Sealos S3

Use this skill to give a project real Sealos object storage through sealos-cli s3. The default outcome is: identify the app's object-storage need, create or reuse a bucket, initialize credentials only when needed, wire the smallest safe set of local env vars, and verify the project's upload/download or presigned URL path.

This skill is grounded in zjy365/sealos-cli#28, which registered the s3 command and implemented bucket CRD operations plus S3-compatible object operations.

Safety Rules

1. Never print secret keys, full S3 credential blocks, or copied env values in the final answer.
2. Do not overwrite an existing env value without confirming or preserving the old value.
3. Do not commit .env, .env.local, S3 access keys, secret keys, kubeconfig, or Sealos auth files.
4. Ask before making a bucket public. Default bucket policy is private.
5. Ask before destructive operations: s3 delete-bucket, s3 delete, credential rotation for an active app, or replacing app storage configuration.
6. Use JSON output from sealos-cli by default and parse it instead of scraping table output.
7. Treat s3 secret output as sensitive even though the CLI can print it.

Workflow

1. Resolve the target project