oci_customer_secret_key – Create, update and delete Customer Secret Keys for the specified user in OCI

New in version 2.5.

Synopsis

  • This module allows the user to create, update and delete Customer Secret Keys in OCI. A CustomerSecretKey is an Oracle-provided key for using the Object Storage Service’s Amazon S3 compatible API. A user can have up to two secret keys at a time. Note: The secret key is always an Oracle-generated string; you can’t change it to a string of your choice.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_OCID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
customer_secret_key_id
-
The OCID of the Customer Secret Key. Required when the secret keys's description needs to be updated with state=present and for deleting a secret key with state=absent

aliases: id
display_name
-
The display name you assign to the secret key. Does not have to be unique, and it's changeable. Required when creating a customer secret key. The length of the description must be between 1 and 200 characters.

aliases: name
force_create
boolean
    Choices:
  • no ←
  • yes
Whether to attempt non-idempotent creation of a resource. By default, create resource is an idempotent operation, and doesn't create the resource if it already exists. Setting this option to true, forcefully creates a copy of the resource, even if it already exists.This option is mutually exclusive with key_by.
key_by
list
The list of comma-separated attributes of this resource which should be used to uniquely identify an instance of the resource. By default, all the attributes of a resource except freeform_tags are used to uniquely identify a resource.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
state
-
    Choices:
  • present ←
  • absent
The state of the customer secret key that must be asserted to. When state=present, and the secret key doesn't exist, the secret key is created. When state=absent, the secret key is deleted.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
user_id
- / required
The OCID of the user.

Examples

- name: Create a new customer secret key
  oci_customer_secret_key:
    user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
    name: "my first customer secret key"

- name: Update a customer secret key's display name
  oci_customer_secret_key:
    id: "ocid1.credential.oc1..xxxxxEXAMPLExxxxx"
    user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
    name: "customer secret key #1"

- name: Delete a customer secret key
  oci_customer_secret_key:
    id: "ocid1.credential.oc1..xxxxxEXAMPLExxxxx"
    user_id: "ocid1.user.oc1..xxxxxEXAMPLExxxxx"
    state: "absent"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
oci_customer_secret_key
dictionary
On success
Details of the Customer Secret Key. The "key" attribute is returned only during creation of the customer secret key.

Sample:
{'lifecycle_state': 'ACTIVE', 'inactive_status': 'None', 'display_name': 'My first customer secret key description 900', 'time_created': '2018-01-08T05:20:23.353000+00:00', 'key': 'wtUboLOGc3p8t0LG6d/wVJF+fwj0R700bW87LK41+kU=', 'user_id': 'ocid1.user.oc1..xxxxxEXAMPLExxxxx', 'time_expires': 'None', 'id': 'ocid1.credential.oc1..xxxxxEXAMPLExxxxx'}


Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]
  • This module is maintained by the Ansible Community. [community]

Authors

  • Sivakumar Thyagarajan (@sivakumart)

Hint

If you notice any issues in this documentation you can edit this document to improve it.