Signing

oci.signer.load_private_key_from_file(filename, pass_phrase=None)
oci.signer.load_private_key(secret, pass_phrase)

Loads a private key that may use a pass_phrase.

Tries to correct or diagnose common errors:

  • provided pass_phrase but didn’t need one
  • provided a public key
class oci.signer.Signer(tenancy, user, fingerprint, private_key_file_location, pass_phrase=None, private_key_content=None)

A requests auth instance that can be reused across requests. This signer is intended to be used when signing requests for a given user and it requires that user’s ID, their private key and cerificate fingerprint.

The private key can be sourced from a file (private_key_file_location) or the PEM string can be provided directly (private_key_content).

The headers to be signed by this signer are not customizable.

You can manually sign calls by creating an instance of the signer, and providing it as the auth argument to Requests functions:

import requests
from oci import Signer

auth = Signer(...)
resp = requests.get("https://...", auth=auth)

Resource Principals Signer

On an instance that has Resource Principals enabled, a signer can be retrieved using oci.auth.signer.get_resource_principals_signer. The returned resource principals signer can then be used when initializing a client. If the instance is not configured for Resource Principals this call will raise an EnvironmentError exception.

resource_principals_signer = oci.auth.signer.get_resource_principals_signer()
# A populated config is not needed when using a Resource Principals signer
db_client = oci.database.DatabaseClient({}, signer=resource_principals_signer)

Additional Signers

X509 Certificate Retrievers

X509 Certificate Federation Client