# Connection parameters
Each protocol has its own set of authentication-form fields and its own
command-line address syntax. This page describes them protocol by protocol.
## SFTP / SCP
Authentication-form fields:
- Host (address)
- Port (default `22`)
- Username
- Password or SSH key
You can authenticate either with a username and password or with an SSH key.
See [SSH key storage](../configuration/ssh-keys.md) for how to manage keys.
Address syntax:
```txt
[protocol://][username@]
[:port][:wrkdir]
```
## FTP / FTPS
Authentication-form fields:
- Host (address)
- Port (default `21`)
- Username
- Password
- Secure (FTPS): enable TLS to use FTPS instead of plain FTP
Address syntax:
```txt
[protocol://][username@][:port][:wrkdir]
```
## Kube
Authentication-form fields:
- Namespace
- Cluster URL (Kubernetes API URL)
- Username
- Client certificate path
- Client key path
Address syntax:
```txt
kube://[namespace][@][$]
```
## S3
termscp supports both AWS S3 and other S3-compatible endpoints.
Authentication-form fields:
- Bucket name
- Region (for AWS S3) or endpoint (for other S3-compatible servers)
- Profile
- Access key
- Secret access key
- Security token
- Session token
- New path style
The required and optional fields differ depending on the endpoint:
- AWS S3:
- bucket name (required)
- region (required)
- profile (optional; defaults to `default`)
- access key (required unless the bucket is public)
- secret access key (required unless the bucket is public)
- security token (if required)
- session token (if required)
- new path style: NO
- Other S3 endpoints:
- bucket name (required)
- endpoint (required)
- access key (required unless the bucket is public)
- secret access key (required unless the bucket is public)
- new path style: YES
Address syntax:
```txt
s3://@[:profile][:/wrkdir]
```
For example:
```txt
s3://buckethead@eu-central-1:default:/assets
```
### S3 credentials
To connect to an AWS S3 bucket you must provide credentials. There are three
ways to do this.
1. Authentication form: provide the access key (usually mandatory), the secret
access key (usually mandatory), the security token, and the session token.
If you save the S3 connection as a bookmark, the access key and secret access
key are saved as an encrypted AES-256/BASE64 string in your bookmarks file.
The security token and session token are not saved, since they are meant to
be temporary credentials.
2. Credentials file: configure the AWS CLI with `aws configure`. Your
credentials are then stored at `~/.aws/credentials`. If you use a profile
other than `default`, provide it in the profile field of the authentication
form.
3. Environment variables: provide your credentials as environment variables.
These always override the credentials in the credentials file. The following
are usually mandatory:
- `AWS_ACCESS_KEY_ID`: AWS access key ID (usually starts with `AKIA...`)
- `AWS_SECRET_ACCESS_KEY`: the secret access key
If you have configured stronger security, you may also need:
- `AWS_SECURITY_TOKEN`: security token
- `AWS_SESSION_TOKEN`: session token
Your credentials are safe: termscp does not manipulate these values directly.
They are consumed directly by the `s3` crate.
## SMB
Authentication-form fields:
- Server (address)
- Share
- Username
- Password
- Port (other systems only; default `445`)
- Workgroup (other systems only)
On Windows the port and workgroup fields are not used.
Windows address syntax:
```txt
\\[username@]\[\path\...]
```
Other systems address syntax:
```txt
smb://[username@][:port]/[/path/.../]
```
## WebDAV
Authentication-form fields:
- URI (the base WebDAV endpoint)
- Username
- Password
Address syntax:
```txt
http(s)://:@
```