Using FIPS-validated Libraries¶
The SDK can be configured to use FIPS-validated libcrypto library. You can set it programmatically on a per session basis or persistently across the environment. Both approaches require the path to the libcrypto library on your system.
Enabling FIPS Mode Programmatically¶
To configure the SDK to use a FIPS-validated libcrypto library, execute the following:
oci.fips.enable_fips_mode('</path/to/libcrypto.x.x.x>')
Setting the Environment Variables¶
If you do not want to run enable_fips_mode()
for every session, you can set an environment variable so that the SDK uses the library every time.
Set the following environment variable to the path to the libcrypto library:
- FIPS_LIBCRYPTO_PATH
Verifying the Configuration¶
To verify that the SDK is using the libcrypto library that you specified, execute the following:
oci.fips.is_fips_mode()
This should return True, indicating that the SDK is using the library specified by the environment variable.