{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/argo-workflows/refs/heads/main/json-schema/argo-workflows-io-argoproj-workflow-v1alpha1-s3-artifact-repository-schema.json",
  "title": "io.argoproj.workflow.v1alpha1.S3ArtifactRepository",
  "description": "S3ArtifactRepository defines the controller configuration for an S3 artifact repository",
  "type": "object",
  "properties": {
    "accessKeySecret": {
      "description": "AccessKeySecret is the secret selector to the bucket's access key",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "bucket": {
      "description": "Bucket is the name of the bucket",
      "type": "string"
    },
    "caSecret": {
      "description": "CASecret specifies the secret that contains the CA, used to verify the TLS connection",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "createBucketIfNotPresent": {
      "description": "CreateBucketIfNotPresent tells the driver to attempt to create the S3 bucket for output artifacts, if it doesn't exist. Setting Enabled Encryption will apply either SSE-S3 to the bucket if KmsKeyId is not set or SSE-KMS if it is.",
      "$ref": "#/definitions/io.argoproj.workflow.v1alpha1.CreateS3BucketOptions"
    },
    "encryptionOptions": {
      "$ref": "#/definitions/io.argoproj.workflow.v1alpha1.S3EncryptionOptions"
    },
    "endpoint": {
      "description": "Endpoint is the hostname of the bucket endpoint",
      "type": "string"
    },
    "insecure": {
      "description": "Insecure will connect to the service with TLS",
      "type": "boolean"
    },
    "keyFormat": {
      "description": "KeyFormat defines the format of how to store keys and can reference workflow variables.",
      "type": "string"
    },
    "keyPrefix": {
      "description": "KeyPrefix is prefix used as part of the bucket key in which the controller will store artifacts.\n\nDeprecated: Use KeyFormat instead.",
      "type": "string"
    },
    "region": {
      "description": "Region contains the optional bucket region",
      "type": "string"
    },
    "roleARN": {
      "description": "RoleARN is the Amazon Resource Name (ARN) of the role to assume.",
      "type": "string"
    },
    "secretKeySecret": {
      "description": "SecretKeySecret is the secret selector to the bucket's secret key",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "sessionTokenSecret": {
      "description": "SessionTokenSecret is used for ephemeral credentials like an IAM assume role or S3 access grant",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "useSDKCreds": {
      "description": "UseSDKCreds tells the driver to figure out credentials based on sdk defaults.",
      "type": "boolean"
    }
  }
}