A Maven wagon for storing dependencies in a private bucket
Java Clojure



Deploy and consume artifacts in private S3 repositories. Designed to be used from Leiningen, but should be usable in other contexts by deploying to repositories at "s3p://" URLs.


Leiningen 2.x

Add the plugin and repositories listing to project.clj. NB: You need to add these to your project.clj, not your personal ~/.lein/profiles.clj. For more details on why, see Leiningen's doc on repeatability:

:plugins [[s3-wagon-private "1.2.0"]]

You can store credentials either in an encrypted file or as environment variables. For the encrypted file, add this to project.clj:

:repositories [["private" {:url "s3p://mybucket/releases/" :creds :gpg}]]

And in ~/.lein/credentials.clj.gpg:

{"s3p://mybucket/releases" {:username "AKIA2489AE28488"
                            :passphrase "98b0b104ca1211e19a6c"}}

The username and passphrase here correspond to the AWS Access Key and Secret Key, respectively.

The map key here can be either a string for an exact match or a regex checked against the repository URL if you have the same credentials for multiple repositories.

To use the environment for credentials, include :username :env :passphrase :env instead of :creds :gpg and export LEIN_USERNAME and LEIN_PASSPHRASE environment variables.

See lein help deploying for details on storing credentials.

If you are running Leiningen in an environment where you don't control the user such as Heroku or Jenkins, you can include credentials in the :repositories entry. However, you should avoid committing them to your project, so you should take them from the environment using System/getenv:

(defproject my-project "1.0.0"
  :plugins [[s3-wagon-private "1.2.0"]]
  :repositories {"releases" {:url "s3p://mybucket/releases/"
                             :username :env/aws_access_key ;; gets environment variable AWS_ACCESS_KEY
                             :passphrase :env/aws_secret_key}}) ;; gets environment variable AWS_SECRET_KEY




    <!-- to publish to a private bucket -->

                    <name>Some Name</name>
                    <name>Some Snapshot Name</name>

     <!-- to consume artifacts from a private bucket -->

         <name>Clojars Repository</name>

            <name>Some Name</name>


            <!-- you can actually put the key and secret in here, I like to get them from the env -->

Changes in version 1.2.0

s3-wagon-private is now based on aws-maven 4.8.0-RELEASE, which now uses the official Amazon S3 client, rather than JetS3t. The list of IAM permissions required on your S3 bucket have changed, they now include:

  • getBucketLocation
  • listObjects
  • getObject
  • getObjectMetadata
  • putObject (when deploying)

Here's a sample AWS policy that would allow both read and write access to the bucket mybucket:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "StmtXXXXX",
            "Effect": "Allow",
            "Action": [
            "Resource": [


If you are seeing errors like: java.lang.IllegalArgumentException: No matching ctor found for class org.sonatype.aether.repository.Authentication, and you are using lein-npm, try upgrading to version 0.5.1 or later. It contains fixes for an issue when using keyword sourced environment variables in your :repositories.


Copyright © 2011-2013 Phil Hagelberg, Scott Clasen, Allen Rohner

Based on aws-maven from the Spring project.

Distributed under the Apache Public License version 2.0.