Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/oci
Overview
160Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install oci

Table: oci_identity_auth_token - Query OCI Identity Auth Tokens using SQL

An OCI Identity Auth Token is a feature within Oracle Cloud Infrastructure that allows you to manage and authenticate API requests in OCI services. It provides a secure way to authenticate requests made to OCI resources, including compute instances, databases, and storage services. OCI Identity Auth Tokens help you manage the security and integrity of your OCI resources by providing a means to authenticate requests without exposing your user credentials.

Table Usage Guide

The oci_identity_auth_token table provides insights into Auth Tokens within Oracle Cloud Infrastructure (OCI). As a Security Administrator, explore token-specific details through this table, including its status, description, and associated user details. Utilize it to uncover information about tokens, such as those that are inactive, the users associated with each token, and the lifecycle state of these tokens.

Examples

Basic info

Explore which authentication tokens have been created within your Oracle Cloud Infrastructure, along with their associated user details and creation timestamps. This can aid in understanding user activity and tracking token usage.

select
  id,
  user_id,
  user_name,
  time_created
from
  oci_identity_auth_token;
select
  id,
  user_id,
  user_name,
  time_created
from
  oci_identity_auth_token;

List inactive auth tokens

Explore which authentication tokens are inactive. This can help in identifying potential security risks, as inactive tokens can be a sign of unauthorized access or outdated user credentials.

select
  id,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_auth_token
where
  lifecycle_state = 'INACTIVE';
select
  id,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_auth_token
where
  lifecycle_state = 'INACTIVE';

Count the number of auth tokens by user

Analyze the settings to understand the distribution of authentication tokens across different users. This is useful to monitor user activity and ensure that no user is generating an excessive number of tokens, which could be a potential security risk.

select
  user_id,
  user_name,
  count (id) as auth_token_count
from
  oci_identity_auth_token
group by
  user_name,
  user_id;
select
  user_id,
  user_name,
  count (id) as auth_token_count
from
  oci_identity_auth_token
group by
  user_name,
  user_id;

List auth tokens older than 90 days

Explore which authentication tokens have been active for more than 90 days. This can be useful for identifying potential security risks and maintaining system integrity.

select
  id,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_auth_token
where
  time_created <= (current_date - interval '90' day)
order by
  time_created;
select
  id,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_auth_token
where
  time_created <= date('now', '-90 day')
order by
  time_created;

Query examples

Control examples

Schema for oci_identity_auth_token

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
descriptiontextThe description you assign to the auth token.
idtextThe OCID of the auth token.
inactive_statusbigintThe detailed status of INACTIVE lifecycleState.
lifecycle_statetextThe token's current state.
tenant_idtextThe OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the `AuthToken` object was created.
time_expirestimestamp with time zoneDate and time when this auth token will expire.
titletextTitle of the resource.
tokentextThe auth token. The value is available only in the response for `CreateAuthToken`, and not for `ListAuthTokens` or `UpdateAuthToken`.
user_idtext=The OCID of the user the auth token belongs to.
user_nametextThe name of the user the auth token belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_auth_token