Skip to main content


User has API keys (Automated)


Alert when a user has API keys enabled. OCI access by administrators through API keys should only occur as an exception. Do not hard-code Identity and Access Management (IAM) credentials directly in software or documents to a wide audience. IAM API keys are credentials used to grant programmatic access to resources. Actual human users should not use API keys.


From Console:

  1. Login to OCI console.
  2. Select Identity from Services menu.
  3. Select Users from Identity menu, or select Domains, select a domain, and select Users.
  4. Select the username of a user with an API key.
  5. Select API Keys from the menu in the lower left-hand corner.
  6. Delete any associated keys from the API Keys table.
  7. Repeat steps 3-6 for all users with an API key.

From CLI:

  1. For each user with an API key, execute the following command to retrieve API key details:

    oci iam user api-key list --user-id <user_id>
  2. For each API key, execute the following command to delete the key:

    oci iam user api-key delete --user-id <user_id> --fingerprint <api_key_fingerprint>
  3. The following message displays:

    Are you sure you want to delete this resource? [y/N]:
  4. Type 'y' and press 'Enter'.