DigitalOcean Spaces Integration

DigitalOcean Spaces is an S3-compatible object storage service with a built-in CDN. Sveltia CMS supports Spaces as a media storage backend with direct browser-to-Spaces uploads using AWS Signature Version 4 — no backend proxy is required.

Requirements

• A DigitalOcean account with a Space created.
• A Spaces Access Key (see Credentials below).

CSP

If your site uses a Content Security Policy (CSP), you need to allow the Spaces endpoint. See Content Security Policy below for details.

Setup

Credentials

Spaces uses its own key pair, separate from DigitalOcean personal access tokens. Generate one via DigitalOcean Control Panel > API > Spaces Keys.

Note: each key pair covers all Spaces in your account — there is no per-bucket scoping.

The resulting Access Key goes in access_key_id in your config. The Secret Key is entered by users in the CMS UI when they access the media library for the first time — it is never stored in config.

Public Read Access

Asset preview and download URLs are unsigned direct storage URLs, so objects must be publicly readable. Set the Space's file listing to Public in Spaces > Settings, which makes objects publicly readable by default. Alternatively, configure individual object ACLs.

CORS

Configure via DigitalOcean Control Panel > Spaces > Select bucket > Settings > CORS. CORS is required because Sveltia CMS sends custom AWS Signature v4 headers that trigger a preflight request.

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "HEAD"],
    "AllowedOrigins": ["https://your-cms-domain.com"],
    "ExposeHeaders": ["ETag"],
    "MaxAgeSeconds": 3000
  }
]

Configuration

Here’s an example configuration for DigitalOcean Spaces:

YAML

media_libraries:
  digitalocean_spaces:
    access_key_id: ABCD1234EFGH5678IJKL
    bucket: my-space
    region: nyc3
    prefix: cms-uploads/ # Optional
    public_url: https://my-space.nyc3.cdn.digitaloceanspaces.com # Optional, see CDN Endpoint below

TOML

[media_libraries.digitalocean_spaces]
access_key_id = "ABCD1234EFGH5678IJKL"
bucket = "my-space"
region = "nyc3"
prefix = "cms-uploads/"
public_url = "https://my-space.nyc3.cdn.digitaloceanspaces.com"

JSON

{
  "media_libraries": {
    "digitalocean_spaces": {
      "access_key_id": "ABCD1234EFGH5678IJKL",
      "bucket": "my-space",
      "region": "nyc3",
      "prefix": "cms-uploads/",
      "public_url": "https://my-space.nyc3.cdn.digitaloceanspaces.com"
    }
  }
}

JavaScript

{
  media_libraries: {
    digitalocean_spaces: {
      access_key_id: 'ABCD1234EFGH5678IJKL',
      bucket: 'my-space',
      region: 'nyc3',
      prefix: 'cms-uploads/', // Optional
      public_url: 'https://my-space.nyc3.cdn.digitaloceanspaces.com', // Optional
    },
  },
}

WARNING

Do not write your Secret Access Key in the configuration file, as it should be kept confidential and not exposed in client-side code. Users will be prompted to enter the key when they use the storage first time, which will be stored securely in the browser’s local storage.

Configuration Properties

Property	Required	Description
access_key_id	Yes	Spaces Access Key. Safe to store in config.
bucket	Yes	The Space name.
region	Yes	Spaces region, e.g. nyc3, sfo2, ams3, sgp1, fra1.
prefix	No	Path prefix within the bucket, e.g. uploads/.
public_url	No	CDN or custom subdomain URL for asset previews. See CDN Endpoint below.

CDN Endpoint

DigitalOcean Spaces has an optional built-in CDN. Once enabled, the default CDN endpoint is https://{bucket}.{region}.cdn.digitaloceanspaces.com. You can also configure a custom subdomain — see the Spaces CDN custom endpoint guide.

By default, asset URLs use the virtual-hosted storage endpoint (https://{bucket}.{region}.digitaloceanspaces.com/{key}). To use the CDN instead, set public_url to the CDN or custom subdomain URL:

public_url: 'https://my-space.nyc3.cdn.digitaloceanspaces.com'
# or with a custom subdomain:
public_url: 'https://images.example.com'

WARNING

Do not set public_url to the CDN URL and rely on it for API operations. The CDN endpoint does not support the S3 ListObjects API, so browsing the asset library would stop working. The storage endpoint is always used for listing and uploading; only the asset URLs shown in the CMS change.

Content Security Policy

API calls (list, upload) go to https://{region}.digitaloceanspaces.com. Asset URLs use https://{bucket}.{region}.digitaloceanspaces.com by default:

connect-src https://nyc3.digitaloceanspaces.com;
img-src     https://my-space.nyc3.digitaloceanspaces.com;

If using the CDN or a custom subdomain via public_url:

connect-src https://nyc3.digitaloceanspaces.com;
img-src     https://my-space.nyc3.cdn.digitaloceanspaces.com; # or a custom subdomain:

Replace nyc3 and my-space with your actual region and bucket name.

See the CSP documentation for more details.

Accessing the Storage

The DigitalOcean Spaces media storage can be accessed through the File and Image fields in Sveltia CMS. Enter your Secret Access Key in the CMS UI when prompted, and you’ll be able to upload new media directly to Spaces or select existing media from your bucket.

When uploading media, files will be stored in your Spaces bucket, and you can take advantage of Spaces’ capabilities directly from the CMS. You can also select existing media from your Spaces storage.

Future Plans

You’ll be able to manage your Spaces files directly from the Asset Library in future releases.