steampipe plugin install oci

Table: oci_identity_customer_secret_key - Query OCI Identity Customer Secret Keys using SQL

The Oracle Cloud Infrastructure (OCI) Identity service includes resources that help with the management of identity and access control. One such resource is a Customer Secret Key, which is used for Amazon S3 compatible APIs. These keys enable users to interact with object storage services using tools and libraries that are compatible with S3.

Table Usage Guide

The oci_identity_customer_secret_key table offers insights into the customer secret keys within OCI Identity. As a security analyst, you can explore details about these keys through this table, such as their access keys, associated user IDs, and states. This can be particularly useful for auditing purposes, allowing you to track key usage, identify keys associated with specific users, and monitor the lifecycle states of keys.

Examples

Basic info

Explore which customer secret keys have been created in your Oracle Cloud Infrastructure account and when they were created. This can help you manage access to your resources and track account activity over time.

select
id,
display_name,
user_id,
user_name,
time_created
from
oci_identity_customer_secret_key;
select
id,
display_name,
user_id,
user_name,
time_created
from
oci_identity_customer_secret_key;

List inactive customer secret keys

Discover the segments that contain inactive customer secret keys to manage access control and enhance security measures. This helps in identifying potential security risks and taking appropriate action.

select
id,
display_name,
user_id,
user_name,
lifecycle_state,
time_created
from
oci_identity_customer_secret_key
where
lifecycle_state = 'INACTIVE';
select
id,
display_name,
user_id,
user_name,
lifecycle_state,
time_created
from
oci_identity_customer_secret_key
where
lifecycle_state = 'INACTIVE';

Count customer secret keys by user

Gain insights into how many secret keys each user has. This query is useful for security audits, ensuring users don't have an excessive number of keys which could increase potential security risks.

select
user_id,
count (id) as customer_secret_key_count
from
oci_identity_customer_secret_key
group by
user_id;
select
user_id,
count (id) as customer_secret_key_count
from
oci_identity_customer_secret_key
group by
user_id;

Schema for oci_identity_customer_secret_key

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
display_nametextThe displayName you assign to the secret key.
idtextThe OCID of the secret key.
inactive_statusbigintThe detailed status of INACTIVE lifecycleState.
lifecycle_statetextThe secret key's current state.
tenant_idtextThe OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the CustomerSecretKey object was created.
time_expirestimestamp with time zoneDate and time when this password will expire.
titletextTitle of the resource.
user_idtextThe OCID of the user the password belongs to.
user_nametextThe name of the user the password belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_customer_secret_key