Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Generate RSA key pair in pem format, then add it as OCI API key to specified user using Terraform
Last update : March, 2020
Author: cetin.ardal
Description: Add OCI API key to specified user.
# OCI Home Region
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region
variable "tenancy_ocid" {}
variable "user_ocid" {}
variable "fingerprint" {}
variable "private_key_path" {}
variable "compartment_ocid" {}
variable "region" {}
variable "target_user" {
default = {
ocid = "<target_user_ocid>"
api_key = "/path/to/public-key.pem"
data "oci_identity_user" "target_user" {
user_id = var.target_user.ocid
resource "oci_identity_api_key" "target_user" {
key_value = file(var.target_user.api_key)
user_id = var.target_user.ocid
output "target_user" {
value = {
user =
ocid = oci_identity_api_key.target_user.user_id
key_fingerprint = oci_identity_api_key.target_user.fingerprint
# Last update : March, 2020
# Author: cetin.ardal
# Description: Generate RSA key pair in pem format.
openssl genrsa -out $KEY_NAME.pem 2048
chmod go-rwx $KEY_NAME.pem
openssl rsa -pubout -in $KEY_NAME.pem -out ${KEY_NAME}_public.pem
Last update : May, 2018
Author: cetin.ardal
Description: Assign value to Terraform variables.
Any variable for which you define a value needs to exist in the terraform configuration (ideally declared inside *
1. Edit variables values below to fit your environment
2. rename this file to "terraform.tfvars" (remove the .SAMPLE extension)
3. keep this file in the same folder as your terraform *.tf files
4. Add the renamed tfvars file to your .gitignore. Your team don't want you to share it and ruin their local repo.
5. Keep your RSA private key outside of your terraform work folder!
# Oracle Cloud Infrastructure (OCI) connection information
# Don't forget to update this section. Your future you will thank you.
Tenant name : <tenancy>
User name : <user>
Compartment : root/<compartment>
# See online documentation for information about how to populate the variables below
tenancy_ocid = "<my_tenant_ocid>"
user_ocid = "<my_user_ocid>"
fingerprint = "<my_api_key_fingerprint>"
private_key_path = "../path/to/private_key.pem"
compartment_ocid = "<my_compartment_ocid>"
region = "<my_region>"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment