Challenge 1 - Task 3 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured

To complete this requirement, you are provided with:

• An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
• An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
• A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
• Access to Cloud Shell.
• Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task in the OCI environment provisioned:

Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.

Challenge 1 - Task 4 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured

To complete this requirement, you are provided with:

• An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
• An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
• A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
• Access to Cloud Shell.
• Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following tasks in the OCI environment provisioned:

• Create a Linux Instance with the name [Provide Name Here] within the compartment.

Provide your own public key to SSH the instance.

"Jazz Clothing" is an e-commerce company that wants to secure their in-transit communication to online store's hosted on Oracle Cloud Infrastructure (OCI) by ensuring secure Transport Layer Security (TLS) connections. They plan to automate the process of creating and rotating certificates using the OCI Certificates service to avoid outages due to expired certificates. What is a key benefit that Jazz Clothing will gain by automating their certificate management for TLS connections in OCI? (Choose the best Answer.)