Oracle Cloud Infrastructure Documentation

Set Up API Authentication for OCI

To connect a local environment to an OCI tenancy, set up API authentication in a config file.

Before You Begin

To successfully perform this tutorial, you must have the following configuration in place.

  • A supported browser
  • A MacOS, Linux, or a Windows environment with Windows Subsystem for Linux (WSL).
  • Python 3 installed. For the supported Python versions, see the Python SDK documentation.
  • Python 3 installed.
  • Perform the Create a Sandbox User for Tutorials tutorial and:
    • Have the Oracle Mobile Authenticator app ready.
    • Write down the following information from the tutorial:
      • <sandbox-username>
      • <sandbox-user-password>
      • <tenancy-name>
      • <domain-name>
      • <sandbox-compartment>

1. Create API Keys

In this tutorial, you generate the private/public key pair for the sandbox user in the Console. When you use the Console to add the key pair, the Console also generates a configuration file preview snippet for you.

  1. Sign in to the Console. For Cloud Account Name, enter the <tenancy-name> and select Next.
  2. For identity domain, enter the <domain-name>. For example, Default and then select, Next.
  3. Enter the <sandbox-username> and <sandbox-user-password> and select Sign In.
  4. Open the Oracle Mobile Authenticator app, and for the <tenancy-name> <sandbox-username> account, get the generated passcode.
  5. In the Console, in the Multi-Factor Authentication window, enter the passcode and select Sign In.
    You're directed to the Console Home page.
  6. In the top navigation bar, select the Profile icon, and then select User settings.
  7. Select Tokens and keys.
  8. Under API keys, select Add API key.
  9. Generate or provide keys as instructed in the dialog.
    Important

    If you generate keys, download both keys and save the keys in a secure location. If you lose the keys, they can't be re-created, and you must create new keys again.
  10. Select Add.
  11. A dialog displays the configuration settings. Copy the configuration information into a file on your local environment, called config and save the file into a secure text file.

If you need help, see Required Keys and OCIDs for API signing.

2. Change Key Permissions

  1. Navigate to the folder where you downloaded the keys in the previous section.
  2. (Optional) Change the name of the keys. For example, <sandbox-user-private-key.pem> and <sandbox-user-public-key.pem>.
  3. From the terminal, go to your home directory.
  4. Create a .oci directory.
  5. Move the public and private key to the .oci directory and write down the <path-to-private-key.pem>.
    Example: <home-directory>/.oci/<sandbox-user-public-key.pem>
  6. In the local environment, change the permission for the private key file with the following command: 
    chmod 400 <path-to-private-key.pem>

4. Install OCI CLI

  1. Install the OCI CLI and Python SDK using pip: 
    pip install oci-cli

    All the required libraries are installed.

  2. Verify that the OCI CLI is installed. Enter the following command. 
    pip list
    The command lists the installed packages including oci-cli. For example:
    oci-cli                  <version>

4. Create a Local Configuration File

  1. From the .oci directory, enter the following command: touch config.
  2. Paste the API key configuration data that you copied in the previous section into the config file.

    Example config file.

    [DEFAULT]
user=<ocid1.user.oc1..xxx>
fingerprint=<xx:xx:xx:xx>
tenancy=<ocid1.tenancy.oc1..xxx>
region=us-chicago-1
key_file=<path-to-private-key.pem>

    This configuration is for the Default profile mentioned with [Default].

5. Test the Setup

Verify that the OCI CLI is using the config file and connecting to your tenancy.
  1. Verify that the OCI CLI is installed. 
    oci

    The command lists the available commands for the CLI.

  2. Verify that the configuration file works. 
    oci os ns get

    This command gets the namespace of your tenancy.

    oci iam region list

    This command lists the available regions in your tenancy.