Claude-code-plugins oraclecloud-install-auth
install
source · Clone the upstream repo
git clone https://github.com/jeremylongshore/claude-code-plugins-plus-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/jeremylongshore/claude-code-plugins-plus-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/saas-packs/oraclecloud-pack/skills/oraclecloud-install-auth" ~/.claude/skills/jeremylongshore-claude-code-plugins-oraclecloud-install-auth && rm -rf "$T"
manifest:
plugins/saas-packs/oraclecloud-pack/skills/oraclecloud-install-auth/SKILL.mdsource content
Oracle Cloud Install & Auth
Overview
Configure API key authentication for Oracle Cloud Infrastructure (OCI). OCI auth requires a
~/.oci/configConfigFileNotFoundInvalidKeyFilePathPurpose: Produce a validated
~/.oci/configPrerequisites
- OCI account with an active tenancy — sign up at https://cloud.oracle.com
- Python 3.8+ (the OCI Python SDK is the most mature SDK)
- OpenSSL installed (for RSA key generation)
- Your user OCID (Profile > User Settings in the OCI Console) — format:
ocid1.user.oc1..aaaa... - Your tenancy OCID (Administration > Tenancy Details) — format:
ocid1.tenancy.oc1..aaaa... - Your home region (e.g.,
,us-ashburn-1
)eu-frankfurt-1
Instructions
Step 1: Install the OCI Python SDK and CLI
pip install oci oci-cli
Step 2: Generate an RSA Key Pair
mkdir -p ~/.oci openssl genrsa -out ~/.oci/oci_api_key.pem 2048 chmod 600 ~/.oci/oci_api_key.pem openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
Step 3: Get the Key Fingerprint
openssl rsa -pubout -outform DER -in ~/.oci/oci_api_key.pem | openssl md5 -c # Output: ab:cd:ef:12:34:56:78:90:ab:cd:ef:12:34:56:78:90
Step 4: Upload Public Key to OCI Console
Navigate to: Profile (top-right) > User Settings > API Keys > Add API Key > Paste Public Key
Paste the contents of
~/.oci/oci_api_key_public.pemStep 5: Create the Config File
cat > ~/.oci/config << 'EOF' [DEFAULT] user=ocid1.user.oc1..aaaa_YOUR_USER_OCID fingerprint=ab:cd:ef:12:34:56:78:90:ab:cd:ef:12:34:56:78:90 tenancy=ocid1.tenancy.oc1..aaaa_YOUR_TENANCY_OCID region=us-ashburn-1 key_file=~/.oci/oci_api_key.pem EOF chmod 600 ~/.oci/config
All five fields are required. The
key_file.pemStep 6: Verify with the Python SDK
import oci config = oci.config.from_file("~/.oci/config") oci.config.validate_config(config) identity = oci.identity.IdentityClient(config) user = identity.get_user(config["user"]).data print(f"Authenticated as: {user.name} ({user.email})") print(f"Tenancy: {config['tenancy']}") print(f"Region: {config['region']}")
Step 7: Verify with the OCI CLI
oci iam user get --user-id "$(grep ^user ~/.oci/config | cut -d= -f2)" \ --query 'data.name' --raw-output
Step 8: Config Validation Script
Save this as
validate_oci_config.pyimport oci import os def validate(): """Validate OCI config file and key access.""" config_path = os.path.expanduser("~/.oci/config") if not os.path.exists(config_path): raise FileNotFoundError(f"Config not found: {config_path}") config = oci.config.from_file(config_path) oci.config.validate_config(config) key_path = os.path.expanduser(config.get("key_file", "")) if not os.path.exists(key_path): raise FileNotFoundError(f"Private key not found: {key_path}") perms = oct(os.stat(key_path).st_mode)[-3:] if perms != "600": print(f"WARNING: Key file permissions are {perms}, should be 600") identity = oci.identity.IdentityClient(config) identity.get_user(config["user"]) print("Config is valid. Authentication successful.") validate()
Output
Successful completion produces:
- An RSA key pair at
(private) and~/.oci/oci_api_key.pem
(public)~/.oci/oci_api_key_public.pem - A validated
with all five required fields~/.oci/config - The public key uploaded to your OCI user profile with a matching fingerprint
- Confirmed API connectivity via either the Python SDK or OCI CLI
Error Handling
| Error | Code | Cause | Solution |
|---|---|---|---|
| NotAuthenticated | 401 | Wrong fingerprint or key mismatch | Verify fingerprint matches: |
| ConfigFileNotFound | — | Missing | Run |
| InvalidKeyFilePath | — | | Ensure |
| InvalidPrivateKey | — | Key file is the public key, not private | The private key starts with |
| NotAuthorizedOrNotFound | 404 | User OCID is wrong or IAM policy missing | Double-check user OCID in Console > Profile > User Settings |
| CERTIFICATE_VERIFY_FAILED | — | SSL cert issue behind corporate proxy | Set |
Examples
Quick auth test with curl (no SDK needed):
# Verify the OCI CLI can reach the API oci iam region list --output table
Multiple profiles for dev/staging/prod:
# ~/.oci/config [DEFAULT] user=ocid1.user.oc1..aaaa_PROD_USER tenancy=ocid1.tenancy.oc1..aaaa_PROD region=us-ashburn-1 fingerprint=ab:cd:... key_file=~/.oci/oci_api_key.pem [STAGING] user=ocid1.user.oc1..aaaa_STAGING_USER tenancy=ocid1.tenancy.oc1..aaaa_STAGING region=us-phoenix-1 fingerprint=12:34:... key_file=~/.oci/oci_api_key_staging.pem
# Load a specific profile config = oci.config.from_file("~/.oci/config", profile_name="STAGING")
Resources
- OCI API Key Authentication — key generation and config file format
- OCI Python SDK Reference — full API documentation
- OCI CLI Reference — command-line interface guide
- SDK Troubleshooting — common auth and connectivity issues
- OCI Console — web dashboard for key upload and OCID lookup
- Always Free Tier — free OCI resources for development
Next Steps
After authentication is working, proceed to
oraclecloud-hello-worldoraclecloud-common-errors