Oracle Cloud Infrastructure Documentation

Security Credentials

This section describes the types of credentials you'll use when working with Oracle Cloud Infrastructure.

Console Password

  • What it's for: Using the Console.
  • Format: Typical password text string.
  • How to get one: An administrator will provide you with a one-time password.
  • How to use it: Sign in to the Console the first time with the one-time password, and then change it when prompted. Requirements for the password are displayed there. The one-time password expires in seven days. If you want to change the password later, see To change your Console password. Also, you or an administrator can reset the password in the Console or with the API (see To create or reset another user's Console password). Resetting the password creates a new one-time password that you'll be prompted to change the next time you sign in to the Console. If you're blocked from signing in to the Console because you've tried 10 times in a row unsuccessfully, contact your administrator.

API Signing Key

  • What it's for: Using the API (see Software Development Kits and Command Line Interface and Request Signatures).
  • Format: RSA key pair in PEM format (minimum 2048 bits required).
  • How to get one: See Required Keys and OCIDs.
  • How to use it: In the Console, copy and paste the contents of the PEM public key file from the key pair (see How to Upload the Public Key). Then use the private key with the SDK or with your own client to sign your API requests. Note that after you've uploaded your first API key in the Console, you can use the API to upload any additional ones you want to use. If you provide the wrong kind of key (for example, your instance SSH key, or a key that isn't at least 2048 bits), you'll get an InvalidKey error.
  • Example: The PEM public key looks something like this:
    -----BEGIN PUBLIC KEY-----
    
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTFqF...
    ...
    -----END PUBLIC KEY——

Instance SSH Key

  • What it's for: Accessing a compute instance.
  • Format: For RSA, DSS, or DSA: minimum 2048 bits recommended. For ECDSA: minimum 128 bits recommended.
  • How to get one: See Creating a Key Pair.
  • How to use it: When you launch an instance, provide the public key from the key pair.
  • Example: An RSA public key looks something like this:
    ssh-rsa AAAAB3BzaC1yc2EAAAADAQABAAABAQD9BRwrUiLDki6P0+jZhwsjS2muM...

    ... john.smith@example.com

Auth Token

  • What it's for: Authenticating with third-party APIs that do not support Oracle Cloud Infrastructure's signature-based authentication. For example, use an auth token as your password with Swift clients.
  • Format: Typical password text string.
  • How to get one: See Working with Auth Tokens.
  • How to use it: Usage depends on the service your are authenticating with. Typically, you authenticate with third-party APIs by providing your Oracle Cloud Infrastructure Console login, your auth token provided by Oracle, and your organization's Oracle tenant name.