feat: Allow passing API key directly from memory

durnik-ivo · durnik-ivo · commit 5d65e337aec4 · 2025-12-11T16:01:32.000+01:00
diff --git a/.web-docs/components/builder/oci/README.md b/.web-docs/components/builder/oci/README.md
@@ -101,7 +101,7 @@ based on which authentication method is used.
 - `use_instance_principals` (boolean) - Whether to use [Instance
   Principals](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm)
   instead of User Principals. If this key is set to true, setting any one of the `access_cfg_file`,
-  `access_cfg_file_account`, `region`, `tenancy_ocid`, `user_ocid`, `key_file`, `fingerprint`,
+  `access_cfg_file_account`, `region`, `tenancy_ocid`, `user_ocid`, `key`, `key_file`, `fingerprint`,
   `pass_phrase` parameters will cause an invalid configuration error.
   Defaults to `false`.
 
@@ -135,6 +135,9 @@ or configured for the default OCI CLI authenticaton profile.
   [OCI config file](https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm)
   if present. This cannot be used along with the `use_instance_principals` key.
 
+- `key` (string) - The contents of the OCI API signing key. Overrides value provided by the `key_file`.
+  This cannot be used along with the `use_instance_principals` key.
+
 - `key_file` (string) - Full path and filename of the OCI API signing key. Overrides value provided
   by the [OCI config file](https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm)
   if present. This cannot be used along with the `use_instance_principals` key.
diff --git a/builder/oci/config.go b/builder/oci/config.go
@@ -91,6 +91,7 @@ type Config struct {
 	TenancyID    string `mapstructure:"tenancy_ocid"`
 	Region       string `mapstructure:"region"`
 	Fingerprint  string `mapstructure:"fingerprint"`
+	Key          string `mapstructure:"key"`
 	KeyFile      string `mapstructure:"key_file"`
 	PassPhrase   string `mapstructure:"pass_phrase"`
 	UsePrivateIP bool   `mapstructure:"use_private_ip"`
@@ -211,6 +212,9 @@ func (c *Config) Prepare(raws ...interface{}) error {
 		if c.Fingerprint != "" {
 			errs = packersdk.MultiErrorAppend(errs, errors.New("fingerprint"+message))
 		}
+		if c.Key != "" {
+			errs = packersdk.MultiErrorAppend(errs, errors.New("key"+message))
+		}
 		if c.KeyFile != "" {
 			errs = packersdk.MultiErrorAppend(errs, errors.New("key_file"+message))
 		}
@@ -246,6 +250,7 @@ func (c *Config) Prepare(raws ...interface{}) error {
 			c.AccessCfgFileAccount = "DEFAULT"
 		}
 
+		// Read API signing key
 		var keyContent []byte
 		if c.KeyFile != "" {
 			path, err := pathing.ExpandUser(c.KeyFile)
@@ -259,7 +264,11 @@ func (c *Config) Prepare(raws ...interface{}) error {
 				return err
 			}
 		}
+		if c.Key != "" {
+			keyContent = []byte(c.Key)
+		}
 
+		// Providers
 		fileProvider, _ := ocicommon.ConfigurationProviderFromFileWithProfile(c.AccessCfgFile, c.AccessCfgFileAccount, c.PassPhrase)
 		if c.Region == "" {
 			var region string
diff --git a/builder/oci/config.hcl2spec.go b/builder/oci/config.hcl2spec.go
diff --git a/builder/oci/config_test.go b/builder/oci/config_test.go
@@ -398,6 +398,7 @@ func TestConfig(t *testing.T) {
 		"tenancy_ocid",
 		"region",
 		"fingerprint",
+		"key",
 		"key_file",
 		"pass_phrase",
 	}
diff --git a/docs/builders/oci.mdx b/docs/builders/oci.mdx
@@ -108,7 +108,7 @@ based on which authentication method is used.
 - `use_instance_principals` (boolean) - Whether to use [Instance
   Principals](https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm)
   instead of User Principals. If this key is set to true, setting any one of the `access_cfg_file`,
-  `access_cfg_file_account`, `region`, `tenancy_ocid`, `user_ocid`, `key_file`, `fingerprint`,
+  `access_cfg_file_account`, `region`, `tenancy_ocid`, `user_ocid`, `key`, `key_file`, `fingerprint`,
   `pass_phrase` parameters will cause an invalid configuration error.
   Defaults to `false`.
 
@@ -142,6 +142,9 @@ or configured for the default OCI CLI authenticaton profile.
   [OCI config file](https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm)
   if present. This cannot be used along with the `use_instance_principals` key.
 
+- `key` (string) - The contents of the OCI API signing key. Overrides value provided by the `key_file`.
+  This cannot be used along with the `use_instance_principals` key.
+
 - `key_file` (string) - Full path and filename of the OCI API signing key. Overrides value provided
   by the [OCI config file](https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/sdkconfig.htm)
   if present. This cannot be used along with the `use_instance_principals` key.

Original file line number	Diff line number	Diff line change
`@@ -398,6 +398,7 @@ func TestConfig(t *testing.T) {`
`398`	`398`	`"tenancy_ocid",`
`399`	`399`	`"region",`
`400`	`400`	`"fingerprint",`
	`401`	`+ "key",`
`401`	`402`	`"key_file",`
`402`	`403`	`"pass_phrase",`
`403`	`404`	`}`