diff --git a/dvc/config.py b/dvc/config.py
index a43cb16f2f..3cc0cb5369 100644
--- a/dvc/config.py
+++ b/dvc/config.py
@@ -149,6 +149,8 @@ class RelPath(str):
                     "profile": str,
                     "credentialpath": str,
                     "endpointurl": str,
+                    Optional("s3_key_id", default=None): str,
+                    Optional("s3_key_secret", default=None): str,
                     Optional("listobjects", default=False): Bool,
                     Optional("use_ssl", default=True): Bool,
                     "sse": str,
diff --git a/dvc/tree/s3.py b/dvc/tree/s3.py
index 17d58301f1..574a47d48b 100644
--- a/dvc/tree/s3.py
+++ b/dvc/tree/s3.py
@@ -54,6 +54,9 @@ def __init__(self, repo, config):
 
         self._append_aws_grants_to_extra_args(config)
 
+        self.key_id = config.get("s3_key_id")
+        self.key_secret = config.get("s3_key_secret")
+
         shared_creds = config.get("credentialpath")
         if shared_creds:
             os.environ.setdefault("AWS_SHARED_CREDENTIALS_FILE", shared_creds)
@@ -63,9 +66,14 @@ def __init__(self, repo, config):
     def s3(self):
         import boto3
 
-        session = boto3.session.Session(
-            profile_name=self.profile, region_name=self.region
-        )
+        session_opts = dict(profile_name=self.profile, region_name=self.region)
+
+        if self.key_id:
+            session_opts["aws_access_key_id"] = self.key_id
+        if self.key_secret:
+            session_opts["aws_secret_access_key"] = self.key_secret
+
+        session = boto3.session.Session(**session_opts)
 
         return session.client(
             "s3", endpoint_url=self.endpoint_url, use_ssl=self.use_ssl
diff --git a/tests/unit/remote/test_s3.py b/tests/unit/remote/test_s3.py
index 570371c0c7..4ecddeefec 100644
--- a/tests/unit/remote/test_s3.py
+++ b/tests/unit/remote/test_s3.py
@@ -6,6 +6,8 @@
 bucket_name = "bucket-name"
 prefix = "some/prefix"
 url = f"s3://{bucket_name}/{prefix}"
+key_id = "key_id"
+key_secret = "key_secret"
 
 
 @pytest.fixture(autouse=True)
@@ -57,3 +59,11 @@ def test_grants_mutually_exclusive_acl_error(dvc, grants):
 def test_sse_kms_key_id(dvc):
     tree = S3RemoteTree(dvc, {"url": url, "sse_kms_key_id": "key"})
     assert tree.extra_args["SSEKMSKeyId"] == "key"
+
+
+def test_key_id_and_secret(dvc):
+    tree = S3RemoteTree(
+        dvc, {"url": url, "s3_key_id": key_id, "s3_key_secret": key_secret}
+    )
+    assert tree.key_id == key_id
+    assert tree.key_secret == key_secret