Configuring the SDK, CLI, or Terraform

Learn about the Oracle Cloud Infrastructure Software Development Kits (SDKs) and Command Line Interface (CLI) which you can use to facilitate development of custom solutions.

For information about SDKs, see Software Development Kits and Command Line Interface

For the SDK for Java:

In your SDK for Java, create an InstancePrincipalsAuthenticationDetailsProvider object. For example:

public static void main(String[] args) throws Exception {

   InstancePrincipalsAuthenticationDetailsProvider provider =

      InstancePrincipalsAuthenticationDetailsProvider.builder().build();

   IdentityClient identityClient = new IdentityClient(provider);

...

For the SDK for Python:

In your SDK for Python, create an oci.auth.signers.InstancePrincipalsSecurityTokenSigner object. For example:

# By default this will hit the auth service in the region returned by http://169.254.169.254/opc/v1/instance/region on the instance.
			
signer = oci.auth.signers.InstancePrincipalsSecurityTokenSigner()
identity_client = oci.identity.IdentityClient(config={}, signer=signer)

...

To refresh the token without waiting, use the following command:

signer.refresh_security_token()

Enabling Instance Principal Authorization for the CLI

To enable instance principal authorization from the CLI, you can set the authorization option (--auth) for a command. For example:

oci os ns get --auth instance_principal

Alternatively, you can set the following environment variable:

OCI_CLI_AUTH=instance_principal

Note that if both are set, the value set for --auth takes precedence over the environment variable.

For information about using the CLI, see Working with the Command Line Interface.

Enabling Instance Principal Authorization for Terraform

To enable instance principal authorization in Terraform, you can set the auth attribute to "InstancePrincipal" in the provider definition as shown in the following sample:

variable "region" {}

provider "oci" {
   auth = "InstancePrincipal"  
   region = "${var.region}"

}

Note that when you use instance principal authorization you do not need to include the tenancy_ocid, user_ocid, fingerprint, and private_key_path attributes.