steampipe plugin install oci

Table: oci_identity_db_credential - Query OCI Identity DB Credential using SQL

Oracle Cloud Infrastructure's Identity and Access Management (IAM) service lets you control who has access to your cloud resources. Identity DB credentials refer to the authentication details used to access Oracle databases securely within the Oracle Cloud Infrastructure.

Table Usage Guide

The oci_identity_db_credential table provides insights into users within OCI Identity and Access Management (IAM). As a security administrator, explore user-specific DB credential details through this table, including user ID, name, description, and associated metadata. Utilize it to uncover information about DB credential, such as their state, time of creation, time of expiration, and tenant ID.

Examples

Basic info

Discover the segments that highlight DB credential details. This allows for better management and oversight of DB credential lifecycle state create time, expire time.

select
id,
user_id,
description,
time_created,
lifecycle_state,
time_expires
from
oci_identity_db_credential;
select
id,
user_id,
description,
time_created,
lifecycle_state,
time_expires
from
oci_identity_db_credential;

List Oracle Identity Cloud Service(IDCS) users

Explore which users in the Oracle Identity Cloud Service have multi-factor authentication activated. This is beneficial to ensure security protocols are being followed within your organization.

select
c.id as db_credential_id,
u.user_type,
u.is_mfa_activated,
u.email
from
oci_identity_db_credential as c,
oci_identity_user as u
where
c.user_id = u.id
and user_type = 'IDCS;
select
c.id as db_credential_id,
u.user_type,
u.is_mfa_activated,
u.email
from
oci_identity_db_credential as c
join oci_identity_user as u on c.user_id = u.id
where
u.user_type = 'IDCS';

List credentials that are set to expire within the next 10 days

Useful for system administrators, security teams, and compliance officers in managing and maintaining the health and security of their OCI (Oracle Cloud Infrastructure) environment.

select
id,
user_id,
time_created,
time_expires
from
oci_identity_db_credential
where
time_expires >= now() - interval '10' day;
select
id,
user_id,
time_created,
time_expires
from
oci_identity_db_credential
where
time_expires >= datetime('now', '-10 days');

Schema for oci_identity_db_credential

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
descriptiontextThe description you assign to the DB credential. Does not have to be unique, and it's changeable.
idtext=The OCID of the DB credential.
lifecycle_statetext=The credential's current state.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneDate and time the DbCredential object was created, in the format defined by RFC3339.
time_expirestimestamp with time zoneDate and time when this credential will expire, in the format defined by RFC3339.
titletextTitle of the resource.
user_idtext=The OCID of the user the DB credential belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_db_credential