Oracle Cloud Infrastructure: Installation & Configuration

The Oracle Cloud Infrastructure (OCI) provider for Pulumi uses the OCI SDK to manage and provision resources.

Installation

The OCI provider is available as a package in all Pulumi languages:

• JavaScript/TypeScript: @pulumi/oci
• Python: pulumi-oci
• Go: github.com/pulumi/pulumi-oci/sdk/go/oci
• .NET: Pulumi.Oci
• Java: com.pulumi/oci

Configuring Credentials

Pulumi relies on the OCI SDK to authenticate requests from your computer to OCI. Your credentials are never sent to Pulumi.

Use the Required Keys and OCIDs chapter of the OCI Developer Guide to learn:

• How to Generate an API Signing Key
• How to Get the Key’s Fingerprint
• Where to Get the Tenancy’s OCID and User’s OCID

Once you have generated an API signing key pair and have your tenancy and user OCIDs you can make them available using either environment variables or Pulumi configuration.

Environment Variables

export TF_VAR_tenancy_ocid="ocid1.tenancy.oc1..<unique_ID>"
export TF_VAR_user_ocid="ocid1.user.oc1..<unique_ID>"
export TF_VAR_fingerprint="<key_fingerprint>"
export TF_VAR_region="us-ashburn-1"
export TF_VAR_private_key_path="/path/to/oci_api_key.pem"

Pulumi Configuration

If you prefer to store the credentials alongside your Pulumi stack for multi-user access:

pulumi config set oci:tenancyOcid "ocid1.tenancy.oc1..<unique_ID>" --secret
pulumi config set oci:userOcid "ocid1.user.oc1..<unique_ID>" --secret
pulumi config set oci:fingerprint "<key_fingerprint>" --secret
pulumi config set oci:region "us-ashburn-1"
# Set the private key from standard input to retain the format
cat "~/.oci/oci_api_key.pem" | pulumi config set oci:privateKey --secret

Remember to pass --secret when setting oci:secretKey so that it is properly encrypted.

Configuration options

The following configuration options are available for the oci provider: