Create Credential for OCI Authentication

Prerequisites for Creating Credentials

Keep the following authentication information ready to create OCI specific credentials in the Oracle Management Cloud credential store to access OCI from Oracle Management Cloud:

The following details of the RSA key pair:
- Fingerprint for RSA key: The fingerprint for the RSA key pair that you're using to access OCI. It looks something like this: 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef.
- Private key: The private key in the RSA key pair. The RSA key pair is generated in PEM format (minimum 2048 bits).
  You would upload the public key from the key pair in the OCI console to obtain authentication.
Tenancy OCID: The OCID of the tenant.
User OCID: The OCID of the user.

For more information about the keys and OCIDs, generating RSA key pair, and generating the fingerprint for the key pair, see Oracle Cloud Infrastructure Documentation Getting Started - Required Keys and OCIDs.

Create Credentials using UI

Go to the administration page at the location Administration > Security > Credential Store. Click New Credential.

The Create Credential dialog box opens.

Description of the illustration oci_credential_store.png
From the Credential type menu, select Oracle.OCI.Auth.

Provide a name to identify the credentials in the field Credential Name, and provide a Description.
Provide the following information about your OCI account:
- fingerprint: The fingerprint for the RSA key pair
- pass_phrase: Leave this field empty
- private_key: The unencrypted private key in the RSA key pair. This should not be encrypted by using any passphrase. The private key spans over multiple lines. Ensure to replace all the newline characters with the space character and use the resulting key.
- tenancy: The OCID of the tenant
- user: The OCID of the user
Click Create.

Create Credentials using REST API

Provide the credential information to access the OCI account in the json format and store the OCI properties file on the local machine, for example, OCI_creds.json:
```
{
 "name": "<OCI_CREDENTIAL>",
 "credtype": "Oracle.OCI.Auth",
 "columnValues": {
 "user": "<User OCID>",
 "private_key": "<Unencrypted Private Key Text By Replacing Newline Characters With Space Character>",
 "fingerprint": "<Fingerprint of the public key>",
 "tenancy": "<Tenancy OCID>"
 }
}
```
In the above format, provide the following information:
- name: Provide a name to identify the credentials.
- credtype: Specify Oracle.OCI.Auth for OCI authentication.
- fingerprint: The fingerprint for the RSA key pair
- private_key: The unencrypted private key in the RSA key pair. This should not be encrypted by using any passphrase. The private key spans over multiple lines. Ensure to replace all the newline characters with the space character and use the resulting key.
- tenancy: The OCID of the tenant
- user: The OCID of the user
To register the credentials in the Oracle Management Cloud credential store, run the cURL command in the following format:
```
curl -X POST -k -u '<username>:<password>' -H 'X-USER-IDENTITY-DOMAIN-NAME:<identity_domain_name>' "https://<OMC_URL>/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@<json_file>"
```
In the above format:
- username: Your user name to access the Oracle Management Cloud account. Depending on the type of your cloud account, the username will be in one of the following formats:
  - <username> for Oracle Identity Cloud Service (IDCS) based account.
  - <tenant_name>.<username> for Traditional Cloud Account.
    Follow the same steps as those to obtain OMC_URL. TENANT_NAME is displayed above OMC_URL.
  For information on the types of cloud accounts, see About Oracle Cloud Accounts in Getting Started with Oracle Cloud.
- password: The password to access the Oracle Management Cloud account
- OMC_URL: Obtain OMC URL from Agents page.
  1. On the Oracle Management Cloud home page, click the OMC Navigation Menu on the top-left corner and navigate to Administration > Agents.
  2. On the Agents page, click the Download tab. The Agent Software Download page is displayed.
  3. Select Cloud Agent from the Agent Type drop-down list. The OMC_URL is displayed. Note the URL.
- identity_domain_name: Depending on the type of your cloud account, the identity domain name will be one of the following:
  - IDCS Identity Domain: For IDCS based cloud account, typically of the format idcs-j29b928a146e4bdd7fef12a6e6a9excm. Collect this from your cloud account details page.
  - Tenant Name: For Traditional Cloud Account, typically of the format acme.
    Follow the same steps as those to obtain OMC_URL. TENANT_NAME is displayed above OMC_URL.
  For information on the types of cloud accounts, see About Oracle Cloud Accounts in Getting Started with Oracle Cloud.
- json_file: The OCI properties file that you created in step 1.
An example cURL command to register the OCI credentials for a traditional cloud account:
```
curl -X POST -k -u 'acme.JohnDoe:john_password' -H 'X-USER-IDENTITY-DOMAIN-NAME:acme' "https://acme.example.com:4443/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@OCI_creds.json"
```
An example cURL command to register the OCI credentials for an IDCS based cloud account:
```
curl -X POST -k -u 'JohnDoe:john_password' -H 'X-USER-IDENTITY-DOMAIN-NAME:idcs-j29b928a146e4bdd7fef12a6e6a9excm' "https://omc-fb68f2dffe9f4a27bda5c45778f62f41.example.com/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@OCI_creds.json"
```