Friday, October 4, 2024

OIC - Create Secret in OCI Vault to store your keys and access from OIC

Use Case:

In this section, we will demonstrate how to create a secret in Oracle Cloud Infrastructure (OCI) Vault for securely storing your keys. Additionally, we will outline the process for retrieving secret keys using the Secret OCI ID from the OCI Vault through Oracle Integration Cloud.

  • In Oracle Cloud Infrastructure (OCI) Vault, a "secret" refers to confidential and sensitive information securely stored within the vault. This can include database passwords, SSH keys, SSL certificates, API keys, and other credentials that require protection from unauthorized access.
  • OCI Vault enables effective management and control over these secrets within your Oracle Cloud environment. The service provides robust security features such as encryption at rest and in transit, access controls, auditing capabilities, and seamless integration with other OCI services.

Part1: Create secret in OCI Vault to store your keys.

Implementation steps:

  1. Create vault
  2. Create key
  3. Create secret
Detailed screenshots:












Part2: Get the keys from vault using OIC integrations.

Implementation steps:

  1. Create a Rest connection for the OCI vault using vault secret retrieval API, tenancy OCID, User OCID, Private Key with finger print and optional passphrase. Security policy as OCI Signature Version 1. Check this blog- how to get all the details: https://soalicious.blogspot.com/2022/09/oci-how-to-get-tenancy-ocid-user-ocid.html
  2. Create a rest trigger to get the secret key
    1. Resource url: /mydata/{secretId}
    2. Get method
    3. Query param: versionNumber
    4. Json response as {"Name":"","Value":""}
  3. Configure vault rest api invoke as below
    1. Resource uri: /20190301/secretbundles/{secretId}
    2. GET method
    3. Add versionNumber Query param
    4. Add json as response
    5. Map the trigger secrect id and version number.
  4. Map the content response to integration response. Use decodeBase64() function to decode the content.
Json response for oci vault api:

{
  "secretId": "",
  "timeCreated": "2021-08-30T05:33:13.530Z",
  "versionNumber": 1,
  "versionName": null,
  "secretBundleContent": {
    "contentType": "BASE64",
    "content": ""
  },
  "timeOfDeletion": null,
  "timeOfExpiry": null,
  "stages": ["CURRENT", "LATEST"],
  "metadata": null
}

Base URI Vault rest api formation:
https://secrets.vaults.<region>.oci.oraclecloud.com

Detailed steps with screenshots:

Step1: create a Vault Rest connection:


Step2: Create application integration to configure trigger







Step3: configure Rest vault api invoke





Step4: map the request payload of the invoke rest vault api.

Step5: map the vault response content(decoded) to integration response.


Reference:

https://medium.com/@bimands/create-secret-to-store-your-keys-and-access-from-oic-e23bf2613792

No comments:

Post a Comment

Featured Post

OIC - Oracle Integration-Bulk load into Oracle ATP OR Oracle ADW

Oracle Integration enhances its database adapters, including Oracle Autonomous Transaction Processing (ATP) and Autonomous Data Warehouse (A...