How to generate an API Signing Key?

How to generate an API Signing Key?

This article explains the procedure for manually generating the API Signing Key. If you find any discrepancies or feel the below information is outdated, please refer to the official documentation.

ℹ️ Note: Refer the official documentation to Add API signing key via Oracle Cloud Console.

For manual steps, follow the instructions below using external tools like OpenSSL and Git Bash.
Linux and Mac OS X

Use the following OpenSSL commands to generate the key pair in the required PEM format.

Step 1: Create the .oci Directory

If you haven't already, create an .oci directory to store the credentials:

mkdir ~/.oci

Step 2: Generate the Private Key

Generate the private key with one of the following commands:

To generate the key, encrypted with a passphrase you provide when prompted:

⚠️

Oracle cloud recommend that you use a passphrase for your key.

openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048

To generate the key with no passphrase:

openssl genrsa -out ~/.oci/oci_api_key.pem 2048

Step 3: Change File Permissions

For security reasons, it is critical to ensure that only you can read/write the private key file. To enable the same, use the following command:

chmod go-rwx ~/.oci/oci_api_key.pem

Step 4: Generate the Public Key

Generate the public key from your new private key:

openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem

Step 5: Copy the Public Key

Copy the contents of the public key to the clipboard using pbcopy, xclip, or a similar tool (you'll need to paste the value into the Console later). For example:

cat ~/.oci/oci_api_key_public.pem | pbcopy

Your API requests will be signed with your private key, and Oracle will use the public key to verify the authenticity of the request. The public key must be uploaded to IAM.

Windows

If you're using Windows, you'll need to install Git Bash for Windows before running the following commands.

ℹ️

Be sure to include the openssl binary in your Windows path. On default installations, the openssl.exe file can be found in:

C:\Program Files\Git\mingw64\bin

Use the following OpenSSL commands to generate the key pair in the required PEM format.

Step 1: Create the .oci Directory

If you haven't already, create a .oci directory to store the credentials. For example:

mkdir %HOMEDRIVE%%HOMEPATH%\.oci

Step 2: Generate the Private Key

Generate the private key with one of the following commands:

To generate the key that is encrypted with a passphrase you provide when prompted:

⚠️

Oracle cloud recommend that you use a passphrase for your key.

openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -aes128 -passout stdin 2048

To generate the key with no passphrase:

openssl genrsa -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem 2048

Step 3: Generate the Public Key

Generate the public key from your new private key:

openssl rsa -pubout -in %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem -out %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key_public.pem

Step 4: Copy the Public Key

Copy the contents of the public key to the clipboard (you'll need to paste the value into the Console later). For example:

type \.oci\oci_api_key_public.pem

Your API requests will be signed with your private key, and Oracle will use the public key to verify the authenticity of the request. The public key must be uploaded to IAM.


Related Articles
  1. Where to get the Tenancy's OCID and User's OCID?
  2. How to get the Key's Fingerprint?

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to get the Key's Fingerprint?

                      To generate key fingerprint, you need to upload the generated PEM public key in the Oracle cloud console. Follow the steps below to achieve the same: Open the Console, and sign in. View the details for the user who will be calling the API with the ...
                    • How can I generate SSH key for public key based authentication in server monitors?

                      To monitor a Unix server via Public Key Authentication in SSH mode, you need to generate a set of RSA or DSA key pairs. To generate RSA or DSA SSH key pairs: For windows, you can use a free tool like PuTTYgen. For Linux, you can use ssh-keygen ...
                    • How to change Applicaitons Manager EUM API Key in EUM Agent?

                      How to change Applications Manager API key through Agent settings page: Access the EUM Agent Settings page. Login to Agent Settings page by entering the EUM API key (You can find it in Applications Manager->Settings->Rest API->End User Monitoring). ...
                    • Convert Certificate and Key (Private) into a keystore file

                      When you have Certificate (.crt file) and Private key (.key file), which you want to convert into Keystore (.keystore file), please follow the below steps. Basic flow: <.crt file> ➕ <.key file> ➡️ <.p12 file> ➡️ <.keystore file> Step 1 - Convert ...
                    • REST API Monitor Troubleshooting Guide

                      Whether you're adding a new REST API monitor or troubleshooting an existing one, the following steps can help resolve common issues. Troubleshooting 4xx Error Codes (e.g., 401, 403) Check Request Configuration: Verify that the correct HTTP method ...