Oracle Cloud Integration

ops0 connects to Oracle Cloud Infrastructure (OCI) using API Key authentication. Once connected, you can discover OCI resources, generate Terraform code, and manage multi-compartment infrastructure.

Adding the Integration

Navigate to Integrations

Go to Settings > Integrations > Add Integration.

Select Oracle Cloud

Choose Oracle Cloud from the provider list.

Enter Credentials

Provide your OCI API credentials.

Connect

Click Connect to verify the integration.

Credential Fields

Field	Required	Description
Name	Yes	Integration name
Tenancy OCID	Yes	Your OCI tenancy identifier (e.g., ocid1.tenancy.oc1...)
User OCID	Yes	The OCI user performing API calls
Fingerprint	Yes	API key fingerprint from OCI console
Private Key	Yes	PEM-encoded RSA private key
Region	Yes	Home region (e.g., us-ashburn-1, eu-frankfurt-1)
Compartment OCID	No	Scope to a specific compartment instead of the full tenancy

Scan Scope

Scope	Description
Tenancy	Discovers resources across all compartments, including nested sub-compartments
Compartment	Targets a single compartment and its children

Multi-Region Support

You can select multiple OCI regions to scan in a single integration. ops0 stores selected regions and scans all of them during discovery.

State Backend (Optional)

For Terraform state storage in OCI Object Storage, provide S3-compatible credentials:

Field	Description
S3 Endpoint	OCI Object Storage S3 compatibility endpoint
Access Key	S3-compatible access key
Secret Key	S3-compatible secret key
Bucket	Object Storage bucket name

S3 Compatibility

OCI Object Storage exposes an S3-compatible API. ops0 uses this for Terraform state, so you don't need a separate AWS S3 bucket.

Credential Security

All OCI credentials are encrypted at rest using AES-256-CBC. Private keys are converted from PKCS#8 format and stored encrypted. Decryption happens in memory during API calls only.

Generating the API Key

1In OCI Console, go to Identity > Users > your user

2Click API Keys > Add API Key

3Generate or upload a key pair, then download the private key

4Note the fingerprint shown after adding the key

Required IAM Policies

For discovery, the OCI user needs read access. Example policy statements:

Allow user ops0-user to inspect all-resources in tenancy
Allow user ops0-user to read all-resources in tenancy

For IaC deployments, the user needs manage access to the relevant resources:

Allow user ops0-user to manage instance-family in compartment my-compartment
Allow user ops0-user to manage virtual-network-family in compartment my-compartment
Allow user ops0-user to manage object-family in compartment my-compartment

Troubleshooting

NotAuthenticated

Verify the tenancy OCID, user OCID, and fingerprint match what's in the OCI console. Make sure the private key corresponds to the public key uploaded to OCI.

Authorization Failed

The user needs an IAM policy granting at least inspect or read permissions on the target compartment or tenancy.

Compartment Not Found

Double-check the compartment OCID. Make sure it hasn't been deleted or moved.

Oracle Cloud Discovery

Scan and discover OCI resources

Connect Your Cloud

Quick setup guide for all cloud providers