Part 2: Creating Dynamic groups, Policies for vault access from Certificates and CA's

Author: Jason Beattie

In this part of the blog, we will walk through the creation of policies, dynamic groups, a Certificate Authority (CA), and certificates in Oracle Cloud Infrastructure (OCI). Follow these steps:

Follow the bellows steps.

We will first create the Dynamic group as follows:

Before creating the Certificate Authority (CA) and issuing certificates, it is essential to define clear policies to govern their use and management. The policies are as follows:

Allow dynamic-group CA to use keys in compartment Compartment-Name

Allow dynamic-group CA to manage objects in compartment Compartment-Name

Allow group Administrators to manage certificate-authority-family in compartment Compartment-Name

Allow group CertificateAuthorityAdmins to read keys in compartment Compartment-Name

Allow group CertificateAuthorityAdmins to use key-delegate in compartment Compartment-Name

Allow group CertificateAuthorityAdmins to read buckets in compartment Compartment-Name

Allow group CertificateAuthorityAdmins to read vaults in compartment Compartment-Name

These policies ensure secure access control and proper delegation of responsibilities, aligning with best practices for managing certificates and cryptographic resources.

You are ready to move on to Part 3, where I’ll guide you through the process of creating a Certificate Authority (CA) and generating certificates.