Setting up OCI API Keys

how to setup ssh keys for oci

When setting up a new environment or getting access to a client’s OCI environment, the first thing that should be done is configure remote/API access.  In this blog post, we will look at how to create the private and public SSH keys needed for OCI.  Additionally, how the SSH keys are converted over to PEM format for OCI.  Lastly, how to upload the PEM public key to OCI for API access purposes.

To keep my keys organized; I organized by client.  Naturally the first thing to do is to create a new directory.

Create directory

$ mkdir ./ssh_keys

Generate keys

The next thing that needs to be done is create the RSA keys needed.  I know it takes longer, but I like to use the full path to where the files should be outputted.  

$ ssh-keygen -t rsa -b 4096 -m PEM -f /Users/bcurtis/Dropbox/Repo/Terraform/Oracle/OCI/<customer>

oci ssh keys setup


oci ssh keys list

Convert SSH keys to PEM for OCI

Once I have the private and public keys generated, they need to be converted over to PEM format.  This can be done by using OpenSSL, as below.

$ sudo openssl rsa -in oci_***** -pubout -out oci_*****_pub.pem

oci rsa pem keys

After running the OpenSSL command, lets check the key.  To do this, I used the “cat” command – keep it simple.

oci api keys pem check


Upload your key to OCI

After we have the SSH keys converted over to the PEM format, we can now upload the public key to OCI.  

Login to your OCI account.  Go to your Profile (upper right hand corner).

oci profile tab

Once the Profile tab is open, select your Oracle Identity login name.  In my case it is [email protected].  This will take you to the Profile page.  Once you are on your Users Detail page, down the left handside find the Resources section.  Under Resources, select API Keys.

oci resource api keys

Under the API Keys, click the Add API Key button. This will open up a dialog where you can select the Public PEM file that was created earlier.

oci api keys button


oci api keys add dialog

Once the Public PEM key has been added, the Configuration File Preview will appear.  This information can be copied into the config file for the OCI CLI to be used.  

oci config file preview

After hitting the Close button, the API Key Fingerprint that is displayed in the Configuration File Preview will be updated in the API Keys for your profile.

oci api keys fingerprint

At this point, you can add more keys or you can being using the API Key with cloud native tools that reference apis – like Terraform.

Please follow and like:

Enquire now

Give us a call or fill in the form below and we will contact you. We endeavor to answer all inquiries within 24 hours on business days.