>:<port>
.
If your endpoint requires HTTPS/TLS, set SCCACHE_S3_USE_SSL=true
. If you don't need a secure network layer, HTTP (SCCACHE_S3_USE_SSL=false
) might be better for performance.
You can also define a prefix that will be prepended to the keys of all cache objects created and read within the S3 bucket, effectively creating a scope. To do that use the SCCACHE_S3_KEY_PREFIX
environment variable. This can be useful when sharing a bucket with another application.
Sccache is able to load credentials from various sources. Including:
- Static:
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
. - Profile:
~/.aws/credentials
and~/.aws/config
. The AWS_PROFILE environment variable can be used to select a specific profile if multiple profiles are available. - EC2 Metadata Services: Via IMDSv2.
- AssumeRole: assume role with the role specified by
AWS_ROLE_ARN
. - AssumeRoleWithWebIdentity: assume role with web webIdentity specified by
AWS_ROLE_ARN
andAWS_WEB_IDENTITY_TOKEN_FILE
.
Alternatively, the SCCACHE_S3_NO_CREDENTIALS
environment variable can be set to use public readonly access to the S3 bucket, without the need for credentials. This can be useful for implementing a readonly cache for pull requests, which typically cannot be given access to credentials for security reasons.