SDK and CLI Configuration File

Oracle Cloud Infrastructure SDKs and CLI require basic configuration information, like user credentials and tenancy OCID. You can provide this information by:

  • Using a configuration file
  • Declaring a configuration at runtime
Note

You can use the Console to help generate a configuration file. For more information, see Generating an API Signing Key (Console).

The SDKs fully support both options. Refer to the documentation for each SDK for information about the config object and any exceptions when using a configuration file:

The CLI requires a configuration file, but also allows you to set environment variables to provide certain information. See CLI Environment Variables for more information.

File Name and Location

The default configuration file name and location is ~/.oci/config.

Note

On Windows, you can use PowerShell to create the folder with the following command: mkdir %HOMEDRIVE%%HOMEPATH%\.oci. File Explorer does not support creating folder names that start with a period.

File Entries

The following table lists the basic entries that are required for the configuration file, as well as where to get the required information.

Entry Description and Where to Get the Value Required?
user

OCID of the user calling the API. To get the value, see Required Keys and OCIDs.

Example: ocid1.user.oc1..<unique_ID>(shortened for brevity)

Yes
fingerprint

Fingerprint for the public key that was added to this user. To get the value, see Required Keys and OCIDs.

Yes
key_file

Full path and filename of the private key.

Important: The key pair must be in PEM format. For instructions on generating a key pair in PEM format, see Required Keys and OCIDs.

Example (Linux/Mac OS): ~/.oci/oci_api_key.pem

Example (Windows): ~/.oci/oci_api_key.pem

This corresponds to the file %HOMEDRIVE%%HOMEPATH%\.oci\oci_api_key.pem.

Yes
pass_phrase

Passphrase used for the key, if it is encrypted.

Caution: This entry is deprecated, and is included for backward compatibility only. Avoid saving confidential information in the configuration file. For additional security, pass the passphrase to the SDK/CLI at run time.

Yes, if key is encrypted and passphrase has not been configured to be passed to at runtime
tenancy

OCID of your tenancy. To get the value, see Required Keys and OCIDs.

Example: ocid1.tenancy.oc1..<unique_ID>

Yes
region

An Oracle Cloud Infrastructure region. See Regions and Availability Domains.

Example: us-ashburn-1

Yes
security_token_file

If session token authentication is being used, then this parameter is required.

Using this authentication method makes fingerprint, user, and pass_phrase not required. Starting a session with the OCI CLI will populate all of the required parameters for this authentication method. See Starting a Token-based CLI Session.

Conditional

Custom Values

Some Oracle Cloud Infrastructure SDKs support defining custom values in the configuration file. Refer to the documentation for each SDK for more information.

Profiles and Inheritance

You can create multiple profiles with different values for these entries, then you can specify which profile to load.

Some Oracle Cloud Infrastructure SDKs require a DEFAULT profile and support profile inheritance. This means that any value that isn't explicitly defined for a given profile is inherited from the DEFAULT profile. Refer to the documentation for each SDK for more information.

Example Configuration

The following example (for Linux and Mac OS) shows key values in a configuration file and how to set profiles for a SDK that supports profile inheritance.

[DEFAULT]
user=ocid1.user.oc1..<unique_ID>
fingerprint=<your_fingerprint>
key_file=~/.oci/oci_api_key.pem
tenancy=ocid1.tenancy.oc1..<unique_ID>
region=us-ashburn-1

[ADMIN_USER]
user=ocid1.user.oc1..<unique_ID>
fingerprint=<your_fingerprint>
key_file=keys/admin_key.pem
pass_phrase=<your_passphrase>
This example is for Windows:
[DEFAULT]
user=ocid1.user.oc1..<unique_ID>
fingerprint=<your_fingerprint>
key_file=%HOMEPATH%\.oci\oci_api_key.pem
tenancy=ocid1.tenancy.oc1..<unique_ID>
region=us-ashburn-1

[ADMIN_USER]
user=ocid1.user.oc1..<unique_ID>
fingerprint=<your_fingerprint>
key_file=keys\admin_key.pem
pass_phrase=<your_passphrase>