Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Connection Manager

Oracle Cloud Infrastructure (OCI)

search

Please Note:

Oracle Cloud Infrastructure (OCI)

Oracle Cloud Infrastructure (OCI) connections to the CipherTrust Manager can be configured using the following:

Managing Oracle Cloud Infrastructure (OCI) Connections using GUI

To configure an OCI connection:

  • Tenancy OCID: OCID of the tenancy.

  • User OCID: OCID of the user.

  • Region: An Oracle Cloud Infrastructure region.

  • Fingerprint: Fingerprint of the public key added to this user.

  • Key File: Private key file for the OCI connection in the PEM format. Either upload the key file or paste the file content.

    • File Upload: Select and click Upload Certificate to upload the key file from your machine.

    • Text: Select and paste the certificate content in the text field.

  • Passphrase: Passphrase of the encrypted key file.

Click Test Credentials to check whether the connection is configured correctly. If the test is successful, the status is OK else the status is Fail.

Click Next to move to the next step.

Currently, the only product supported for OCI connection is Cloud Key Manager.

Managing Oracle Cloud Infrastructure (OCI) Connections using ksctl

The following operations can be performed:

  • Create/Get/Update/Delete an OCI connection

  • List all OCI connections

  • Test an existing OCI connection

  • Test parameters for an OCI Connection

Creating an OCI Connection

To create an OCI connection, run:

Syntax

ksctl connectionmgmt oci create --name <connection-name> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file, pass_phrase-in-json-format>

Example Request

ksctl connectionmgmt oci create --name oci-connection --products cckm --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json

Example Response

{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282327Z",
    "updatedAt": "2022-01-19T04:32:15.488831158Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

conn-cred.json

{
    "key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
    "pass_phrase": "password"
}

Getting Details of an OCI Connection

To get details of an OCI connection, run:

Syntax

ksctl connectionmgmt oci get --id <connection-name/id>

Example Request

ksctl connectionmgmt oci get --id oci-connection

Example Response

{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282Z",
    "updatedAt": "2022-01-19T04:32:15.488831Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

Updating an OCI Connection

To update an OCI connection, run:

Syntax

ksctl connectionmgmt oci modify --id <connection-name/id> --products <product-names> --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format> --meta <key:values>

Example Request

ksctl connectionmgmt oci modify --id oci-connection --user-ocid ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq

Example Response

{
    "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
    "account": "kylo:kylo:admin:accounts:kylo",
    "createdAt": "2022-01-19T04:32:15.490282Z",
    "updatedAt": "2022-01-19T04:40:36.311287549Z",
    "service": "oci",
    "category": "cloud",
    "last_connection_ok": null,
    "last_connection_at": "0001-01-01T00:00:00Z",
    "name": "oci-connection",
    "products": [
        "cckm"
    ],
    "user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
    "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
    "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
    "region": "ap-sydney-1"
}

Deleting an OCI Connection

To delete an OCI connection, run:

Syntax

ksctl connectionmgmt oci delete --id <connection-name/id>

Example Request

ksctl connectionmgmt oci delete --id oci-connection

Example Response

There will be no response if OCI Connection is deleted successfully.

Getting List of OCI Connections

To list all the OCI connections, run:

Syntax

ksctl connectionmgmt oci list

Example Request

ksctl connectionmgmt oci list

Example Response

{
    "skip": 0,
    "limit": 10,
    "total": 1,
    "resources": [
        {
            "id": "666b4d8f-8dec-49c3-860d-33dd4a9cc355",
            "uri": "kylo:kylo:connectionmgmt:connections:oci-connection-666b4d8f-8dec-49c3-860d-33dd4a9cc355",
            "account": "kylo:kylo:admin:accounts:kylo",
            "createdAt": "2022-01-19T04:32:15.490836Z",
            "updatedAt": "2022-01-19T04:40:36.312949Z",
            "service": "oci",
            "category": "cloud",
            "last_connection_ok": null,
            "last_connection_at": "0001-01-01T00:00:00Z",
            "name": "oci-connection",
            "products": [
                "cckm"
            ],
            "user_ocid": "ocid2.user.oc2..asdaaaaktnch502jz4iat56kk7kqbzcevk45kugv0ienuujjhwcstmcfvbfq",
            "tenancy_ocid": "ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644",
            "fingerprint": "c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e",
            "region": "ap-sydney-1"
        }
    ]
}

Testing an Existing OCI Connection

To test an existing OCI connection, run:

Syntax

ksctl connectionmgmt oci test --id <connection-name/id>

Example Request

ksctl connectionmgmt oci test --id oci-connection

Example Response

{
    "connection_ok": true
}

Testing Parameters for an OCI Connection

To test parameters for an OCI connection, run:

Syntax

ksctl connectionmgmt oci test --user-ocid <user-ocid> --tenancy-ocid <tenancy-ocid> --oci-region <region> --fingerprint <fingerprint> --conn-creds <key_file,pass_phrase-in-json-format>

Example Request

ksctl connectionmgmt oci test --user-ocid ocid1.user.oc1..asdaaaaat2x4wy2jz4iat56kk7kqbzcevwyrasdty2bquujjhwcstmcfvbfq --tenancy-ocid ocid1.tenancy.oc1..7777aaaadixb52q2mvlsn634ql577776hb2vg7audpd4d4mcf5zluymff644 --oci-region ap-sydney-1 --fingerprint c4:a9:89:47:21:11:11:ac:c4:a9:89:47:21:31:9e --conn-creds conn-cred.json

Example Response

{
"connection_ok": true
}

conn-cred.json

{
    "key_file": "-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC+abfqs+wQOmoLnf4w1dRSty/6fLubJ/JfuBZVV+GMI//Oa/UT\n+s4ZNqn1fta42oN4uIKwsBdnJ4CaoHv5dX6phGirYh3PYTsC9azdW2wgJ/WCiin8\nkdGNfhPDirOe4TwpczkP870EEfDS/O3f78x1ubRuIpagzJQv2XTT8QYP+wIDAQAB\nAoGAERtuaqe/jbWx0VlgfQK5ELVkmhyavlXYcMEZQJGksfKKCQGqAyGFYr6Ghofe\nwrzfEvmAxF8NuzbRVxMUEFV+C5Uc3uh+sX9qwikfFszTjwJNACHADO3EhPKmMDK3\nkEtBH6edcKa4cJ91NHPJuDptiyUZdVH7WVzuKrjo4mzFkAECQQDp4fMwnjwyJPGk\nX0dU/0bA69hPCQK5MhVSvVD8fzp6usbeSA/EZSu5FPNfJT/9f/BVUZ3h0/2WqO1l\nuhUgnKU5AkEA0GtqDAmTRB5YzRMnmA/QGrCEBkBWdnkXKXZS3Svp19XHxF9AAQjq\nyU0YRNHXaxdowWc64tFy2cP4Z78fQ4ry0wJABNe93lrYaj1jl4C1jGgAwgvgHbrV\nCJql4GG1JJVJ07K8XWvmj618m0d4xpaR3aDhjBK1jzCBhrYWvE1/FH7J2QJAP5Jj\n+GP7TW3MPFE5ZIJ+QYXR325EcUKiM/1pbRj17OXCVz2OckJcCya+3k77XCj5xPRN\n291zIMVLwalkSd/aDQJBAJNbm0RQ4gjj710aEbjYnGZlKHtbPP6zD6J/Jiyo+mgZ\nrvr26CvjtflGi/a56QC6Kd8hSRjeM03yTOvqu9+1TWY=\n-----END RSA PRIVATE KEY-----",
    "pass_phrase": "password"
 }