Identity domain users should have no more than one API key

oracle-cloud-infrastructure

Description

Oracle Cloud identity domain users should have no more than one active API key to minimize security risks and reduce the potential attack surface. Multiple active API keys increase the risk of credential compromise and makes access management more complex.

Note: Identity domain users that are in an inactive state are not assessed.

Remediation

Review and deactivate or delete unnecessary active API keys, ensuring each user retains only one active API key for their operational needs. For guidance on managing API keys, refer to the Working with API Keys section in the Oracle Cloud Infrastructure Documentation.