Activating a Trusted Session

You can add an additional layer of security to your account, and all its EIM users, by activating a trusted session via the Trusted Env feature. For more information about this feature, see About Your API Access Policy > Trusted Session.

Activating a trusted session enables a root account to:

Require expiration dates for all the access keys of the root account and those of its EIM users. For more information, see About Access Keys.
Require multi-factor authentication (MFA) in Cockpit v2 for the root account and its EIM users through the WebAuthn method. For more information, see Setting Up MFA for Your Account Using WebAuthn or an OTP > WebAuthn.

To activate a trusted session, you must meet the following requirements:

All your access keys must have expiration dates.
All your API access rules must specify a CA.

Activating Trusted Env can only be done through the OUTSCALE API.

Activating a Trusted Session Using OSC CLI

Before you begin:

Set up OSC CLI. For more information, see Installing and Configuring OSC CLI.
Make sure all your access keys have an expiration date. For more information, see About Access Keys.
Make sure all your API access rules specify a CA. For more information, see About API Access Rules.

To activate a trusted session using OSC CLI, use the command UpdateApiAccessPolicy following this syntax:

Request sample

$ osc-cli api UpdateApiAccessPolicy
  --profile "default" \
  --MaxAccessKeyExpirationSeconds 1 \
  --RequireTrustedEnv True

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring OSC CLI. For more information, see the OSC CLI GitHub repository.

MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.

This value can go from 0 to 3153600000 (100 years), both included. However, when activating a trusted session, it must be greater than the remaining lifetime of each access key of your account, as it is required for access keys to have an expiration date.

RequireTrustedEnv: If True, a trusted session is activated.

The UpdateAccessKeyPolicy command returns the following elements:

ApiAccessPolicy: Information about your API access policy. This element contains the following information:
- MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds.
- RequireTrustedEnv: If true, a trusted session is activated.
ResponseContext: Information about the context of the response. This element contains the following information:
- RequestId: The ID of the request.

Result sample

{
  "ApiAccessPolicy": {
    "MaxAccessKeyExpirationSeconds": 1,
    "RequireTrustedEnv": true
  },
  "ResponseContext": {
    "RequestId": "string"
  }
}

You have activated a trusted session.

Related Pages

Corresponding API Method

UpdateAccessKeyPolicy (OUTSCALE API)