diff --git a/backend/app/storage.py b/backend/app/storage.py
index cb7dbd4..d23e544 100644
--- a/backend/app/storage.py
+++ b/backend/app/storage.py
@@ -242,15 +242,19 @@ class S3Storage:
             },
         )
 
-        self.client = boto3.client(
-            "s3",
-            endpoint_url=settings.s3_endpoint if settings.s3_endpoint else None,
-            region_name=settings.s3_region,
-            aws_access_key_id=settings.s3_access_key_id,
-            aws_secret_access_key=settings.s3_secret_access_key,
-            config=config,
-            verify=settings.s3_verify_ssl,  # SSL/TLS verification
-        )
+        # Build client kwargs - only include credentials if explicitly provided
+        # This allows IRSA/IAM role credentials to be used when no explicit creds are set
+        client_kwargs = {
+            "endpoint_url": settings.s3_endpoint if settings.s3_endpoint else None,
+            "region_name": settings.s3_region,
+            "config": config,
+            "verify": settings.s3_verify_ssl,
+        }
+        if settings.s3_access_key_id and settings.s3_secret_access_key:
+            client_kwargs["aws_access_key_id"] = settings.s3_access_key_id
+            client_kwargs["aws_secret_access_key"] = settings.s3_secret_access_key
+
+        self.client = boto3.client("s3", **client_kwargs)
         self.bucket = settings.s3_bucket
         # Store active multipart uploads for resumable support
         self._active_uploads: Dict[str, Dict[str, Any]] = {}