Oracle Cloud Infrastructure (OCI)
ops0 supports Oracle Cloud Infrastructure for resource discovery, IaC generation, and multi-compartment management. You can scan OCI tenancies, discover compute instances, networking, storage, and database resources, then generate Terraform code to manage them.
Supported OCI Resources
| Category | Resources |
|---|---|
| Compute | Instances, shapes, availability domains |
| Networking | VCNs, subnets, security lists, route tables |
| Storage | Object Storage buckets, block volumes |
| Database | Autonomous databases, DB systems |
| Identity | Compartments, policies, users |
| Security | Vaults, keys, secrets |
| Load Balancing | Load balancers, network load balancers |
Prerequisites
Before scanning OCI resources, you need an Oracle Cloud integration connected in ops0. See Connect Your Cloud for setup instructions.
Running an OCI Discovery Scan
Select Oracle Cloud
In the Discovery page, click New Scan and select your OCI integration.
Choose Scope
Select whether to scan the entire tenancy or a specific compartment. If your organization uses a multi-compartment structure, you can target individual compartments for faster scans.
Select Regions
Choose which OCI regions to include. ops0 supports multi-region scanning, so you can discover resources across all regions in a single session.
Start Scan
Click Start Scan. ops0 uses the OCI SDKs to enumerate resources across compute, networking, storage, database, identity, and security services.
Multi-Compartment Support
OCI organizes resources into compartments. ops0 discovers and maps this hierarchy automatically.
| Scan Scope | Description |
|---|---|
| Tenancy | Scans all compartments in the tenancy, including nested sub-compartments |
| Compartment | Scans a single compartment and its children |
Each discovered compartment is tracked with its lifecycle state (ACTIVE, INACTIVE, DELETING), making it easy to see the full organizational structure.
Discovered Resource Details
For each OCI compute instance, ops0 captures:
| Field | Description |
|---|---|
| Display Name | Instance name |
| Shape | Machine type (e.g., VM.Standard.E4.Flex) |
| Availability Domain | AD placement |
| Fault Domain | Fault domain within the AD |
| Public IP | Assigned public IP, if any |
| Private IP | VNIC private IP |
| VCN | Associated virtual cloud network |
| Subnet | Associated subnet |
| Tags | Freeform and defined tags |
| Lifecycle State | Running, stopped, terminated |
Generating Terraform from OCI Resources
After a scan completes, you can select OCI resources and generate Terraform code. ops0 uses the oci provider and creates proper resource definitions.
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region
}
resource "oci_core_instance" "web_server" {
compartment_id = var.compartment_id
availability_domain = "AD-1"
shape = "VM.Standard.E4.Flex"
shape_config {
ocpus = 2
memory_in_gbs = 16
}
source_details {
source_type = "image"
source_id = var.image_id
}
}
State Backend Configuration
ops0 supports OCI Object Storage as a Terraform state backend using S3-compatible credentials. When you set up an OCI integration, you can optionally provide S3-compatible access credentials for state storage.
| Field | Description |
|---|---|
| S3 Endpoint | OCI Object Storage S3 compatibility endpoint |
| Access Key | S3-compatible access key |
| Secret Key | S3-compatible secret key |
| Bucket | Object Storage bucket for state files |
OCI Object Storage provides an S3-compatible API. ops0 uses this for Terraform state storage, so you don't need a separate S3 bucket.
Credential Security
All OCI credentials are encrypted at rest using AES-256-CBC encryption. Private keys are converted from PKCS#8 format and stored encrypted in the database. Credentials are only decrypted in memory during API calls and are never logged or exposed in the UI.