This resource provides the Customer Secret Key resource in Oracle Cloud Infrastructure Identity service.
Creates a new secret key for the specified user. Secret keys are used for authentication with the Object Storage Service's Amazon S3 compatible API. The secret key consists of an Access Key/Secret Key pair. For information, see Managing User Credentials.
You must specify a description for the secret key (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateCustomerSecretKey.
Every user has permission to create a secret key for their own user ID. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create a secret key for any user, including themselves.
resource "oci_identity_customer_secret_key" "test_customer_secret_key" {
#Required
display_name = var.customer_secret_key_display_name
user_id = oci_identity_user.test_user.id
}
The following arguments are supported:
display_name
- (Required) (Updatable) The name you assign to the secret key during creation. Does not have to be unique, and it's changeable. user_id
- (Required) The OCID of the user.* IMPORTANT * Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
The following attributes are exported:
display_name
- The display name you assign to the secret key. Does not have to be unique, and it's changeable.id
- The access key portion of the key pair.inactive_state
- The detailed status of INACTIVE lifecycleState.key
- The secret key. state
- The secret key's current state.time_created
- Date and time the CustomerSecretKey
object was created, in the format defined by RFC3339. Example: 2016-08-25T21:10:29.600Z
time_expires
- Date and time when this password will expire, in the format defined by RFC3339. Null if it never expires. Example: 2016-08-25T21:10:29.600Z
user_id
- The OCID of the user the password belongs to.The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Customer Secret Key
* update
- (Defaults to 20 minutes), when updating the Customer Secret Key
* delete
- (Defaults to 20 minutes), when destroying the Customer Secret Key
CustomerSecretKeys can be imported using the id
, e.g.
$ terraform import oci_identity_customer_secret_key.test_customer_secret_key "users/{userId}/customerSecretKeys/{customerSecretKeyId}"