Once the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliinstall.htm#Quickstart) is installed, there are two primary authentication methods available.

- **Key pair based authentication**  
  - Recommended for automation scenarios such as CI and CD pipelines  
  - [Documentation](https://docs.oracle.com/en-us/iaas/content/API/concepts/apisigningkey.htm#required_keys_and_ocids)

- **Token based authentication**  
  - Recommended for local development  
  - [Documentation](https://docs.oracle.com/en-us/iaas/content/API/sdkdocs/clitoken.htm#tokenbased_authentication_for_the_cli)

>The recommended approach is to use token based authentication for local development and key pair based authentication for automation scenarios such as CI and CD pipelines.

## Authentication

1. To configure the OCI CLI for token based authentication, run the commands below. If you encounter any issues, refer to the linked documentation for additional guidance. Note that `gworacle` is the tenant name used in Oracle Cloud.

2. After running the `oci session authenticate` command, you will be prompted to enter a profile name. Use the same profile name specified in the default profile configuration, `oci_auth`.

>```bash
>export OCI_CLI_AUTH=security_token
>mkdir -p $$HOME/.oci
>cat << EOF > $$HOME/.oci/oci_cli_rc
>[OCI_CLI_SETTINGS]
>default_profile=oci_auth
>EOF
>oci session authenticate
>```

>After authenticating your session, you should get an output similar to the one below:

>```shell
># Try out your newly created session credentials with the following example command:

>oci iam region list --config-file $$HOME\.oci\config --profile oci_auth --auth >security_token
>```

>However, you should able to run just `oci iam region list` without the `--profile` and `--auth` parameters since they were configured prior in the step above.

3. Once logged in, set your Kubernetes context by running the following command:

>```bash
># As our dev cluster is in uk-london-1 region
>oracle_region=uk-london-1
>oci ce cluster create-kubeconfig --cluster-id ${oke_cluster_ocid} --region >${oracle_region} --token-version 2.0.0
>```

>This will merge your OKE settings into your Kubernetes configuration file (typically stored in the`~/.kube/config` file).

* * *

<!-- markdownlint-disable MD033 -->
<div class="text--center margin-top--lg" style={{display: 'flex', justifyContent: 'center', gap: '12px'}}>
  <a href="/halo/oke-step-2" class="button button--primary button--lg">
    Continue
  </a>

  <a href="https://www.glasswall.com/support" class="button button--primary button--lg">
    Need help?
  </a>
</div>
<!-- markdownlint-disable MD033 -->