- Oracle ZFS Storage Appliance Object API Guide for Oracle Cloud Infrastructure Object Storage Service Support, Release OS8.8.x
- Oracle ZFS Storage Appliance Object API for Oracle Cloud Infrastructure Object Storage
- Using the Oracle Cloud Infrastructure Object Storage Service
- Managing Oracle Cloud Infrastructure Object Storage Service User Keys (CLI)
Managing Oracle Cloud Infrastructure Object Storage Service User Keys (CLI)
This procedure describes how to use the CLI to create a user key, set operations permissions for a user key, or delete a user key for the Oracle Cloud Infrastructure Object Storage service for the HTTP protocol.
- Go to the
oci keys
node of the HTTP service.hostname:> configuration services http oci keys hostname:configuration services http oci keys> list NAME CREATED USER FINGERPRINT COMMENT key-000 2019-6-19 15:25:42 usr1 key-000-fingerprint key-001 2019-7-8 16:01:18 usr2 key-001-fingerprint
- Use the
create
command to create a new user key.hostname:configuration services http oci keys> create
Provide a user name, a public key, and an optional comment.
- Set the user name.
The user name is the OCID of an Oracle Cloud Infrastructure account user and is also a valid data user on the appliance. A data user is a user that is allowed to access data protocols. The user does not need to be an appliance administrator.
hostname:configuration services http oci key-002 (uncommitted)> set user=usr3 user = usr3 (uncommitted)
- Use the
setkey
command to set the key.The public key is a 392-character base64 string that corresponds to an RSA public key in PEM format. The key is echoed in correct PEM format for visual verification.
hostname:configuration services http oci key-002 (uncommitted)> setkey ("." to end)> -----BEGIN PUBLIC KEY----- ("." to end)> MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQBqm2f5LPGIe9Nc6QiA+1Sb ("." to end)> ... ("." to end)> Bg/rj3IO97yXax+l8hIwCI6uNzgye7bUSQF6BNyEuNazW8VbCJPwnTdbWknKoSXh ("." to end)> AgMBAAEa ("." to end)> -----END PUBLIC KEY----- ("." to end)> .
- Set the user name.
- Optional: Provide a comment.
hostname:configuration services http oci key-002 (uncommitted)> set comment=dev comment = dev (uncommitted)
-
Commit the changes.
hostname:configuration services http oci key-002 (uncommitted)> commit Here is the fingerprint associated with the registered public key. Fingerprint: key-002-fingerprint
The
Keys
list displays the generated fingerprint for the new key.-
A unique fingerprint is generated for each different key that is entered by the same user.
-
The same fingerprint is generated for a key that is entered by different users.
-
- Optional: Change operations permissions for a user key.
Permissions control a user's ability to perform operations on resources. See the Permissions Required for Each API Operation for more information.
- Select a key.
A specific key can be selected in either of the following ways:
-
By key name, such as
key-000
. -
By both username and fingerprint. A username or a fingerprint could match more than one key. Even if the username or fingerprint is unique in the current configuration, you must specify both to select the key.
To select a key, use one of the following commands:
hostname:configuration services http oci keys> select keyname OR hostname:configuration services http oci keys> select user=username fingerprint=fingerprint
Select the new key and show its permissions properties.
hostname:configuration services http oci keys> select key-002 hostname:configuration services http oci key-002> ls Properties: user = usr3 fingerprint = key-002-fingerprint comment = dev namespace_read = true bucket_create = true bucket_update = true bucket_read = true bucket_inspect = true bucket_delete = true object_create = true object_overwrite = true object_read = true object_inspect = true object_delete = true object_version_delete = true par_manage = true retention_rule_manage = true retention_rule_lock = true
-
- Disable or enable specific permissions.
The following example disables the
object_version_delete
permission for the selected key.hostname:configuration services http oci key-002> set object_version_delete=false object_version_delete = false (uncommitted)
- Commit the changes.
hostname:configuration services http oci key-002> commit hostname:configuration services http oci key-002> get object_version_delete object_version_delete = false hostname:configuration services http oci key-002> done
- Select a key.
- To delete a key, use the
destroy
command.Enter
destroy keyname
, and then entery
to confirm the key deletion.hostname:configuration services http oci keys> destroy key-000 This will delete key "key-000". Are you sure? (Y/N) y