Set up MinIO

Configure a self-hosted MinIO server as the object store for LFS Harbor. MinIO is S3-compatible, so the same credentials format used for Amazon S3 applies.

Prerequisites — a MinIO server is already running and accessible. For the CLI steps, mc is installed and you have an alias configured for your server:

bash

mc alias set MINIO_ALIAS https://MINIO_URL ACCESS_KEY SECRET_KEY

Replace MINIO_ALIAS with a name of your choice (e.g. myminio) and MINIO_URL, ACCESS_KEY, SECRET_KEYwith your server's root credentials.

Create a bucket

1. Open the MinIO Console, go to Buckets, and click Create bucket.
2. Enter a bucket name and leave all other settings at their defaults.
3. Click Create bucket.

Create an access policy

Define a policy that grants exactly the permissions LFS Harbor needs: read, write, and delete objects in your bucket, plus the ability to list the bucket to check object existence.

1. Go to Administrator → Policies and click Create policy. Name it LFSHarborStoragePolicy and paste the following, replacing BUCKET_NAME:

json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::BUCKET_NAME/*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:ListBucket",
      "Resource": "arn:aws:s3:::BUCKET_NAME"
    }
  ]
}

2. Click Save.

Create a user

Create a dedicated MinIO user for LFS Harbor and attach the policy from the previous step.

1. Go to Identity → Users and click Create user. Set the username to lfsharbor-storage.
2. Under Assign policies, select LFSHarborStoragePolicy.
3. Click Save.

Generate a service account key

Create a service account tied to the lfsharbor-storageuser. This produces an access key and secret key that LFS Harbor will use to authenticate — the service account inherits the user's policy.

1. Open the lfsharbor-storage user in Identity → Users and go to the Service accounts tab.
2. Click Create service account. Leave the other settings as they are and click Create.
3. Copy the Access key and Secret key. The secret is only shown once.

Keep these credentials secret. Don't commit them to version control. If they're ever exposed, delete the service account in Access → Users → lfsharbor-storage → Service accounts and generate a new one.

Add the credentials to LFS Harbor

Connect your MinIO bucket to LFS Harbor through the dashboard.

1. Go to the LFS Harbor dashboard.
2. Click on your repository.
3. Edit the object store configuration.
4. Choose MinIO as the storage provider.
5. Enter your bucket name and the endpoint URL of your MinIO server. Leave the region blank.
6. Enter the access key and secret key.

Set up LFS Harbor as your Git LFS server

Choose the guide that fits your situation:

Add Git LFS to a repository — for repos that don't use Git LFS yet.
Migrate from another provider — for repos already using a different Git LFS server.