S3-Backed File Storage For Datasette-Files

Issue 84 Edition 2026-03-25 4 min read

Not accepted General

Sources: 1 • Confidence: Medium • Updated: 2026-03-26 03:27

Key takeaways

A release titled "datasette-files-s3 0.1a1" has been announced.
datasette-files-s3 adds a mechanism to periodically fetch S3 configuration from a URL.
Periodic S3 configuration fetching enables use of time-limited IAM credentials restricted to a specific prefix within an S3 bucket.
datasette-files-s3 is a backend for datasette-files that stores and retrieves files using an S3 bucket.

A release titled "datasette-files-s3 0.1a1" has been announced.
datasette-files-s3 is a backend for datasette-files that stores and retrieves files using an S3 bucket.

datasette-files-s3 adds a mechanism to periodically fetch S3 configuration from a URL.
Periodic S3 configuration fetching enables use of time-limited IAM credentials restricted to a specific prefix within an S3 bucket.

What exact configuration schema is fetched from the URL (fields, formats, and validation rules), and how is it applied at runtime?
Does the plugin update active S3 client settings without a process restart, and what is the refresh cadence/trigger behavior?
What is the evidence (tests, examples, or documented patterns) that time-limited credentials restricted to a bucket prefix work end-to-end with this backend?
What are the operational constraints and failure modes (network failure fetching config, stale config behavior, error handling) introduced by periodic remote configuration?
Are there any documented performance characteristics, capacity constraints, or cost considerations (e.g., S3 request patterns, caching) for this backend?

A new S3 backend for datasette-files could lower friction for deployments that prefer object storage, potentially increasing adoption of datasette-files where durability and shared storage are needed.
Periodic remote fetching of S3 configuration could enable credential rotation workflows using time-limited, prefix-scoped IAM credentials, implying a security and operations feature rather than static secrets.
Runtime-controlled configuration may introduce new operational patterns and failure modes, suggesting demand for tooling or guidance around refresh cadence, caching, and error handling for production use.

Documentation or examples specify the fetched configuration schema, validation rules, and how updates apply at runtime, including whether changes take effect without restart and the refresh cadence.
End-to-end examples or tests demonstrate time-limited, prefix-restricted IAM credentials working with the plugin, including rotation without service interruption.
Operational guidance describes behavior under config fetch failures, stale config handling, and S3 request patterns, including any caching and performance or cost considerations.

The plugin requires process restarts for config updates or lacks a clear refresh mechanism, weakening the implied credential rotation benefit.
No tests, examples, or reliable patterns support the claim that time-limited, prefix-scoped credentials work end-to-end, or users report credential rotation failures.
Remote configuration fetching introduces unresolved failure modes or instability, such as frequent outages when the config URL is unreachable or inconsistent runtime behavior.