How to create a bucket using Minio with Garage S3 storage?
00:59 11 Jun 2026

My previous setup used Minio as the S3 storage. However, due to recent developments at Minio regarding their product I decided to give Garage a go. My setup is a single node.

import minio
from pathlib import Path

client = minio.Minio(
  "gin-vm-postgresql.iosb.fraunhofer.de:3900", #:3902
  # Bucket-specific key (here for bucket "tutorial")
  #"---------------",
  #"+++++++++++++++",
  # API key
  '::::::::::::::::',
  '................',
  # Force the region, this is specific to garage
  region='garage',
  secure=False
)

print(client.list_buckets())

p = Path('./datasets').absolute()
dss = [ds for ds in p.iterdir() if ds.is_dir()] 
for ds in dss:
    print(f'Dataset "{ds.stem}" at "{ds}"')
    try:
        client.make_bucket(bucket_name=ds.stem.lower())
    except Exception as err:
        print(err)

The code above iterates through all first level subdirectories inside my datasets directory and creates a bucket using the stem as the bucket's name.

For every bucket creation attempt I get

S3 operation failed; code: AccessDenied, message: Forbidden: Access key :::::::::::::::::::: is not allowed to create buckets, resource: /BUCKET_NAME, request_id: None, host_id: None

The API key I am using has not been assigned a bucket yet and was created in the following way:

garage -c /etc/garage/garage.toml key create mykey

Using the CLI I don't really see any options for the create command except for setting the expiration date which doesn't sound good. I know that once I assign an API key to a bucket I can do

garage -c /etc/garage/garage.toml bucket allow \
  BUCKET_NAME \
  --read \
  --write \
  --key mykey

but that is after the bucket has been created.

Does the Garage client API support bucket creation at all?

UPDATE

Apparently I need an API token for the administration API:

garage -c /etc/garage/garage.toml admin-token create --scope ListBuckets,GetBucketInfo,ListKeys,GetKeyInfo,CreateBucket,CreateKey,AllowBucketKey,DenyBucketKey admin_token
This is your secret bearer token, it will not be shown again by Garage:

  189771dd1b55d6d36446313f.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXx

==== ADMINISTRATION TOKEN INFORMATION ====
Token ID:    189771dd1b55d6d36446313f
Token name:  admin_token
Created:     2026-06-11 07:49:56.990 +02:00
Validity:    valid
Expiration:  never

Scope:       ListBuckets
             GetBucketInfo
             ListKeys
             GetKeyInfo
             CreateBucket
             CreateKey
             AllowBucketKey
             DenyBucketKey

However, this is a token and not a key so it cannot be used with the Minio client:

minio.error.S3Error: S3 operation failed; code: AccessDenied, message: Forbidden: No such key: 189771dd1b55d6d36446313f, resource: /, request_id: None, host_id: None

minio-client garage