Creates a new secret key for the specified user. Secret keys are used for authentication with the Object Storage Service's Amazon S3 compatible API. For information, see Managing User Credentials.

You must specify a description for the secret key (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateCustomerSecretKey.

Every user has permission to create a secret key for their own user ID. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create a secret key for any user, including themselves.


oci iam customer-secret-key create [OPTIONS]

Required Parameters

--display-name [text]

The name you assign to the secret key during creation. Does not have to be unique, and it's changeable.

--user-id [text]

The OCID of the user.

Optional Parameters

--from-json [text]

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id --> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our "using CLI with advanced JSON options" link: