Contact UsGet started

WinSCP

Written by
Updated at April 1, 2025

WinSCP is a GUI client for Windows that allows you to work with cloud storages, including compatible with the Amazon S3 API.

Note

To work with Object Storage, use version 5.14 or later.

Getting started

  1. Create a bucket.

  2. Create a service account.

  3. Assign the required role to the service account, e.g., storage.editor. For more information about roles, see Managing access with Yandex Identity and Access Management.

    To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

    • kms.keys.encrypter: To read the key, encrypt and upload objects.
    • kms.keys.decrypter: To read the key, decrypt and download objects.
    • kms.keys.encrypterDecrypter: This role includes the kms.keys.encrypter and kms.keys.decrypter permissions.

    For more information, see Key Management Service service roles.

    Tip

    You can assign a role for a folder or a bucket to a service account. A role for a folder gives the GUI client access to all the buckets in the folder. A role for a bucket gives the client access only to this particular bucket. For granular access, assign a role for a particular bucket.

  4. Create a static access key.

    As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:

    • key_id: Static access key ID
    • secret: Secret key

    Save key_id and secret: you will not be able to get the key value again.

Note

A service account is only allowed to view a list of buckets in the folder it was created in.

A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.

Installation

Download the WinSCP distribution and run it.

Connection

  1. Run WinSCP.

  2. In the Sessions tab, select New Session....

  3. Under Sessions, specify the following parameters:

    • File protocol: Amazon S3.
    • Host name: storage.yandexcloud.net.
    • Port number: 443.
    • Access key ID: Previously obtained static key ID.
    • Secret access key: Previously obtained static key contents.

    To connect to a particular bucket, click Advanced.... In the Advanced Site Settings window, select Directories in the left-hand menu, under Environment. In the Remote directory: field, specify the bucket name and click OK.

  4. Click Login.

Once the connection is established, the right-hand panel will show the bucket you previously created.

Note

WinSCP treats Object Storage as a hierarchical file system. This means that the keys of objects uploaded via WinSCP look like file paths, e.g., prefix/subprefix/picture.jpg.

To learn more about how to use WinSCP with S3-compatible storage, see the WinSCP documentation.

Previous
CyberDuck
Next
All SDKs