diff --git a/README.md b/README.md
index 9a20f06..bf6bd6f 100644
--- a/README.md
+++ b/README.md
@@ -175,6 +175,26 @@ with \
         print(row)
 ```
 
+
+### Public Buckets
+
+For public buckets where credentials must not be passed, pass `None` as the `get_credentials` parameter.
+
+```python
+query_my_db = partial(sqlite_s3_query,
+    url='https://my-public-bucket.s3.eu-west-2.amazonaws.com/my-db.sqlite',
+    get_credentials=None,
+)
+
+with \
+        query_my_db() as query, \
+        query('SELECT * FROM my_table_2 WHERE my_col = ?', params=('my-value',)) as (columns, rows):
+
+    for row in rows:
+        print(row)
+```
+
+
 ### HTTP Client
 
 The HTTP client can be changed by overriding the the default `get_http_client` parameter, which is shown below.
diff --git a/sqlite_s3_query.py b/sqlite_s3_query.py
index 4da69ef..8326b37 100644
--- a/sqlite_s3_query.py
+++ b/sqlite_s3_query.py
@@ -74,6 +74,23 @@ def sqlite_s3_query_multi(url, get_credentials=lambda now: (
     local = threading.local()
     local.pending_exception = None
 
+    def get_request_headers_for_private_buckets(method, params, headers, now):
+        region, access_key_id, secret_access_key, session_token = get_credentials(now)
+        to_auth_headers = headers + (
+            (('x-amz-security-token', session_token),) if session_token is not None else \
+            ()
+        )
+        return aws_sigv4_headers(
+            now, access_key_id, secret_access_key, region, method, to_auth_headers, params,
+        )
+
+    def get_request_headers_for_public_buckets(_, __, headers, ___):
+        return headers
+
+    get_request_headers = \
+        get_request_headers_for_private_buckets if get_credentials is not None else \
+        get_request_headers_for_public_buckets
+
     def set_pending_exception(exception):
         local.pending_exception = exception
 
@@ -98,15 +115,8 @@ def run_with_db(db, func, *args):
     @contextmanager
     def make_auth_request(http_client, method, params, headers):
         now = datetime.utcnow()
-        region, access_key_id, secret_access_key, session_token = get_credentials(now)
-        to_auth_headers = headers + (
-            (('x-amz-security-token', session_token),) if session_token is not None else \
-            ()
-        )
-        request_headers = aws_sigv4_headers(
-            now, access_key_id, secret_access_key, region, method, to_auth_headers, params,
-        )
         url = f'{scheme}://{netloc}{path}'
+        request_headers = get_request_headers(method, params, headers, now)
         with http_client.stream(method, url, params=params, headers=request_headers) as response:
             response.raise_for_status()
             yield response