steampipe plugin install ocisteampipe plugin install oci

Table: oci_identity_db_credential - Query OCI Identity DB Credential using SQL

Oracle Cloud Infrastructure's Identity and Access Management (IAM) service lets you control who has access to your cloud resources. Identity DB credentials refer to the authentication details used to access Oracle databases securely within the Oracle Cloud Infrastructure.

Table Usage Guide

The oci_identity_db_credential table provides insights into users within OCI Identity and Access Management (IAM). As a security administrator, explore user-specific DB credential details through this table, including user ID, name, description, and associated metadata. Utilize it to uncover information about DB credential, such as their state, time of creation, time of expiration, and tenant ID.

Examples

Basic info

Discover the segments that highlight DB credential details. This allows for better management and oversight of DB credential lifecycle state create time, expire time.

select
  id,
  user_id,
  description,
  time_created,
  lifecycle_state,
  time_expires
from
  oci_identity_db_credential;

select
  id,
  user_id,
  description,
  time_created,
  lifecycle_state,
  time_expires
from
  oci_identity_db_credential;

List Oracle Identity Cloud Service(IDCS) users

Explore which users in the Oracle Identity Cloud Service have multi-factor authentication activated. This is beneficial to ensure security protocols are being followed within your organization.

select
  c.id as db_credential_id,
  u.user_type,
  u.is_mfa_activated,
  u.email
from
  oci_identity_db_credential as c,
  oci_identity_user as u
where
  c.user_id = u.id
  and user_type = 'IDCS;

select
  c.id as db_credential_id,
  u.user_type,
  u.is_mfa_activated,
  u.email
from
  oci_identity_db_credential as c
  join oci_identity_user as u on c.user_id = u.id
where
  u.user_type = 'IDCS';

List credentials that are set to expire within the next 10 days

Useful for system administrators, security teams, and compliance officers in managing and maintaining the health and security of their OCI (Oracle Cloud Infrastructure) environment.

select
  id,
  user_id,
  time_created,
  time_expires
from
  oci_identity_db_credential
where
  time_expires >= now() - interval '10' day;

select
  id,
  user_id,
  time_created,
  time_expires
from
  oci_identity_db_credential
where
  time_expires >= datetime('now', '-10 days');

Control examples

1.11 Ensure user IAM Database Passwords rotate within 90 days

Schema for oci_identity_db_credential

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
description	text		The description you assign to the DB credential. Does not have to be unique, and it's changeable.
id	text	=	The OCID of the DB credential.
lifecycle_state	text	=	The credential's current state.
tenant_id	text		The OCID of the Tenant in which the resource is located.
tenant_name	text		The name of the Tenant in which the resource is located.
time_created	timestamp with time zone		Date and time the DbCredential object was created, in the format defined by RFC3339.
time_expires	timestamp with time zone		Date and time when this credential will expire, in the format defined by RFC3339.
title	text		Title of the resource.
user_id	text	=	The OCID of the user the DB credential belongs to.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_identity_db_credential