Creating an Access Key

You can create an access key for your account. Access keys enable you to sign your API requests. At the creation of an access key, its state is automatically set to ACTIVE, enabling it to sign requests.

When using the API, you need to get one of the access keys already created for your account from Cockpit to sign your request. For more information, see Getting Information About Your Access Keys.

Creating an Access Key Using Cockpit v2

In the top right corner, click the icon.
A drop-down menu appears.
Click Access Keys.
The list of your access keys appears.
Click Create Access Key.
The CREATE ACCESS KEY dialog box appears.
(optional) Set an expiration date.

As a good practice, it is recommended to set an expiration date and renew your access key regularly.
Click Create.
The access key is created.
Click to copy the access key or the secret key, or click Download to download a file containing the secret key.

For security reasons, the secret key is only available when creating the access key. Save it carefully as you will not be able to retrieve it later.

Creating an Access Key Using OSC CLI

The CreateAccessKey command creates an access key for either your root account or an EIM user. The new key is automatically set to ACTIVE.

For more information, see About Access Keys.

Request sample: Example with access key/secret key authentication

$ osc-cli api CreateAccessKey --profile "default" \
    --ExpirationDate "2063-04-05" \
    --Tag "Group1" \
    --UserName "example-user"

Request sample: Example with login/password authentication

$ osc-cli api CreateAccessKey --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
    --ExpirationDate "2063-04-05" \
    --Tag "Group1" \
    --UserName "example-user"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
ExpirationDate: (optional) The date and time, or the date, at which you want the access key to expire, in ISO 8601 format (for example, 2020-06-14T00:00:00.000Z, or 2020-06-14). To remove an existing expiration date, use the method without specifying this parameter.
Tag: (optional) A tag to add to the access key.
UserName: (optional) The name of the EIM user that owns the key to be created. If you do not specify a user name, this action creates an access key for the user who sends the request (which can be the root account).

The CreateAccessKey command returns the following elements:

AccessKey: Information about the access key.
- AccessKeyId: The ID of the access key.
- CreationDate: The date and time (UTC) at which the access key was created.
- ExpirationDate: The date and time (UTC) at which the access key expires.
- LastModificationDate: The date and time (UTC) at which the access key was last modified.
- SecretKey: The secret key that enables you to send requests.
- State: The state of the access key (ACTIVE if the key is valid for API calls, or INACTIVE if not).
- Tag: A tag added to the access key.
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "AccessKey": {
    "State": "ACTIVE",
    "AccessKeyId": "ABCDEFGHIJ0123456789",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "ExpirationDate": "2063-04-05T00:00:00.000+0000",
    "SecretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000",
    "Tag": "Group1"
  }
}

Creating an Access Key Using oapi-cli