Creating an Access Key

You can create an access key for your account. Access keys enable you to sign your API requests. At the creation of an access key, its state is automatically set to ACTIVE, enabling it to sign requests.

When using the API, you need to get one of the access keys already created for your account from Cockpit to sign your request. For more information, see Getting Information About Your Access Keys.

Creating an Access Key Using Cockpit v2

  1. In the top right corner, click your initials.
    A drop-down menu appears.

  2. Click IconUserKey Access Keys.
    The PASSWORD CONFIRMATION dialog box appears.

  3. Enter your current password and click Submit.
    The list of your access keys appears.

  4. Click IconAddFull Create.
    The GENERATE AN ACCESS KEY dialog box appears.

  5. (optional) Set an expiration date.

    As a good practice, it is recommended to set an expiration date and renew your access key regularly.

  6. Click Generate.
    The access key is created.

  7. Click IconCopy to copy the secret key, or click IconImport Download to download a file containing the secret key.

    For security reasons, the secret key is only available when creating the access key. Save it carefully as you will not be able to retrieve it later.

Creating an Access Key Using OSC CLI

The CreateAccessKey command creates an access key for either your root account or an EIM user. The new key is automatically set to ACTIVE.

For more information, see About Access Keys.

Request sample: Example with access key/secret key authentication
$ osc-cli api CreateAccessKey --profile "default" \
    --ExpirationDate "2063-04-05"
Request sample: Example with login/password authentication
$ osc-cli api CreateAccessKey --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
    --ExpirationDate "2063-04-05"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • ExpirationDate: (optional) The date and time, or the date, at which you want the access key to expire, in ISO 8601 format (for example, 2020-06-14T00:00:00.000Z, or 2020-06-14). To remove an existing expiration date, use the method without specifying this parameter.

  • UserName: (optional) The name of the EIM user that owns the key to be created. If you do not specify a user name, this action creates an access key for the user who sends the request (which can be the root account).

The CreateAccessKey command returns the following elements:

  • AccessKey: Information about the access key.

  • ResponseContext: Information about the context of the response.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "AccessKey": {
    "State": "ACTIVE",
    "AccessKeyId": "ABCDEFGHIJ0123456789",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "ExpirationDate": "2063-04-05T00:00:00.000+0000",
    "SecretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000"
  }
}

Related Pages

Corresponding API Methods