Using FIPS-validated Libraries¶
The SDK can be configured to use FIPS-validated libcrypto library. You can set it programmatically on a per session basis or persistently across the environment. Both approaches require the path to the libcrypto library on your system.
Enabling FIPS Mode Programmatically¶
To configure the SDK to use a FIPS-validated libcrypto library, execute the following:
oci.fips.enable_fips_mode('</path/to/libcrypto.x.x.x>')
Setting the Environment Variables¶
If you do not want to run enable_fips_mode()
for every session, you can set an environment variable so that the SDK uses the library every time.
Set the one of the following environment variables to the path to the libcrypto library, listed according to priority:
- FIPS_LIBCRYPTO_PATH
- OCI_PYTHON_SDK_FIPS_LIBCRYPTO_PATH
Verifying the Configuration¶
To verify that the SDK is using the libcrypto library that you specified, execute the following:
oci.fips.is_fips_mode()
This should return True, indicating that the SDK is using the library specified by the environment variable.