Oracle Cloud Integration

ops0 connects to Oracle Cloud Infrastructure (OCI) using API Key authentication. Once connected, you can discover OCI resources, generate Terraform code, and manage multi-compartment infrastructure.

Adding the Integration

Navigate to Integrations

Go to Settings > Integrations > Add Integration.

Select Oracle Cloud

Choose Oracle Cloud from the provider list.

Enter Credentials

Provide your OCI API credentials.

Connect

Click Connect to verify the integration.

Credential Fields

Field	Required	Description
Name	Yes	Integration name
Tenancy OCID	Yes	Your OCI tenancy identifier (e.g., ocid1.tenancy.oc1...)
User OCID	Yes	The OCI user performing API calls
Fingerprint	Yes	API key fingerprint from OCI console
Private Key	Yes	PEM-encoded RSA private key
Region	Yes	Home region (e.g., us-ashburn-1, eu-frankfurt-1)
Compartment OCID	No	Scope to a specific compartment instead of the full tenancy

Scan Scope

Scope	Description
Tenancy	Discovers resources across all compartments, including nested sub-compartments
Compartment	Targets a single compartment and its children

Multi-Region Support

You can select multiple OCI regions to scan in a single integration. ops0 stores selected regions and scans all of them during discovery.

State Backend (Optional)

For Terraform state storage in OCI Object Storage, provide S3-compatible credentials:

Field	Description
S3 Endpoint	OCI Object Storage S3 compatibility endpoint
Access Key	S3-compatible access key
Secret Key	S3-compatible secret key
Bucket	Object Storage bucket name

S3 Compatibility

OCI Object Storage exposes an S3-compatible API. ops0 uses this for Terraform state, so you don't need a separate AWS S3 bucket.

Credential Security

All OCI credentials are encrypted at rest using AES-256-CBC. Private keys are converted from PKCS#8 format and stored encrypted. Decryption happens in memory during API calls only.

Generating the API Key

1In OCI Console, go to Identity > Users > your user

2Click API Keys > Add API Key

3Generate or upload a key pair, then download the private key

4Note the fingerprint shown after adding the key

Required IAM Policies

For discovery, the OCI user needs read access. Example policy statements:

Allow user ops0-user to inspect all-resources in tenancy
Allow user ops0-user to read all-resources in tenancy

For IaC deployments, the user needs manage access to the relevant resources:

Allow user ops0-user to manage instance-family in compartment my-compartment
Allow user ops0-user to manage virtual-network-family in compartment my-compartment
Allow user ops0-user to manage object-family in compartment my-compartment

Troubleshooting

NotAuthenticated

Verify the tenancy OCID, user OCID, and fingerprint match what's in the OCI console. Make sure the private key corresponds to the public key uploaded to OCI.

Authorization Failed

The user needs an IAM policy granting at least inspect or read permissions on the target compartment or tenancy.

Compartment Not Found

Double-check the compartment OCID. Make sure it hasn't been deleted or moved.

Oracle Cloud Discovery

Scan and discover OCI resources

Connect Your Cloud

Quick setup guide for all cloud providers

Credential Fields

Field

Required

Description

Name

Yes

Integration name

Tenancy OCID

Yes

Your OCI tenancy identifier (e.g., ocid1.tenancy.oc1...)

User OCID

Yes

The OCI user performing API calls

Fingerprint

Yes

API key fingerprint from OCI console

Private Key

Yes

PEM-encoded RSA private key

Region

Yes

Home region (e.g., us-ashburn-1, eu-frankfurt-1)

Compartment OCID

Scope to a specific compartment instead of the full tenancy

Scope

Description

Tenancy

Discovers resources across all compartments, including nested sub-compartments

Compartment

Targets a single compartment and its children

State Backend (Optional)

For Terraform state storage in OCI Object Storage, provide S3-compatible credentials:

Field

Description

S3 Endpoint

OCI Object Storage S3 compatibility endpoint

Access Key

S3-compatible access key

Secret Key

S3-compatible secret key

Bucket

Object Storage bucket name

S3 Compatibility

OCI Object Storage exposes an S3-compatible API. ops0 uses this for Terraform state, so you don't need a separate AWS S3 bucket.

Required IAM Policies

For discovery, the OCI user needs read access. Example policy statements:

Allow user ops0-user to inspect all-resources in tenancy
Allow user ops0-user to read all-resources in tenancy

For IaC deployments, the user needs manage access to the relevant resources:

Allow user ops0-user to manage instance-family in compartment my-compartment
Allow user ops0-user to manage virtual-network-family in compartment my-compartment
Allow user ops0-user to manage object-family in compartment my-compartment

Troubleshooting

NotAuthenticated

Verify the tenancy OCID, user OCID, and fingerprint match what's in the OCI console. Make sure the private key corresponds to the public key uploaded to OCI.

Authorization Failed

The user needs an IAM policy granting at least inspect or read permissions on the target compartment or tenancy.

Compartment Not Found

Double-check the compartment OCID. Make sure it hasn't been deleted or moved.

Oracle Cloud Integration

Adding the Integration

Navigate to Integrations

Select Oracle Cloud

Enter Credentials

Connect

Credential Fields

Scan Scope

Multi-Region Support

State Backend (Optional)

Credential Security

Generating the API Key

Required IAM Policies

Troubleshooting

Related

Oracle Cloud Discovery

Connect Your Cloud

Oracle Cloud Integration

Adding the Integration

Navigate to Integrations

Select Oracle Cloud

Enter Credentials

Connect

Credential Fields

Scan Scope

Multi-Region Support

State Backend (Optional)

Credential Security

Generating the API Key

Required IAM Policies

Troubleshooting

Related

Oracle Cloud Discovery

Connect Your Cloud