OxiDB v0.20.0 — S3-Compatible Object Storage

We're excited to announce OxiDB v0.20.0 — a major release that brings full S3-compatible object storage with AWS Signature V4 authentication, alongside all the document database features you already know.

What's New in v0.20.0

S3-Compatible REST API

OxiDB now ships with a built-in S3-compatible HTTP API. Enable it with a single environment variable (OXIDB_S3_PORT=9000) and use any S3 client — boto3, AWS CLI, MinIO SDK, or any tool that speaks the S3 protocol.

This means you can use OxiDB as a unified data platform: documents via OxiWire/SQL, key-value via OxiMem (RESP), messaging via MQTT, and now object storage via S3 — all in a single binary.

Full S3 Feature Coverage

We didn't just implement the basics. Here's what's supported:

Category	Operations
Buckets	CreateBucket, DeleteBucket, HeadBucket, ListBuckets
Objects	PutObject, GetObject, HeadObject, DeleteObject
Multipart	CreateMultipartUpload, UploadPart, CompleteMultipartUpload, AbortMultipartUpload
Copy	CopyObject with MetadataDirective (COPY/REPLACE), cross-bucket copy
Batch	DeleteObjects (POST ?delete)
List	ListObjectsV2, prefix, delimiter, CommonPrefixes, MaxKeys
Range	Range requests (bytes=start-end, suffix) with 206 Partial Content
Conditional	If-Match, If-None-Match with 304/412 responses
Tagging	GetObjectTagging, PutObjectTagging, DeleteObjectTagging
Auth	AWS Signature V4 (header + presigned URLs)
CORS	OPTIONS preflight, Access-Control-Allow-* headers
Metadata	x-amz-meta-* round-trip on PUT/GET/HEAD/COPY

AWS Signature V4 Authentication

Security is not optional. OxiDB's S3 API supports full AWS Signature V4 authentication — the same signing protocol used by AWS. Set two environment variables and every request is cryptographically verified:

OXIDB_S3_ACCESS_KEY=your-access-key
OXIDB_S3_SECRET_KEY=your-secret-key

Features include:

Header-based authentication (standard Authorization header)
Presigned URLs (query-string authentication with expiration)
Constant-time signature comparison (timing-attack resistant)
HMAC-SHA256 signing chain with per-request key derivation

Performance

We ran our comprehensive test suite with 100 tests across all S3 features. Here are the latency numbers from localhost:

TCP connect          : 0.063 ms
TTFB (HeadObject)    : 0.204 ms
GET 1 KB total       : 0.260 ms
GET 1 MB total       : 0.588 ms
GET 10 MB total      : 21.9 ms
PUT 10 MB total      : 29.6 ms

Sub-millisecond for metadata operations. The release build is significantly faster.

Zero New Dependencies

The entire S3 implementation — HTTP parser, XML response generation, AWS SigV4 verification — is built with zero new crate dependencies. It reuses the existing sha2 and hmac crates that were already in the project for SCRAM-SHA-256 auth.

Feature Flag

S3 support is opt-in via a Cargo feature flag:

cargo build --release -p oxidb-server --features s3

If you don't need S3, your binary stays exactly the same size as before.

Quick Start

# Build with S3 support
cargo build --release -p oxidb-server --features s3

# Start with S3 on port 9000
OXIDB_S3_PORT=9000 OXIDB_S3_ACCESS_KEY=mykey OXIDB_S3_SECRET_KEY=mysecret ./oxidb-server

# Use with boto3
import boto3

s3 = boto3.client("s3",
    endpoint_url="http://localhost:9000",
    aws_access_key_id="mykey",
    aws_secret_access_key="mysecret")

s3.create_bucket(Bucket="my-bucket")
s3.put_object(Bucket="my-bucket", Key="hello.txt",
              Body=b"Hello from OxiDB!")

Other Changes

All packages bumped to v0.20.0 (Rust crates, Python PyPI, .NET NuGet, CLI)
OxiMem (Redis-compatible layer) stability improvements
MQTT v3.1.1 cross-protocol pub/sub with OxiMem

Downloads

PyPI: pip install oxidb==0.20.0 or pip install oxidb-embedded==0.20.0
NuGet: OxiDb.Client.Tcp, OxiDb.Client.Embedded, OxiDb.EntityFrameworkCore (0.20.0)
Source: Build from source with cargo build --workspace --release

OxiDB v0.20.0 — one database, every protocol.