Table: oci_identity_customer_secret_key - Query OCI Identity Customer Secret Keys using SQL

The Oracle Cloud Infrastructure (OCI) Identity service includes resources that help with the management of identity and access control. One such resource is a Customer Secret Key, which is used for Amazon S3 compatible APIs. These keys enable users to interact with object storage services using tools and libraries that are compatible with S3.

Table Usage Guide

The oci_identity_customer_secret_key table offers insights into the customer secret keys within OCI Identity. As a security analyst, you can explore details about these keys through this table, such as their access keys, associated user IDs, and states. This can be particularly useful for auditing purposes, allowing you to track key usage, identify keys associated with specific users, and monitor the lifecycle states of keys.

Examples

Basic info

Explore which customer secret keys have been created in your Oracle Cloud Infrastructure account and when they were created. This can help you manage access to your resources and track account activity over time.

select
  id,
  display_name,
  user_id,
  user_name,
  time_created
from
  oci_identity_customer_secret_key;

select
  id,
  display_name,
  user_id,
  user_name,
  time_created
from
  oci_identity_customer_secret_key;

List inactive customer secret keys

Discover the segments that contain inactive customer secret keys to manage access control and enhance security measures. This helps in identifying potential security risks and taking appropriate action.

select
  id,
  display_name,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_customer_secret_key
where
  lifecycle_state = 'INACTIVE';

select
  id,
  display_name,
  user_id,
  user_name,
  lifecycle_state,
  time_created
from
  oci_identity_customer_secret_key
where
  lifecycle_state = 'INACTIVE';

Count customer secret keys by user

Gain insights into how many secret keys each user has. This query is useful for security audits, ensuring users don't have an excessive number of keys which could increase potential security risks.

select
  user_id,
  count (id) as customer_secret_key_count
from
  oci_identity_customer_secret_key
group by
  user_id;

select
  user_id,
  count (id) as customer_secret_key_count
from
  oci_identity_customer_secret_key
group by
  user_id;

Query examples

Control examples

Schema for oci_identity_customer_secret_key

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
display_name	text		The displayName you assign to the secret key.
id	text		The OCID of the secret key.
inactive_status	bigint		The detailed status of INACTIVE lifecycleState.
lifecycle_state	text		The secret key's current state.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tenant_id	text	=, !=, ~~, ~~, !~~, !~~	The OCID of the Tenant in which the resource is located.
tenant_name	text		The name of the Tenant in which the resource is located.
time_created	timestamp with time zone		Date and time the CustomerSecretKey object was created.
time_expires	timestamp with time zone		Date and time when this password will expire.
title	text		Title of the resource.
user_id	text		The OCID of the user the password belongs to.
user_name	text		The name of the user the password belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_customer_secret_key