Prepare and Upload PEM Key
This key pair is not the SSH key that you use to access compute instances. |
Both the private key and public key must be in PEM format (not SSH-RSA format). The public key in PEM format looks something like this.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQE...
...
-----END PUBLIC KEY----- |
Generate API Signing Key
You can use the following OpenSSL commands to generate the key pair in the required PEM format. If you're using Windows, you'll need to install Git Bash for Windows and run the commands with that tool.
Step 1. If you haven't already, create a .oci
directory to store the credentials:
Step 2. Generate the private key with one of the following commands.
Step 2.1. (Recommended) To generate the key, encrypted with a passphrase you provide when prompted.
openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048 |
Note: For Windows, you may need to insert -passout stdin
to be prompted for a passphrase. The prompt will just be the blinking cursor, with no text.
openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 -passout stdin 2048 |
Step 2.2. To generate the key with no passphrase.
openssl genrsa -out ~/.oci/oci_api_key.pem 2048 |
Step 3. Ensure that only you can read the private key file:
chmod go-rwx ~/.oci/oci_api_key.pem |
Step 4. Generate the public key.
openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem |
Note: For Windows, if you generated the private key with a passphrase, you may need to insert -passin stdin
to be prompted for the passphrase. The prompt will just be the blinking cursor, with no text.
openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem -passin stdin |
Step 5. Copy the contents of the public key to the clipboard using pbcopy, xclip or a similar tool (you'll need to paste the value into the console later. For example:
cat ~/.oci/oci_api_key_public.pem | pbcopy |
Your API requests will be signed with your private key, and Oracle will use the public key to verify the authenticity of the request. You must upload the public key to IAM which is explained later.