Oracle Cloud Infrastructure API Key
Service Name: Oracle Cloud Infrastructure
Service Description: Oracle Cloud Infrastructure (OCI) is Oracle's cloud computing platform that provides a wide range of cloud services including compute, storage, networking, databases, and more. It's designed to help businesses migrate, build, and run all their workloads in the cloud.
Service Address: https://www.oracle.com/cloud/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the network level using Network Security Groups and Security Lists.
Secret Access Scope: Grants programmatic access to Oracle Cloud Infrastructure resources and services based on the permissions assigned to the associated user.
Secret Revokement URL: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#Managing_API_Keys
Secret Example:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7bPbQZA1+4VEwXCEWFnD9hgGvKxl5Tk9Ec5XJn7cDw3VX7Fp...
-----END RSA PRIVATE KEY-----
Suspicious Activity Investigation Instructions:
- Review OCI Audit logs for unusual API calls or resource access
- Check for unauthorized compute instances, storage buckets, or database services
- Monitor for unexpected changes to IAM policies, groups, or compartments
- Look for unusual network traffic patterns or unexpected outbound data transfers
- Verify if there are any unauthorized users or API keys added to your tenancy
Mitigation Instructions:
- Log in to the Oracle Cloud Infrastructure Console
- Navigate to Identity > Users > [Username] > API Keys
- Locate the compromised API key and click Delete
- Generate a new API key if needed
- Review and update IAM policies to enforce the Principle of Least Privilege.
- Enable multi-factor authentication for all users with console access
- Consider implementing a key rotation policy for all API keys
- Review network security groups and security lists to restrict access