diff --git a/pkg/internal/models/destination.go b/pkg/internal/models/destination.go
index c8ae162..040f95c 100644
--- a/pkg/internal/models/destination.go
+++ b/pkg/internal/models/destination.go
@@ -29,4 +29,5 @@ type S3Destination struct {
 	SecretKey     string `json:"secret_key"`
 	AccessBaseURL string `json:"access_baseurl"`
 	EnableSSL     bool   `json:"enable_ssl"`
+	EnabledSigned bool   `json:"enabled_signed"`
 }
diff --git a/pkg/internal/services/opener.go b/pkg/internal/services/opener.go
index abd0aa9..569db7f 100644
--- a/pkg/internal/services/opener.go
+++ b/pkg/internal/services/opener.go
@@ -16,6 +16,8 @@ import (
 	"github.com/eko/gocache/lib/v4/marshaler"
 	"github.com/eko/gocache/lib/v4/store"
 	jsoniter "github.com/json-iterator/go"
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/samber/lo"
 )
 
@@ -113,6 +115,25 @@ func OpenAttachmentByRID(rid string, region ...string) (url string, mimetype str
 	case models.DestinationTypeS3:
 		var destConfigured models.S3Destination
 		_ = jsoniter.Unmarshal(rawDest, &destConfigured)
+		if destConfigured.EnabledSigned {
+			var client *minio.Client
+			client, err = minio.New(destConfigured.Endpoint, &minio.Options{
+				Creds:  credentials.NewStaticV4(destConfigured.SecretID, destConfigured.SecretKey, ""),
+				Secure: destConfigured.EnableSSL,
+			})
+			if err != nil {
+				return
+			}
+
+			var uri *nurl.URL
+			uri, err = client.PresignedGetObject(context.Background(), destConfigured.Bucket, result.Attachment.Uuid, 60*time.Minute, nil)
+			if err != nil {
+				return
+			}
+
+			url = uri.String()
+			return
+		}
 		if len(destConfigured.AccessBaseURL) > 0 {
 			url = fmt.Sprintf(
 				"%s/%s",