diff --git a/createLiiibre b/createLiiibre
index 85ae4d503d72d17931e3c0e39c0a0050360dbb5b..cf27b4fd8c877461a8af425df30b251724e0aab9 100755
--- a/createLiiibre
+++ b/createLiiibre
@@ -67,7 +67,27 @@ kubectl -n ${tld} create secret generic forum-${tld}-smtp --from-literal=host=ma
 kubectl -n ${tld} create secret generic ${CHAT_SUBDOMAIN}-${tld}-smtp --from-literal=host=mail.indie.host --from-literal=port=587 --from-literal=from_email=${chat_email} --from-literal=username=${chat_email} --from-literal=password=${chat_email_password} --from-literal=mail_from_address=${chat_local_part}
 
 # Create Buckets
-echo "Execute on sm1 export CHAT_SUBDOMAIN=${CHAT_SUBDOMAIN};export NUAGE_SUBDOMAIN=${NUAGE_SUBDOMAIN}; ~/pierre/scripts/createLiiibreBuckets ${1}"
+## Create dumps bucket
+export AWS_ACCESS_KEY_ID=${NS}-dumps
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add cold ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
+
+## Create data buckets
+### For chats
+export AWS_ACCESS_KEY_ID=${CHAT_SUBDOMAIN}-${NS}
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add hot ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
+
+### For Nuage
+export AWS_ACCESS_KEY_ID=${NUAGE_SUBDOMAIN}-${NS}
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add hot ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
 
 # Create secrets
 mkdir /tmp/${NS}
diff --git a/policy/README.md b/policy/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..8803109a0438f787879a0fabc6c922590531373f
--- /dev/null
+++ b/policy/README.md
@@ -0,0 +1,5 @@
+# Deploy policies for hot and cold buckets
+
+mc admin policy add hot username-rw ./policy.json
+mc admin policy add cold username-rw /policy.json
+
diff --git a/policy/username-rw.json b/policy/username-rw.json
new file mode 100644
index 0000000000000000000000000000000000000000..070d497e78bf3741643b274fc9565f114e24a661
--- /dev/null
+++ b/policy/username-rw.json
@@ -0,0 +1,16 @@
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::${aws:username}/*",
+        "arn:aws:s3:::${aws:username}"
+      ]
+     }
+  ]
+}
+