How to generate an API Signing Key?

How to generate an API Signing Key?

This article explains the procedure for manually generating the API Signing Key. If you find any discrepancies or feel the below information is outdated, please refer to the official documentation.

ℹ️ Note: Refer the official documentation to Add API signing key via Oracle Cloud Console.

For manual steps, follow the instructions below using external tools like OpenSSL and Git Bash.
Linux and Mac OS X

Use the following OpenSSL commands to generate the key pair in the required PEM format.

Step 1: Create the .oci Directory

If you haven't already, create an .oci directory to store the credentials:

mkdir ~/.oci

Step 2: Generate the Private Key

Generate the private key with one of the following commands:

To generate the key, encrypted with a passphrase you provide when prompted:

⚠️

Oracle cloud recommend that you use a passphrase for your key.

openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048

To generate the key with no passphrase:

openssl genrsa -out ~/.oci/oci_api_key.pem 2048

Step 3: Change File Permissions

For security reasons, it is critical to ensure that only you can read/write the private key file. To enable the same, use the following command:

chmod go-rwx ~/.oci/oci_api_key.pem

Step 4: Generate the Public Key

Generate the public key from your new private key:

openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

Step 5: Copy the Public Key

Copy the contents of the public key to the clipboard using pbcopy, xclip, or a similar tool (you'll need to paste the value into the Console later). For example:

cat ~/.oci/oci_api_key_public.pem | pbcopy

Your API requests will be signed with your private key, and Oracle will use the public key to verify the authenticity of the request. The public key must be uploaded to IAM.

Windows

If you're using Windows, you'll need to install Git Bash for Windows before running the following commands.

ℹ️

Be sure to include the openssl binary in your Windows path. On default installations, the openssl.exe file can be found in:

C:\Program Files\Git\mingw64\bin

Use the following OpenSSL commands to generate the key pair in the required PEM format.

Step 1: Create the .oci Directory

If you haven't already, create a .oci directory to store the credentials. For example:

mkdir %HOMEDRIVE%%HOMEPATH%\.oci

Step 2: Generate the Private Key

Generate the private key with one of the following commands:

To generate the key that is encrypted with a passphrase you provide when prompted:

⚠️

Oracle cloud recommend that you use a passphrase for your key.

openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -aes128 -passout stdin 2048

To generate the key with no passphrase:

openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem 2048

Step 3: Generate the Public Key

Generate the public key from your new private key:

openssl rsa -pubout -in %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key_public.pem

Step 4: Copy the Public Key

Copy the contents of the public key to the clipboard (you'll need to paste the value into the Console later). For example:

type \.oci\oci_api_key_public.pem

Your API requests will be signed with your private key, and Oracle will use the public key to verify the authenticity of the request. The public key must be uploaded to IAM.


Related Articles
  1. Where to get the Tenancy's OCID and User's OCID?
  2. How to get the Key's Fingerprint?

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to set the PHP path during agent installation?

                      This is only applicable to the agent versions 4.2 and above. For Linux Step 1: Download the installation script. wget -O InstallAgentPHP.zip https://www.manageengine.com/products/applications_manager/54974026/InstallDataExporter.zip && unzip ...
                    • Add Amazon Monitor with Required IAM Permissions

                      This article explains how to add Amazon monitors using only the required APIs (Custom IAM Policy - second method ↓) Methods to Configure IAM Permissions for Amazon Monitoring Read Only Access (AWS Managed Policy - Recommended) This predefined policy ...
                    • Troubleshooting Steps for Tomcat Upgrade Failure

                      Verify Folder Existence Check if the ApplicationsManager/working/apache/tomcat_9_new folder exists. If it does, please delete this folder. Download and Extract Tomcat Use the appropriate version-specific ZIP based on your APM version: For APM ...