Storage of the artifacts


The Deployments service stores Mender artifacts in an S3 compatible object-store. This gives the end-user flexibility in using either their storage proxy based on Minio, the default setup, or 3rd party services such as Amazon S3.

When using an AWS S3 bucket, it is possible to configure the Deployments service to use AWS specific settings, among the others:

The list of the main storage-related settings for the Deployments service, both as environment variables and config file keys, follows:


The AWS region the S3 bucket is located in. For Minio, this value should be set to us-east-1.

Default: us-east-1


The name of the S3 bucket used to store the artifacts. For Minio, the bucket is automatically created at start-up.

Default: mender-artifact-storage


AWS S3 supports two different URI styles:

  • virtual-hosted (
  • path-style (

Buckets created after September 30, 2020, will support only virtual hosted-style requests. Path-style requests will continue to be supported for buckets created on or before this date.

When Minio (or alternative S3 implementations) is in use, path style URI are used.

Default: true


If set to true, it enables the S3 Transfer Acceleration for the operations that support it. The AWS S3 Bucket must have the S3 Transfer Acceleration feature enabled.

Default: false


The URI to the S3 storage service.

When using AWS S3, set to for the us-east-1 region, and for the other AWS regions. For example, for AWS S3 buckets located in Frankfurt, set to

When using Minio, set to the URI Minio is exposed to the internet. Please note that the domain and protocol used to access the storage service are the same used by the devices to download the artifacts, and the host name is included in the URL presigning algorithm. You can optionally install a CDN in front of your Minio instance, and in this case you can use your CDN URL for this setting.



The credentials to access the S3 storage service.

If you are running Mender on an AWS EC2 instance, you can leave these settings empty if a proper instance profile is attached to the EC2 instance: the service will default to retrieving authentication credentials locally from the AWS IAM role assigned to the EC2 instance. Please refer to the official AWS documentation for further details.

Using Minio to store the artifacts

When using Minio, you have to specify the access key ID and the access secret key setting the MINIO_ACCESS_KEY and MINIO_SECRET_KEY environment variables:

        MINIO_ACCESS_KEY: "<replace-with-random-string>"
        MINIO_SECRET_KEY: "<replace-with-another-random-string>"

The Minio service is configured to use the /export directory as its storage location. It is possible to define a volume that mounts a local directory into the service container:

        # mount the path `/my/storage/location` as /export directory
        - /my/storage/location:/export

Alternatively, you can mount a preexisting Docker volume:

        # mounts a docker volume named `mender-artifacts` as /export directory
        - mender-artifacts:/export:rw

    # mender-artifacts volume
        # use external volume created manually
            name: mender-artifacts

Using Minio Gateway to store the artifacts on third-party storage services

Minio can be used as Gateway to third-party storage services, optionally caching the data locally. For example, using Minio Gateway, it is possible to store Mender Artifacts on on AWS S3. Older versions supported Azure Blob Storage and Hadoop HDFS. Please refer to the official Minio documentation to configure Minio Gateway.

We welcome contributions to improve this documentation. To submit a change, use the Edit link at the top of the page or email us at .