Skip to main content

lacework-global-676

1.9 Ensure user customer secret keys rotate every 90 days (Automated)

Description

Object Storage provides an API to enable interoperability with Amazon S3. To use this Amazon S3 Compatibility API, you need to generate the signing key required to authenticate with Amazon S3. This special signing key is an Access Key/Secret Key pair. Oracle generates the Customer Secret key to pair with the Access Key.

Remediation

OCI Native IAM

From Console:

  1. Login to OCI Console.

  2. Select Identity from the Services menu.

  3. Select Users from the Identity menu.

  4. Click an individual user under the Name heading.

  5. Click Customer Secret Keys in the lower left-hand corner of the page.

  6. Delete any Access Keys with a date older than 90 days under the Created column of the Customer Secret Keys.

From CLI:

  1. Execute the following:

    oci iam customer-secret-key delete --user-id <user_ocid> --customer-secret-key-id <key_ocid>

  2. The following prompt appears:

    Are you sure you want to delete this resource? [y/N]

  3. Type 'y' and press 'Enter'.

References

https://docs.oracle.com/en-us/iaas/cloud-guard/using/detect-recipes.htm#detect-recipes-ref-config__SECRET_KEY_TOO_OLD

Last updated on