Fortanix DSM - Oracle Cloud Infrastructure Troubleshooting

1.0 Introduction

This document describes common issues and troubleshooting steps for using Fortanix Data Security Manager (DSM) with Oracle Cloud Infrastructure (OCI) Key Management Service (KMS).

2.0 Troubleshooting

This section lists issues along with possible workarounds that you might encounter while performing some operations.

Problem	Solution
API Key Creation Limit in OCI While configuring the OCI CDC group, attempting to create more than three API keys results in the following error message from OCI: `You can not create ApiKey as maximum quota limit of 3 has been reached.`	Oracle Cloud allows creating a maximum of three API keys per user. You can manage your keys at https://cloud.oracle.com/identity/domains/my-profile/auth-tokens?region=us-phoenix-1. If you have reached the quota limit, remove unused API keys to add a new one.
Copy or Import Key Fails with Authentication Error Copying or importing keys to OCI may fail depending on the user’s subscription type, with the following error message: `OCI tenancy limit exceeded: The limit for this tenancy has been exceeded..Contact your OCI administrator to increase limits.` This error occurs when your OCI tenancy exceeds its key management limit.	Review your service limits in the OCI console and request a limit increase from your OCI administrator or Oracle Support if required OR delete some keys if you have reached the limit.
Scheduling key deletion fails If only one version of the key exists, scheduling the key for deletion will result in an error because it is the current key version.	OCI does not allow scheduling deletion for the current (only) key version. To resolve this issue, rotate the key in Fortanix DSM to create a new key version. After rotation, schedule deletion for the older (non-current) version in OCI. You can cancel a scheduled deletion in OCI any time before the waiting period expires by using the CANCEL KEY DELETION option in OCI.

Problem

Solution

API Key Creation Limit in OCI

While configuring the OCI CDC group, attempting to create more than three API keys results in the following error message from OCI:

You can not create ApiKey as maximum quota limit of 3 has been reached.

Oracle Cloud allows creating a maximum of three API keys per user.
You can manage your keys at https://cloud.oracle.com/identity/domains/my-profile/auth-tokens?region=us-phoenix-1.
If you have reached the quota limit, remove unused API keys to add a new one.

Copy or Import Key Fails with Authentication Error

Copying or importing keys to OCI may fail depending on the user’s subscription type, with the following error message:

OCI tenancy limit exceeded: The limit for this tenancy has been exceeded..Contact your OCI administrator to increase limits.

This error occurs when your OCI tenancy exceeds its key management limit.

Review your service limits in the OCI console and request a limit increase from your OCI administrator or Oracle Support if required OR delete some keys if you have reached the limit.

Scheduling key deletion fails

If only one version of the key exists, scheduling the key for deletion will result in an error because it is the current key version.

OCI does not allow scheduling deletion for the current (only) key version.

To resolve this issue, rotate the key in Fortanix DSM to create a new key version. After rotation, schedule deletion for the older (non-current) version in OCI.

You can cancel a scheduled deletion in OCI any time before the waiting period expires by using the CANCEL KEY DELETION option in OCI.