lacework-global-675
Ensure user API keys rotate every 90 days (Automated)
Description
Administrators, developers, services and scripts use API keys for accessing OCI APIs directly or via SDKs/OCI CLI to search, create, update or delete OCI resources. The API key is an RSA key pair, with a public key associated with a local or synchronized user's profile, and a private key that signs the API requests.
Remediation
From Console:
- Login to OCI Console.
- Select Identity & Security from the Services menu.
- Select Domains from the Identity menu.
- For each domain listed, click the name and select Users.
- Click an individual user under the Username heading.
- Click API Keys in the lower left-hand corner of the page.
- Delete any API Keys that are older than 90 days under the Created column of the API Key table.
From CLI:
oci iam user api-key delete --user-id <user_ocid> --fingerprint <fingerprint_of_the_key_to_be_deleted>