Skip to content

Auth Config Profile

Jump to bottom
WebbinRoot edited this page Mar 9, 2026 · 1 revision

Auth: Config Profile (Auto)

Table of Contents

Overview

Config Profile (Auto) is best when you already maintain OCI CLI profiles and want OCISigner to reuse them directly.

  • If you come from AWS, think of this like reusing named profiles from a shared config file.

OCI stores profile data in ~/.oci/config by default. This auth type reads that profile and auto-detects whether it should sign with API key logic or session-token logic.

This page will:

  • Show how config profiles are structured.
  • Show how OCISigner uses Config File + Config Profile.
  • Demonstrate Test Credentials.
  • Demonstrate signing a normal request.

Setup and Retrieve Credentials

  1. Confirm your OCI config file exists and contains the profile you want to use. Review Auth: API Key and Auth: Security Token (Session) for instructions on how to generate credentials that populate these profiles.

Example profile shapes:

[DEFAULT]
user=ocid1.user.oc1..example
fingerprint=11:22:33:...
tenancy=ocid1.tenancy.oc1..example
region=us-phoenix-1
key_file=/home/<user>/.oci/oci_api_key.pem

[BURP_SESSION]
tenancy=ocid1.tenancy.oc1..example
fingerprint=aa:bb:cc:...
region=us-phoenix-1
key_file=/home/<user>/.oci/sessions/BURP_SESSION/oci_api_key.pem
security_token_file=/home/<user>/.oci/sessions/BURP_SESSION/token
  1. Note the key difference:
  • Profiles with security_token_file are treated as session-token backed.
  • Profiles without security_token_file are treated as API-key backed.

Plug Into OCISigner

  1. Choose Auth Type = Config Profile (Auto).
  2. Set Config File and Config Profile.
  3. Optionally set profile-level Region.
  4. Click Save.

Config Profile auth type and file/profile fields

Figure 1. Config Profile selected with config file and profile name fields populated.

Field Reference

Field Required Source
Region Optional profile-level fallback (used if selected config profile has no region)
Config File Yes usually ~/.oci/config
Config Profile Yes profile section name (for example, DEFAULT)

Run Test Credentials

  1. Click Test Credentials in the profile.
  2. OCISigner sends a signed probe request to the namespace endpoint and logs the result.
  3. Region resolution for this test uses:
    • profile region value from the selected OCI config profile first, then
    • Region from Config File only if the selected config profile does not define region.

Test Credentials action

Figure 2. Test Credentials action in the Config Profile workflow.

Credential test status

Figure 3. Test Credentials result summary in the profile panel.

Logger view of signed test request

Figure 4. Logger entry for the signed credential test request.

Sign a Request

  1. Confirm signing is enabled and the active profile is set correctly.

Global signing enabled with active profile

Figure 5. Global signing and active profile selection before traffic is sent.

  1. Send a request from Repeater or via Proxy.

Request before signing in Repeater

Figure 6. Repeater request before signature is applied.

  1. Confirm signature headers are added in Logger.

Signed request in Logger

Figure 7. Signed request visible in Logger.

Notes

  • If the selected profile contains security_token_file, OCISigner uses session-token provider logic. Otherwise, OCISigner uses API-key provider logic.
  • For Test Credentials, the selected OCI config profile region is used first; Region from Config File is fallback.
  • If you prefer entering credentials directly, use Auth: API Key or Auth: Security Token (Session).

OCISigner Wiki

Clone this wiki locally