steampipe plugin install oci

Table: oci_identity_api_key - Query OCI Identity API Keys using SQL

Oracle Cloud Infrastructure's Identity and Access Management (IAM) service lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources. This is achieved through the use of API Keys, which are used for authentication when making REST API calls to OCI services.

Table Usage Guide

The oci_identity_api_key table provides insights into API Keys within OCI Identity and Access Management (IAM). As a security analyst, explore key-specific details through this table, including its creation time, fingerprint, and associated user ID. Utilize it to uncover information about keys, such as those that are inactive, the users associated with each key, and the verification of key status.

Examples

Basic info

Explore which API keys have been created, by whom, and when, to gain insights into your organization's usage and security practices. This can help identify instances where keys may be outdated or potentially misused.

select
key_id,
key_value,
user_id,
user_name,
time_created,
fingerprint
from
oci_identity_api_key;
select
key_id,
key_value,
user_id,
user_name,
time_created,
fingerprint
from
oci_identity_api_key;

List inactive API keys

Explore which API keys are inactive to ensure your system's security by identifying any unused or potentially compromised keys. This will help maintain the integrity of your system by preventing unauthorized access.

select
key_id,
key_value,
user_id,
user_name,
time_created,
fingerprint
from
oci_identity_api_key;
where
lifecycle_state = 'INACTIVE';
select
key_id,
key_value,
user_id,
user_name,
time_created,
fingerprint
from
oci_identity_api_key
where
lifecycle_state = 'INACTIVE';

Count API keys by user

Gain insights into how many API keys each user possesses, which can help monitor user access and identify potential security risks.

select
user_id,
count (*) as api_key_count
from
oci_identity_api_key
group by
user_id;
select
user_id,
count (*) as api_key_count
from
oci_identity_api_key
group by
user_id;

Schema for oci_identity_api_key

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
fingerprinttextThe key's fingerprint.
inactive_statusbigintThe detailed status of INACTIVE lifecycleState.
key_idtextAn Oracle-assigned identifier for the key.
key_valuetextThe key's value.
lifecycle_statetextThe API key's current state.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the `ApiKey` object was created.
titletextTitle of the resource.
user_idtext=The OCID of the user the key belongs to.
user_nametextThe name of the user the key belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_api_key