{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/argo-workflows/refs/heads/main/json-schema/argo-workflows-io-argoproj-workflow-v1alpha1-s3-artifact-schema.json",
  "title": "io.argoproj.workflow.v1alpha1.S3Artifact",
  "description": "S3Artifact is the location of an S3 artifact",
  "type": "object",
  "properties": {
    "accessKeySecret": {
      "description": "AccessKeySecret is the secret selector to the bucket's access key",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "bucket": {
      "description": "Bucket is the name of the bucket",
      "type": "string"
    },
    "caSecret": {
      "description": "CASecret specifies the secret that contains the CA, used to verify the TLS connection",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "createBucketIfNotPresent": {
      "description": "CreateBucketIfNotPresent tells the driver to attempt to create the S3 bucket for output artifacts, if it doesn't exist. Setting Enabled Encryption will apply either SSE-S3 to the bucket if KmsKeyId is not set or SSE-KMS if it is.",
      "$ref": "#/definitions/io.argoproj.workflow.v1alpha1.CreateS3BucketOptions"
    },
    "encryptionOptions": {
      "$ref": "#/definitions/io.argoproj.workflow.v1alpha1.S3EncryptionOptions"
    },
    "endpoint": {
      "description": "Endpoint is the hostname of the bucket endpoint",
      "type": "string"
    },
    "insecure": {
      "description": "Insecure will connect to the service with TLS",
      "type": "boolean"
    },
    "key": {
      "description": "Key is the key in the bucket where the artifact resides",
      "type": "string"
    },
    "region": {
      "description": "Region contains the optional bucket region",
      "type": "string"
    },
    "roleARN": {
      "description": "RoleARN is the Amazon Resource Name (ARN) of the role to assume.",
      "type": "string"
    },
    "secretKeySecret": {
      "description": "SecretKeySecret is the secret selector to the bucket's secret key",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "sessionTokenSecret": {
      "description": "SessionTokenSecret is used for ephemeral credentials like an IAM assume role or S3 access grant",
      "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector"
    },
    "useSDKCreds": {
      "description": "UseSDKCreds tells the driver to figure out credentials based on sdk defaults.",
      "type": "boolean"
    }
  }
}