Create Credential for OCI Authentication
To be able to establish connection from Oracle Log Analytics to Oracle Cloud Infrastructure (OCI) Object Storage service, you must configure the Oracle Management Cloud credential store with your OCI authentication details.
Prerequisites for Creating Credentials
Keep the following authentication information ready to create OCI specific credentials in the Oracle Management Cloud credential store to access OCI from Oracle Management Cloud:
- The following details of the RSA key pair:
- Fingerprint for RSA key: The fingerprint for the RSA key
pair that you're using to access OCI. It looks something like this:
12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef
. - Private key: The private key in the RSA key pair. The RSA key pair is
generated in PEM format (minimum 2048 bits).
You would upload the public key from the key pair in the OCI console to obtain authentication.
- Fingerprint for RSA key: The fingerprint for the RSA key
pair that you're using to access OCI. It looks something like this:
- Tenancy OCID: The OCID of the tenant.
- User OCID: The OCID of the user.
For more information about the keys and OCIDs, generating RSA key pair, and generating the fingerprint for the key pair, see Oracle Cloud Infrastructure Documentation Getting Started - Required Keys and OCIDs.
Create Credentials using UI
-
Go to the administration page at the location Administration > Security > Credential Store. Click New Credential.
The Create Credential dialog box opens.
-
From the Credential type menu, select Oracle.OCI.Auth.
Provide a name to identify the credentials in the field Credential Name, and provide a Description.
-
Provide the following information about your OCI account:
- fingerprint: The fingerprint for the RSA key pair
- pass_phrase: Leave this field empty
- private_key: The unencrypted private key in the RSA key pair. This should not be encrypted by using any passphrase. The private key spans over multiple lines. Ensure to replace all the newline characters with the space character and use the resulting key.
- tenancy: The OCID of the tenant
- user: The OCID of the user
Click Create.
Create Credentials using REST API
-
Provide the credential information to access the OCI account in the json format and store the OCI properties file on the local machine, for example,
OCI_creds.json
:{ "name": "<OCI_CREDENTIAL>", "credtype": "Oracle.OCI.Auth", "columnValues": { "user": "<User OCID>", "private_key": "<Unencrypted Private Key Text By Replacing Newline Characters With Space Character>", "fingerprint": "<Fingerprint of the public key>", "tenancy": "<Tenancy OCID>" } }
In the above format, provide the following information:
- name: Provide a name to identify the credentials.
- credtype: Specify
Oracle.OCI.Auth
for OCI authentication. - fingerprint: The fingerprint for the RSA key pair
- private_key: The unencrypted private key in the RSA key pair. This should not be encrypted by using any passphrase. The private key spans over multiple lines. Ensure to replace all the newline characters with the space character and use the resulting key.
- tenancy: The OCID of the tenant
- user: The OCID of the user
-
To register the credentials in the Oracle Management Cloud credential store, run the cURL command in the following format:
curl -X POST -k -u '<username>:<password>' -H 'X-USER-IDENTITY-DOMAIN-NAME:<identity_domain_name>' "https://<OMC_URL>/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@<json_file>"
In the above format:
- username: Your user name to access the Oracle Management
Cloud account. Depending on the type of your cloud account, the username
will be in one of the following formats:
- <username> for Oracle Identity Cloud Service (IDCS) based account.
- <tenant_name>.<username> for
Traditional Cloud Account.
Follow the same steps as those to obtain OMC_URL. TENANT_NAME is displayed above OMC_URL.
For information on the types of cloud accounts, see About Oracle Cloud Accounts in Getting Started with Oracle Cloud.
- password: The password to access the Oracle Management Cloud account
- OMC_URL: Obtain OMC URL from Agents page.
- On the Oracle Management Cloud home page, click the OMC Navigation Menu on the top-left corner and navigate to Administration > Agents.
- On the Agents page, click the Download tab. The Agent Software Download page is displayed.
- Select Cloud Agent from the Agent Type drop-down list. The OMC_URL is displayed. Note the URL.
- identity_domain_name: Depending on the type of your
cloud account, the identity domain name will be one of the following:
- IDCS Identity Domain: For IDCS based cloud
account, typically of the format
idcs-j29b928a146e4bdd7fef12a6e6a9excm
. Collect this from your cloud account details page. - Tenant Name: For Traditional Cloud Account,
typically of the format
acme
.Follow the same steps as those to obtain OMC_URL. TENANT_NAME is displayed above OMC_URL.
For information on the types of cloud accounts, see About Oracle Cloud Accounts in Getting Started with Oracle Cloud.
- IDCS Identity Domain: For IDCS based cloud
account, typically of the format
- json_file: The OCI properties file that you created in step 1.
An example cURL command to register the OCI credentials for a traditional cloud account:
curl -X POST -k -u 'acme.JohnDoe:john_password' -H 'X-USER-IDENTITY-DOMAIN-NAME:acme' "https://acme.example.com:4443/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@OCI_creds.json"
An example cURL command to register the OCI credentials for an IDCS based cloud account:
curl -X POST -k -u 'JohnDoe:john_password' -H 'X-USER-IDENTITY-DOMAIN-NAME:idcs-j29b928a146e4bdd7fef12a6e6a9excm' "https://omc-fb68f2dffe9f4a27bda5c45778f62f41.example.com/serviceapi/credentialStore/api/v1/credentials" -H 'Content-Type:application/json' -d "@OCI_creds.json"
- username: Your user name to access the Oracle Management
Cloud account. Depending on the type of your cloud account, the username
will be in one of the following formats: