Adding a Cloud Service Provider Account for OCI

You must have created a user in OCI before you can add a Cloud Service Provider account. For more information see Adding an API Key for the OCI User.

Important: It may take up to 5 minutes for a new API key to become active on OCI. If you attempt to create your Cloud Service Provider account before the API key is active, it will fail with the following error:  Failed to validate Access Credentials OCI returned error: Client is unauthorized. null

Please wait a few minutes before you attempt to recreate your Cloud Service Provider account. For more information, see Adding a Cloud Service Provider Account for OCI .

  1. Log into the Cryptographic Security Platform Vault for Cloud Keys webGUI using an account with Cloud Admin privileges.
  2. In the top menu bar, click CloudKeys.
  3. Click the CSP Accounts tab and select Actions > Add Cloud Service Provider Account.
  4. On the Details tab of the Add CSP dialog box, enter the account details.

    Field Description
    Name The name you want to use for the Cloud Service Provider Account.
    Description An optional description of the Cloud Service Provider Account.

    Admin Group

    Select the Admin Group that you want to use for the account.

    Type

    Select OCI.

    OCI User ID

    Copy the user information (everything after 'user=') from the configuration file preview.

    OCI Tenancy ID

    Copy the tenancy information (everything after 'tenancy=') from the configuration file preview.

    OCI Region

    Copy the region information (everything after 'region=') from the configuration file preview.

    OCI API Key Fingerprint

    Copy the fingerprint information (everything after 'fingerprint=') from the configuration file preview.

    OCI API Key Content

    Click Load File to upload the key file that you generated.

    OCI API Key Passphrase

    If you generated an RSA Key Pair with a passphrase, enter the passphrase here.

    OCI Storage Bucket

    If you are using a virtual private vault, enter the bucket name. This is where backups of HSM-protected keys in a virtual private vault will be stored. If you have a virtual private vault, imported keys will not be stored in the Cryptographic Security Platform Vault for Cloud Keys.

    OCI Storage Namespace

    If you are using a virtual private vault, enter the namespace of the storage bucket.

  5. Click Continue.

  6. On the Schedule tab, determine the rotation schedule. This can be one of the following: 

    • Never—The api keys will never be rotated.

    • Every x days—The api keys will be rotated on a daily basis. The minimum is 1 day and the maximum is 540 days.
    • Every x weeks—The api keys will be rotated on a weekly basis. The minimum is 1 week and the maximum is 72 weeks.
    • Every x months—The api keys will be rotated on a monthly basis. The minimum is 1 month and the maximum is 18 months.
    • Every x years—The api keys will be rotated on a yearly basis. The minimum is 1 year and the maximum is 1 year.
  7. Click Add.