I am using OCI CLI and the goal is to create a secret and give it the contents xxx
I saw from some documentation that it mentions JSON files? But I think it's definitely possible, especially looking at https://medium.com/@cruepprich/oci-vault-secrets-14af1b101196 but I just don't know what I'm doing wrong. $jwt_token has a value and is stored as a JWT token. I get the same error if I don't interpolate the value.
oci vault secret create-base64 \
-c ___compartment_ocid___ \
--secret-name KONG_JWT_TOKEN \
--vault-id ___vault_ocid___ \
--key-id ___encryption_key_ocid____ \
--secret-content-content $jwt_token --debug
But this isn't working and is throwing some weird error which I don't understand.. (Removed OCID's from the debug output).
DEBUG:oci_cli.cli_metrics: 2024-02-21 01:44:01.531961: Metrics is not enabled
macOS-14.3-arm64-arm-64bit
System name: Darwin
System release : 23.3.0
System version: Darwin Kernel Version 23.3.0: Wed Dec 20 21:30:27 PST 2023; root:xnu-10002.81.5~7/RELEASE_ARM64_T8103
env OCI_PYTHON_SDK_NO_SERVICE_IMPORTS is set
DEBUG:oci_cli.cli_util:Config File: dict_keys(['log_requests', 'additional_user_agent', 'pass_phrase', 'user', 'fingerprint', 'key_file', 'tenancy', 'region'])
DEBUG:oci_cli.cli_util:region: Environment Variable or Parameter
DEBUG:oci.base_client.43914sdfsd52848:Endpoint: https://vaults.me-jeddah-1.oci.oraclecloud.com/20180608
INFO:oci.base_client.adsf: 2024-02-21 01:44:01.583043: Request: POST https://vaults.me-jeddah-1.oci.oraclecloud.com/dfsa/secrets
Not using Expect header...
send: b'POST /20180608/secrets HTTP/1.1\r\nuser-agent: Oracle-PythonSDK/2.119.0 (python 3.12.1; arm64-Darwin) Oracle-PythonCLI/3.37.4\r\naccept-encoding: gzip, deflate\r\naccept: application/json\r\nconnection: keep-alive\r\ncontent-type: application/json\r\nopc-request-id: sdfsdf\r\nopc-retry-token: asdf\r\nopc-client-retries: true\r\nopc-client-info: Oracle-PythonSDK/2.119.0\r\nContent-Length: 566\r\ndate: Wed, 21 Feb 2024 01:44:01 GMT\r\nhost: vaults.me-jeddah-1.oci.oraclecloud.com\r\nx-content-sha256: Xk8jXL0flBDgHfcu1O+sdfda+lgc1gJaAVW868Bw=\r\nauthorization: Signature algorithm="rsa-sha256",headers="date (request-target) host content-length content-type x-content-sha256",keyId="version="1"\r\n\r\n{"secretContent": {"content": "asdfds.dfasdafs.dfasdfasdf/igT32T38LK6p/ar6DSAbuqEI", "contentType": "BASE64"}, "compartmentId": "yq6mnay2htjizy5kca", "secretName": "KONG_JWT_TOKEN", "vaultId": "nad2jq", "keyId": "dnxve6ukna"}'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Date: Wed, 21 Feb 2024 01:44:02 GMT
header: opc-request-id: asdfasdf/97CA59E59A8979EC87D22BA45FFAA26E/adsfasdfa
header: Content-Type: application/json
header: X-Content-Type-Options: nosniff
header: Strict-Transport-Security: max-age=31536000; includeSubDomains;
header: Content-Length: 80
DEBUG:oci.base_client.4391452848: 2024-02-21 01:44:02.316737: time elapsed for request B16438AFE6654402A5A1404BE98AF7C8: 0.7336759580066428
DEBUG:oci.base_client.4391452848: 2024-02-21 01:44:02.317380: Response status: 400
DEBUG:oci.base_client.4391452848: 2024-02-21 01:44:02.317579: python SDK time elapsed for deserializing: 8.124974556267262e-06
Traceback (most recent call last):
File "/opt/homebrew/bin/oci", line 8, in <module>
sys.exit(cli())
^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1157, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1078, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 1434, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/core.py", line 783, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/opt/python-click/lib/python3.12/site-packages/click/decorators.py", line 33, in new_func
return f(get_current_context(), *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci_cli/json_skeleton_utils.py", line 78, in wrapped_call
func(ctx, *args, **kwargs)
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci_cli/cli_util.py", line 880, in wrapped_call
func(ctx, *args, **kwargs)
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/services/vault/src/oci_cli_vaults/generated/vaults_cli.py", line 278, in create_secret_base64_secret_content_details
result = client.create_secret(
^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci/vault/vaults_client.py", line 541, in create_secret
return retry_strategy.make_retrying_call(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci/retry/retry.py", line 308, in make_retrying_call
response = func_ref(*func_args, **func_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci/base_client.py", line 533, in call_api
response = self.request(request, allow_control_chars, operation_name, api_reference_link)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/circuitbreaker.py", line 159, in wrapper
return call(function, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/circuitbreaker.py", line 170, in call
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci/base_client.py", line 720, in request
self.raise_service_error(request, response, service_code, message, operation_name, api_reference_link, target_service, request_endpoint, client_version, timestamp, deserialized_data)
File "/opt/homebrew/Cellar/oci-cli/3.37.4/libexec/lib/python3.12/site-packages/oci/base_client.py", line 877, in raise_service_error
raise exceptions.ServiceError(
oci.exceptions.ServiceError: {'target_service': 'vaults', 'status': 400, 'code': 'InvalidParameter', 'opc-request-id': 'B16438AFE6654402A5A1404BE98AF7C8/97CA59E59A8979EC87D22BA45FFAA26E/7C581F87911C6CD5999F3DA3A820E38F', 'message': 'content has an invalid format', 'operation_name': 'create_secret', 'timestamp': '2024-02-21T01:44:02.317486+00:00', 'client_version': 'Oracle-PythonSDK/2.119.0', 'request_endpoint': 'POST https://vaults.me-jeddah-1.oci.oraclecloud.com/20180608/secrets', 'logging_tips': 'To get more info on the failing request, refer to https://docs.oracle.com/en-us/iaas/tools/python/latest/logging.html for ways to log the request/response details.', 'troubleshooting_tips': "See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_400__400_invalidparameter for more information about resolving this error. Also see https://docs.oracle.com/iaas/api/#/en/secretmgmt/20180608/Secret/CreateSecret for details on this operation's requirements. If you are unable to resolve this vaults issue, please contact Oracle support and provide them this full error message."}
The input needs to be base64 encoded, read this line of that medium article carefully: