Oracle Cloud Infrastructure Documentation

Generating an API Key Pair

If you don't already have an existing API signing public and private key pair, we recommend that you create the key pair as part of the manual or automated configuration. To do so, use the oci setup keys command as described in Manually Configuring the OCI CLI, or follow the prompts in Using the Automated Configuration Method.

If you want to create a key pair independent of the OCI CLI configuration, the following sections show you how to do this on Linux, macOS, and Microsoft Windows operating systems. You can then use these keys when you configure the OCI CLI.

Using Linux or macOS

  1. Generate the private key.

    • Generate the key encrypted with a passphrase:

      openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048
      Note

      Use of a passphrase is strongly recommended.

    • Generate the key with no passphrase:

      openssl genrsa -out ~/.oci/oci_api_key.pem 2048

  2. Check the permission on the private key file and change permissions if necessary.

    The file permission must be 600 or 400 to ensure that only you can read the private key file.

  3. Generate the public key from your new private key:

    openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

    This public key file can have the same permissions as the private key file or can be readable by everyone.

Using Microsoft Windows

  1. Install Git Bash for Microsoft Windows.

    See https://git-scm.com/download/win.

  2. Include the OpenSSL binary in your Microsoft Windows path.

    On default installations, the openssl.exe binary is in the following directory:

    C:\Program Files\Git\mingw64\bin

  3. Generate the private key.

    • Generate the key encrypted with a passphrase:

      openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -aes128 -passout  ^
stdin 2048
      Note

      Use of a passphrase is strongly recommended.

    • Generate the key with no passphrase:

      $ openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem 2048

  4. Check the permission on the private key file and change permissions if necessary.

    The file permission must be set so that only you can read the private key file.

  5. Generate the public key from your new private key:

    openssl rsa -pubout -in %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -out  ^
%HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key_public.pem

    This public key file can have the same permissions as the private key file or can be readable by everyone.