Creating an API Signing Key Pair

To use the cloud integration features of , you must generate an API signing key pair that is used for API requests to .

Your API requests are signed with your private key, and uses the public key to verify the authenticity of the request. You must upload the public key to the Console.

This key pair is not the same SSH key that you use to access compute instances on .

  1. (Optional) Create a .oci directory to store the key pair. 

    $ mkdir ~/.oci

    The key pair is usually installed in the .oci folder in your home directory. For example, ~/.oci on a Linux system.

  2. Generate the private key.

    Use the openssl command.

    • To generate a private key with a passphrase: 

      $ openssl genrsa -out ~/.oci/oci_api_key.pem -aes128 2048

    • To generate a private key without a passphrase: 

      $ openssl genrsa -out ~/.oci/oci_api_key.pem 2048

  3. Change permissions for the private key. 

    $ chmod 600 ~/.oci/oci_api_key.pem

    Generate the public key. 

    $ openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem