Skip to content
Wade Robson edited this page Aug 2, 2017 · 10 revisions


S3-Auth allows munki clients to connect securely, and directly to a munki repo hosted in S3.


Munki has a feature which enables Mac administrators to use middleware to change munki's HTTP request. S3-Auth uses this feature to create the HTTP headers necessary to authenticate to S3. The Canonical URI is used to create a unique signature for each requested file/resource. The signature provides access to only that resource for a 15 minute window.

Getting Started

What you need:

  • An AWS account
  • A S3 bucket
  • IAM user with limited policy
  • Munki version 2.7.0 or higher to use middleware. You can find that here


Step 1:

Copy into /usr/local/munki/

sudo curl -o /usr/local/munki/
Step 2:

Setup your s3-auth preferences.

sudo defaults write /Library/Preferences/ManagedInstalls AccessKey 'AKIAIX2QPWZ7EXAMPLE'
sudo defaults write /Library/Preferences/ManagedInstalls SecretKey 'z5MFJCcEyYBmh2BxbrlZBWNJ4izEXAMPLE'
sudo defaults write /Library/Preferences/ManagedInstalls Region 'us-west-2'
Step 3:

Change your repo to point to your s3 bucket.

sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL  ""
Clone this wiki locally