Slow updates recently as I was getting ready to two AWS exams. Happy to announce that I passed both the Solutions Architect Associate and the SysOps Administrator Associate!

As I’m working with Oracle Cloud Infrastructure (OCI) as well now then next stop will be to pass the OCI Solutions Architect Associate exam. I think it will have lot similarities with the AWS ones and then it should be fairly easy to catch different topics specially on the networking side.

But this post is about oci-cli!

In addition to console in OCI you can use python-based command line interface which is named as oci-cli same as in AWS you can use awscli. I thought brief introduction on it would make a good post.

What do you need to use oci-cli?

First of all you need a user in OCI who has some permissions. You can define the permissions on basis what the requirements are. It can be that user can create VM’s or access iam etc and that policy is assigned to the group the user belongs to.

After you have an existing user  you will need to create API key pair for your new user.

In the Oracle documentation they recommend to use git-bash to generate the keys:

Once you have created the API keys remember to save your private key to safe place! You will need it soon. You will need to go to OCI console and browse to Identity – Users – User details. From there you can click the “Add Public Key” and paste your public key contents in it. If it’s successful you can then see fingerprint on the public key box.


Install and configure oci-cli

To install oci-cli you can follow instructions from here:

You can install it for windows or any computer with bash. Installation is quite straightforward as you will define the installation directory and bin directory for your executable. After that you are ready to use it!

In the later examples I’ve manually changed the OCID’s (Oracle Cloud ID) so if you see some discrepancy that is the reason.

Now I want to configure my oci-cli so it will have necessary information stored. For this I will run on windows the following:

oci.exe setup config

Enter a location for your config [C:\Users\simo\.oci\config]: c:\software\oracle-cli\config

Enter a user OCID: ocid1.user.oc1..3465y5bhdgdgggngndgndgndgndgn

Enter a tenancy OCID: ocid1.tenancy.oc1..4tgreeegeggrgrreg535334343

Enter a region (e.g. eu-frankfurt-1, us-ashburn-1, us-phoenix-1): eu-frankfurt-1
Do you want to generate a new RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y
/n]: n

Enter the location of your private key file: c:\path\.oci\oci_api_key.pem

Enter the passphrase for your private key:

Fingerprint: b5:51:f0:ce:79:3d:f6:28:cd:f3:23:12:22:4a:c3:b1

Do you want to write your passphrase to the config file? (if not, you will need to supply it as an argument to the CLI)
[y/N]: y

Config written to c:\software\oracle-cli\config

Few things I must have when running the config – I will need my user OCID, tenancy OCID, the region I’m going to operate on and finally the location of my recently created private key.

That’s it! Now I can run commands through the oci-cli as it has necessary information in it’s config file. Let’s try.

To see list of available options and commands you can just run oci.exe. Available commands are:

audit                Audit Service
bv                     Block Volume Service
compute          Compute Service
db                     Database Service
dns                   API for managing DNS zones, records, and…
iam                   Identity and Access Management Service
lb                       Load Balancing Service
network           Networking Service
os                      Object Storage Service
setup                Setup commands for CLI

So you always need to have the necessary service first and then the subcommand for that service. For example when running the oci.exe iam:

availability-domain                         One or more isolated, fault-tolerant Oracle…
compartment                                    A collection of related resources.
customer-secret-key                        A `CustomerSecretKey` is an Oracle-provided…
dynamic-group                                An dynamic group defines a matching rule.
group                                                 A collection of users who all need the same…
policy                                                 A document that specifies the type of access…
region                                                A localized geographic area, such as Phoenix,…
region-subscription                        An object that represents your tenancy’s…
tag                                                      A tag definition that belongs to a specific…
tag-namespace                                A managed container for defined tags.
user                                                   An individual employee or system that needs…

So to list my users I will run oci.exe iam user list. And similar to above then getting subcommands to iam user command you just run that.

To get list of my users I will also need to supply the compartment-id along the query. You can see this from Identity – Compartments. Remember compartment in OCI was collection of your resources grouped in to the compartment!

oci.exe iam user list --compartment-id ocid1.tenancy.oc1..aaaaaaa

"data": [
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "This is the cloud admin account",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv235",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.admin",
"time-created": "2018-02-13T08:54:49.231000+00:00"
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "this is the test user",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv238",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "cloud.readonly",
"time-created": "2018-02-13T10:32:52.872000+00:00"
"compartment-id": "ocid1.tenancy.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv454",
"defined-tags": {},
"description": "Simo V",
"freeform-tags": {},
"id": "ocid1.user.oc1..aaaaaaaaj3ute3hbdfqtbosusfqoihv3rwiophci3433fdfddfdfddfdfv458",
"inactive-status": null,
"lifecycle-state": "ACTIVE",
"name": "",
"time-created": "2018-02-13T08:36:06.617000+00:00"
"opc-next-page": "AAAAAAAAAAF0J19EgxQCxqtNSlWbUFrYYCgLLOIArstI-B7dqGJC7-DLBT-BcJEcKH2-rCTfS4r_c4utNr3RbYnsO2eqIXb9Yvz0

The output is by default displayed in JSON but you have option to use –output table for table-a-like output.

That’s it – now you have oci-cli working and can start working using it in addition to the console! There are lot of different possibilities on using it but this post only shows how you get it up and running.

More in the future!


5 thoughts on “Using oci-cli for Oracle Cloud Infrastructure”

  1. Hi ,

    I have few questions on oci cli tool, can you please provide some guidance.

    1. Is it possible to execute multiple oci cli command for single tenancy.
    2. Is it possible to delete the objects of multiple tenancies with single command in oci cli.

    Can you please help me here.

    Thank you,
    Sharath Natram

    1. Hi Sharath,

      I don’t think you can execute multiple commands with oci-cli unless you put them in a shell script. Same also applies to second question since you need to define the tenancy so unless you script it in a shell script you can’t do it in my opinion.

  2. Hi Simo,

    How are you doing 🙂 Need your suggestion
    How can we perform different tasks like deleting object storage, compute instances vcns from different tenancies through OCI CLI?
    Can we have multiple profiles in a single config file and we can connect to tenancies individually to perform different activities.
    For example, I will connect to one tenancy and delete object storage and parallelly connect to other tenancy to delete or create a compute instance.
    How can we
    Please help and provide some guidance 🙂

    Thank you
    Sharath Natram

  3. Hi Simo,

    How are you doing 🙂
    I have one another question and I will be grateful if you share some guidance.

    Using the Shell script I am able to run few OCI CLI commands as shown below.

    $ cat
    echo “1.List Users”
    read ch
    case $ch in
    1)command oci iam compartment list ;;
    echo “Do u want to continue ?”
    read i
    if [ $i != “Y” ]

    But I want to delete the objects inside Object storage of multiple tenancies.
    Can you please share some guidelines on how it can be achieved.

    Have a good day 🙂

    Thank you,
    Sharath Natram

  4. Is there any example on how to query compute instances from different compartments NOT starting at root. or ALL, and query for the nested definedTags.namespace and the list of definedTags.keys/definitions ? Like below? I am new to oci trying to get inventory in a hurry.

    “defined-tags”: {
    “Namespace”: {
    “definedTag.key_1: “definedTag.value_1”,
    “definedTag.key_2: “definedTag.value_2”,
    “definedTag.key_3: “definedTag.value_3”,
    “definedTag.key_4: “definedTag.value_4”,
    “definedTag.key_5: “definedTag.value_5”,
    “definedTag.key_6: “definedTag.value_6”,
    “definedTag.key_7: “definedTag.value_7”,
    “definedTag.key_8: “definedTag.value_8”,
    “definedTag.key_9: “definedTag.value_9”,

    in my script I want to print it out like this:

    definedTag.key_1 definedTag.key_2 definedTag.key_3 definedTag.key_4
    “definedTag.value_1” “definedTag.value_2” “definedTag.value_3” “definedTag.value_4”

    Env Customer Location
    Prod Acme Anywhere

Leave a Reply

Your email address will not be published.