Oracle Cloud Infrastructure
Oracle Cloud Infrastructure connections to the CipherTrust Manager can be configured using the following:
Managing Oracle Cloud Infrastructure Connections using GUI
Note
The CipherTrust Manager should be reachable over a static IP address from OCI when creating a connection to your OCI account for Oracle External resources. This static IP address of the CipherTrust Manager must be added to the SAN field of the web server certificate.
Use Oracle FastConnect to connect the CipherTrust Manager to the OCI to minimize network latency.
To configure an Oracle Cloud Infrastructure connection:
Tenancy OCID: OCID of the tenancy.
User OCID: OCID of the user.
Region: An Oracle Cloud Infrastructure region.
Fingerprint: Fingerprint of the public key added to this user.
Key File: Private key file for the Oracle Cloud Infrastructure connection in the PEM format. Either upload the key file or paste the file content.
File Upload: Select and click Upload Certificate to upload the key file from your machine.
Text: Select and paste the certificate content in the text field.
Passphrase: Passphrase of the encrypted key file.
Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.
Click Next to move to the Add Products screen of the Add Connection wizard.
Note
Currently, the only product supported for Oracle Cloud Infrastructure connection is Cloud Key Manager.
Managing Oracle Cloud Infrastructure Connections using ksctl
The following operations can be performed:
Create/Get/Update/Delete an Oracle Cloud Infrastructure connection
List all Oracle Cloud Infrastructure connections
Test an existing Oracle Cloud Infrastructure connection
Test parameters for an Oracle Cloud Infrastructure Connection
Creating an Oracle Cloud Infrastructure Connection
Note
The CipherTrust Manager should be reachable over a static IP address from OCI when creating a connection to your OCI account for Oracle External resources. This static IP address of the CipherTrust Manager must be added to the SAN field of the web server certificate.
Use Oracle FastConnect to connect the CipherTrust Manager to the OCI to minimize network latency.
To create an Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci create --name <connection-name> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file, pass_phrase-in-json-format>
Example Request
ksctl connectionmgmt oci create --name oci-connection --products cckm --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282327Z",
"updatedAt": "2022-01-19T04:32:15.488831158Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
conn-cred.json
{
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}
Getting Details of an Oracle Cloud Infrastructure Connection
To get details of an Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci get --id <connection-name/id>
Example Request
ksctl connectionmgmt oci get --id oci-connection
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:32:15.488831Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
Updating an Oracle Cloud Infrastructure Connection
To update an Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci modify --id <connection-name/id> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format> --meta <key:values>
Example Request
ksctl connectionmgmt oci modify --id oci-connection --user-ocid ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq
Example Response
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490282Z",
"updatedAt": "2022-01-19T04:40:36.311287549Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
Deleting an Oracle Cloud Infrastructure Connection
To delete an Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci delete --id <connection-name/id>
Example Request
ksctl connectionmgmt oci delete --id oci-connection
Example Response
There will be no response if Oracle Cloud Infrastructure Connection is deleted successfully.
Getting List of Oracle Cloud Infrastructure Connections
To list all the Oracle Cloud Infrastructure connections, run:
Syntax
ksctl connectionmgmt oci list
Example Request
ksctl connectionmgmt oci list
Example Response
{
"skip": 0,
"limit": 10,
"total": 1,
"resources": [
{
"id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2022-01-19T04:32:15.490836Z",
"updatedAt": "2022-01-19T04:40:36.312949Z",
"service": "oci",
"category": "cloud",
"last_connection_ok": null,
"last_connection_at": "0001-01-01T00:00:00Z",
"name": "oci-connection",
"products": [
"cckm"
],
"user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
"tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
"fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
"region": "ap-sydney-1"
}
]
}
Testing an Existing Oracle Cloud Infrastructure Connection
To test an existing Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci test --id <connection-name/id>
Example Request
ksctl connectionmgmt oci test --id oci-connection
Example Response
{
"connection_ok": true
}
Testing Parameters for an Oracle Cloud Infrastructure Connection
To test parameters for an Oracle Cloud Infrastructure connection, run:
Syntax
ksctl connectionmgmt oci test --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format>
Example Request
ksctl connectionmgmt oci test --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json
Example Response
{
"connection_ok": true
}
conn-cred.json
{
"key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
"pass_phrase": "password"
}
