OCI-002 Oracle Cloud Infrastructure (OCI)

Customer secret keys / API keys are rotated regularly (<=90 days).

Customer secret keys / API keys are rotated regularly (<=90 days).

Domain
Oracle Cloud Infrastructure (OCI)
Area
IAM
Automated / manual
Automated

Risk if it fails

Stale keys are leaked and reused.

Old API keys end up in scripts and repos. An attacker who finds one can call the cloud as that user because the key was never retired.

How Tess tests it

1 test — each concludes only on cited evidence.

Customer secret keys / API keys are rotated regularly (<=90 days).

Automated
Procedure
List API keys per user and review time-created against policy.

Read-only command 

for u in $(oci iam user list --all --query 'data[].id' --raw-output); do oci iam user api-key list --user-id $u --query 'data[].{fp:fingerprint,created:"time-created"}'; done

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal. OCI-005 IAM policies follow least privilege (no broad 'manage all-resources').

Want Tess to test OCI-002 against your evidence?

Book a demo