Activating a Trusted Session

You can add an additional layer of security to your account, and all its EIM users, by activating a trusted session via the Trusted Env feature. For more information about this feature, see About Your API Access Policy > Trusted Session.

Activating a trusted session enables a root account to:

To activate a trusted session, you must meet the following requirements:

  • All your access keys must have expiration dates.

  • All your API access rules must specify a CA.

Activating Trusted Env can only be done through the OUTSCALE API.

Activating a Trusted Session Using OSC CLI

Before you begin:

To activate a trusted session using OSC CLI, use the command UpdateApiAccessPolicy following this syntax:

Request sample
$ osc-cli api UpdateApiAccessPolicy \
  --profile "default" \
  --MaxAccessKeyExpirationSeconds 1 \
  --RequireTrustedEnv True

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring OSC CLI. For more information, see the OSC CLI GitHub repository.

  • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.

    This value can go from 0 to 3153600000 (100 years), both included. However, when activating a trusted session, it must be greater than the remaining lifetime of each access key of your account, as it is required for access keys to have an expiration date.

  • RequireTrustedEnv: If True, a trusted session is activated.

The UpdateAccessKeyPolicy command returns the following elements:

  • ApiAccessPolicy: Information about your API access policy. This element contains the following information:

    • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.

    • RequireTrustedEnv: If true, a trusted session is activated.

  • ResponseContext: Information about the context of the response. This element contains the following information:

    • RequestId: The ID of the request.

Result sample
{
  "ApiAccessPolicy": {
    "MaxAccessKeyExpirationSeconds": 1,
    "RequireTrustedEnv": true
  },
  "ResponseContext": {
    "RequestId": "string"
  }
}

You have activated a trusted session.

Activating a Trusted Session Using oapi-cli

Before you begin:

To activate a trusted session using oapi-cli, use the command UpdateApiAccessPolicy following this syntax:

Request sample
$ oapi-cli --profile "default" UpdateApiAccessPolicy \
  --MaxAccessKeyExpirationSeconds 1 \
  --RequireTrustedEnv True

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring oapi-cli. For more information, see the oapi-cli GitHub repository.

  • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.

    This value can go from 0 to 3153600000 (100 years), both included. However, when activating a trusted session, it must be greater than the remaining lifetime of each access key of your account, as it is required for access keys to have an expiration date.

  • RequireTrustedEnv: If True, a trusted session is activated.

The UpdateAccessKeyPolicy command returns the following elements:

  • ApiAccessPolicy: Information about your API access policy. This element contains the following information:

    • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.

    • RequireTrustedEnv: If true, a trusted session is activated.

  • ResponseContext: Information about the context of the response. This element contains the following information:

    • RequestId: The ID of the request.

Result sample
{
  "ApiAccessPolicy": {
    "MaxAccessKeyExpirationSeconds": 1,
    "RequireTrustedEnv": true
  },
  "ResponseContext": {
    "RequestId": "string"
  }
}

You have activated a trusted session.

Related Pages

Corresponding API Method