Oracle Cloud Infrastructure Documentation

Services Service Essentials

Security Credentials

This section describes the types of credentials you'll use when working with Oracle Cloud Infrastructure.

Console Password

  • What it's for: Using the Console.
  • Format: Typical password text string.
  • How to get one: An administrator will provide you with a one-time password.
  • How to use it: Sign in to the Console the first time with the one-time password, and then change it when prompted. Requirements for the password are displayed there. The one-time password expires in seven days. If you want to change the password later, see To change your Console password. Also, you or an administrator can reset the password in the Console or with the API (see To create or reset another user's Console password). Resetting the password creates a new one-time password that you'll be prompted to change the next time you sign in to the Console. If you're blocked from signing in to the Console because you've tried 10 times in a row unsuccessfully, contact your administrator.
  • Note for Federated Users: Federated users do not use a Console password. Instead, they sign in to the Console through their identity provider.

API Signing Key

  • What it's for: Using the API (see Software Development Kits and Command Line Interface and Request Signatures).
  • Format: RSA key pair in PEM format (minimum 2048 bits required).
  • How to get one: See Required Keys and OCIDs.
  • How to use it: In the Console, copy and paste the contents of the PEM public key file from the key pair (see How to Upload the Public Key). Then use the private key with the SDK or with your own client to sign your API requests. Note that after you've uploaded your first API key in the Console, you can use the API to upload any additional ones you want to use. If you provide the wrong kind of key (for example, your instance SSH key, or a key that isn't at least 2048 bits), you'll get an InvalidKey error.
  • Example: The PEM public key looks something like this:
    -----BEGIN PUBLIC KEY-----

    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTFqF...
    ...
		
    -----END PUBLIC KEY——

Instance SSH Key

  • What it's for: Accessing a compute instance.

  • Format: For Oracle-provided images, these SSH key types are supported: RSA, DSA, DSS, ECDSA, and Ed25519. If you bring your own image, you're responsible for managing the SSH key types that are supported.

    For RSA, DSS, and DSA keys, a minimum of 2048 bits is recommended. For ECDSA keys, a minimum of 128 bits is recommended.

  • How to get one: See Creating a Key Pair.
  • How to use it: When you launch an instance, provide the public key from the key pair.
  • Example: An RSA public key looks something like this:
    ssh-rsa AAAAB3BzaC1yc2EAAAADAQABAAABAQD9BRwrUiLDki6P0+jZhwsjS2muM...

    ... jane.smith@example.com

Auth Token

  • What it's for: Authenticating with third-party APIs that do not support Oracle Cloud Infrastructure's signature-based authentication. For example, use an auth token as your password with Swift clients.
  • Format: Typical password text string.
  • How to get one: See Working with Auth Tokens.
  • How to use it: Usage depends on the service your are authenticating with. Typically, you authenticate with third-party APIs by providing your Oracle Cloud Infrastructure Console login, your auth token provided by Oracle, and your organization's Oracle tenant name.

About Oracle | Contact Us | Legal Notices | Terms of Use | Privacy | Document Conventions |

Copyright © , Oracle and/or its affiliates. All rights reserved.