Skip to content

Oracle Cloud Infrastructure API Key

Service Name: Oracle Cloud Infrastructure

Service Description: Oracle Cloud Infrastructure (OCI) is Oracle's cloud computing platform that provides a wide range of cloud services including compute, storage, networking, databases, and more. It's designed to help businesses migrate, build, and run all their workloads in the cloud.

Service Address: https://www.oracle.com/cloud/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the network level using Network Security Groups and Security Lists.

Secret Access Scope: Grants programmatic access to Oracle Cloud Infrastructure resources and services based on the permissions assigned to the associated user.

Secret Revokement URL: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#Managing_API_Keys

Secret Example:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7bPbQZA1+4VEwXCEWFnD9hgGvKxl5Tk9Ec5XJn7cDw3VX7Fp...
-----END RSA PRIVATE KEY-----

Suspicious Activity Investigation Instructions:

  • Review OCI Audit logs for unusual API calls or resource access
  • Check for unauthorized compute instances, storage buckets, or database services
  • Monitor for unexpected changes to IAM policies, groups, or compartments
  • Look for unusual network traffic patterns or unexpected outbound data transfers
  • Verify if there are any unauthorized users or API keys added to your tenancy

Mitigation Instructions:

  • Log in to the Oracle Cloud Infrastructure Console
  • Navigate to Identity > Users > [Username] > API Keys
  • Locate the compromised API key and click Delete
  • Generate a new API key if needed
  • Review and update IAM policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for all users with console access
  • Consider implementing a key rotation policy for all API keys
  • Review network security groups and security lists to restrict access