Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI) connections to the CipherTrust Manager can be configured using the following:
Managing Oracle Cloud Infrastructure (OCI) Connections using GUI
Managing Oracle Cloud Infrastructure (OCI) Connections using ksctl
Managing Oracle Cloud Infrastructure (OCI) Connections using GUI
Note
The CipherTrust Manager should be reachable over a static IP address from OCI when creating a connection to your OCI account for Oracle External resources. This static IP address of the CipherTrust Manager must be added to the SAN field of the web server certificate.
Use Oracle FastConnect to connect the CipherTrust Manager to the OCI to minimize network latency.
To configure an OCI connection:
Tenancy OCID: OCID of the tenancy.
User OCID: OCID of the user.
Region: An Oracle Cloud Infrastructure region.
Fingerprint: Fingerprint of the public key added to this user.
Key File: Private key file for the OCI connection in the PEM format. Either upload the key file or paste the file content.
File Upload: Select and click Upload Certificate to upload the key file from your machine.
Text: Select and paste the certificate content in the text field.
Passphrase: Passphrase of the encrypted key file.
Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK
else the status is Fail
.
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
Currently, the only product supported for OCI connection is Cloud Key Manager.
Managing Oracle Cloud Infrastructure (OCI) Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an OCI connection
List all OCI connections
Test an existing OCI connection
Test parameters for an OCI Connection
Creating an OCI Connection
Note
The CipherTrust Manager should be reachable over a static IP address from OCI when creating a connection to your OCI account for Oracle External resources. This static IP address of the CipherTrust Manager must be added to the SAN field of the web server certificate.
Use Oracle FastConnect to connect the CipherTrust Manager to the OCI to minimize network latency.
To create an OCI connection, run:
Syntax
ksctl connectionmgmt oci create --name <connection-name> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file, pass_phrase-in-json-format>
Example Request
ksctl connectionmgmt oci create --name oci-connection --products cckm --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282327Z",
"updatedAt": "2022-01-19T04:32:15.488831158Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
conn-cred.json
{
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}
Getting Details of an OCI Connection
To get details of an OCI connection, run:
Syntax
ksctl connectionmgmt oci get --id <connection-name/id>
Example Request
ksctl connectionmgmt oci get --id oci-connection
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:32:15.488831Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
Updating an OCI Connection
To update an OCI connection, run:
Syntax
ksctl connectionmgmt oci modify --id <connection-name/id> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format> --meta <key:values>
Example Request
ksctl connectionmgmt oci modify --id oci-connection --user-ocid ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:40:36.311287549Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
Deleting an OCI Connection
To delete an OCI connection, run:
Syntax
ksctl connectionmgmt oci delete --id <connection-name/id>
Example Request
ksctl connectionmgmt oci delete --id oci-connection
Example Response
There will be no response if OCI Connection is deleted successfully.
Getting List of OCI Connections
To list all the OCI connections, run:
Syntax
ksctl connectionmgmt oci list
Example Request
ksctl connectionmgmt oci list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490836Z",
"updatedAt": "2022-01-19T04:40:36.312949Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
]
}
Testing an Existing OCI Connection
To test an existing OCI connection, run:
Syntax
ksctl connectionmgmt oci test --id <connection-name/id>
Example Request
ksctl connectionmgmt oci test --id oci-connection
Example Response
{
"connection_ok": true
}
Testing Parameters for an OCI Connection
To test parameters for an OCI connection, run:
Syntax
ksctl connectionmgmt oci test --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format>
Example Request
ksctl connectionmgmt oci test --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
Example Response
{
"connection_ok": true
}
conn-cred.json
{
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}