When setting up a new environment or getting access to a client’s OCI environment, the first thing that should be done is configure remote/API access. In this blog post, we will look at how to create the private and public SSH keys needed for OCI. Additionally, how the SSH keys are converted over to PEM format for OCI. Lastly, how to upload the PEM public key to OCI for API access purposes.
To keep my keys organized; I organized by client. Naturally the first thing to do is to create a new directory.
$ mkdir ./ssh_keys
The next thing that needs to be done is create the RSA keys needed. I know it takes longer, but I like to use the full path to where the files should be outputted.
$ ssh-keygen -t rsa -b 4096 -m PEM -f /Users/bcurtis/Dropbox/Repo/Terraform/Oracle/OCI/<customer>
Convert SSH keys to PEM for OCI
Once I have the private and public keys generated, they need to be converted over to PEM format. This can be done by using OpenSSL, as below.
$ sudo openssl rsa -in oci_***** -pubout -out oci_*****_pub.pem
After running the OpenSSL command, lets check the key. To do this, I used the “cat” command – keep it simple.
Upload your key to OCI
After we have the SSH keys converted over to the PEM format, we can now upload the public key to OCI.
Login to your OCI account. Go to your Profile (upper right hand corner).
Once the Profile tab is open, select your Oracle Identity login name. In my case it is [email protected]. This will take you to the Profile page. Once you are on your Users Detail page, down the left handside find the Resources section. Under Resources, select API Keys.
Under the API Keys, click the Add API Key button. This will open up a dialog where you can select the Public PEM file that was created earlier.
Once the Public PEM key has been added, the Configuration File Preview will appear. This information can be copied into the config file for the OCI CLI to be used.
After hitting the Close button, the API Key Fingerprint that is displayed in the Configuration File Preview will be updated in the API Keys for your profile.
At this point, you can add more keys or you can being using the API Key with cloud native tools that reference apis – like Terraform.
Current Oracle Certs
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.