Adding a Cloud Service Provider Account for OCI
You must have created a user in OCI before you can add a Cloud Service Provider account. For more information see Adding an API Key for the OCI User.
Important: It may take up to 5 minutes for a new API key to become active on OCI. If you attempt to create your Cloud Service Provider account before the API key is active, it will fail with the following error: Failed to validate Access Credentials OCI returned error: Client is unauthorized. null
Please wait a few minutes before you attempt to recreate your Cloud Service Provider account. For more information, see Adding a Cloud Service Provider Account for OCI .
- Log into the Cryptographic Security Platform Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
- In the top menu bar, click CloudKeys.
- Click the CSP Accounts tab and select Actions > Add Cloud Service Provider Account.
-
On the Details tab of the Add CSP dialog box, enter the account details.
Field Description Name The name you want to use for the Cloud Service Provider Account. Description An optional description of the Cloud Service Provider Account. Admin Group
Select the Admin Group that you want to use for the account.
Type
Select OCI.
OCI User ID
Copy the user information (everything after 'user=') from the configuration file preview.
OCI Tenancy ID
Copy the tenancy information (everything after 'tenancy=') from the configuration file preview.
OCI Region
Copy the region information (everything after 'region=') from the configuration file preview.
OCI API Key Fingerprint
Copy the fingerprint information (everything after 'fingerprint=') from the configuration file preview.
OCI API Key Content
Click Load File to upload the key file that you generated.
OCI API Key Passphrase
If you generated an RSA Key Pair with a passphrase, enter the passphrase here.
OCI Storage Bucket
If you are using a virtual private vault, enter the bucket name. This is where backups of HSM-protected keys in a virtual private vault will be stored. If you have a virtual private vault, imported keys will not be stored in the Cryptographic Security Platform Vault for Cloud Keys.
OCI Storage Namespace
If you are using a virtual private vault, enter the namespace of the storage bucket.
-
Click Continue.
-
On the Schedule tab, determine the rotation schedule. This can be one of the following:
-
Never—The api keys will never be rotated.
- Every x days—The api keys will be rotated on a daily basis. The minimum is 1 day and the maximum is 540 days.
- Every x weeks—The api keys will be rotated on a weekly basis. The minimum is 1 week and the maximum is 72 weeks.
- Every x months—The api keys will be rotated on a monthly basis. The minimum is 1 month and the maximum is 18 months.
- Every x years—The api keys will be rotated on a yearly basis. The minimum is 1 year and the maximum is 1 year.
-
-
Click Add.