Oracle Cloud Infrastructure Documentation

Using Multiple Profiles

The OCI CLI configuration files config and oci_cli_rc can define more than one profile. Each profile section in the config file references a tenancy within a Private Cloud Appliance. The tenancies can be on different appliances.

In the following example ~/.oci/config file, the PCA1 profile is for a tenancy on the pcasys1 appliance, the PCA2 profile is for a tenancy on the pcasys2 appliance, and the DEFAULT profile is a copy of the PCA1 profile. The DEFAULT profile is used when you haven't specified which profile to use.

In this example, the key file and fingerprint are the same in each profile, but the user OCID is different on the two different appliances or in two different tenancies on the same appliance.

[DEFAULT]
user=ocid1.user.unique_ID_1
key_file=/home/username/.oci/oci_api_key.pem
tenancy=ocid1.tenancy.unique_ID_1
region=pcasys1.example.com
fingerprint=58:f8:69:13:e1:a8:51:4d:5a:a0:11:69:ca:09:48:73
[PCA1]
user=ocid1.user.unique_ID_1
key_file=/home/username/.oci/oci_api_key.pem
tenancy=ocid1.tenancy.unique_ID_1
region=pcasys1.example.com
fingerprint=58:f8:69:13:e1:a8:51:4d:5a:a0:11:69:ca:09:48:73
[PCA2]
user=ocid1.user.unique_ID_2
key_file=/home/username/.oci/oci_api_key.pem
tenancy=ocid1.tenancy.unique_ID_2
region=pcasys2.example.com
fingerprint=58:f8:69:13:e1:a8:51:4d:5a:a0:11:69:ca:09:48:73
Note

If you don't specify a profile to use, the DEFAULT profile is used. If you don't specify a profile and don't have a DEFAULT profile, you must use the --profile option in your commands.

To specify a profile, set the profile name as the value of the OCI_CLI_PROFILE environment variable:

export OCI_CLI_PROFILE=PCA1

The --profile option is a global option, specified on oci, as in the following example:

oci --profile PCA2 iam user list

You must specify the same profiles in your oci_cli_rc file that you specified in your config file:

[DEFAULT]
cert-bundle=/home/username/.oci/pca1/ca.crt
[PCA1]
cert-bundle=/home/username/.oci/pca1/ca.crt
[PCA2]
cert-bundle=/home/username/.oci/pca2/ca.crt

If you have configured multiple profiles, consider creating subdirectories within the .oci directory to store the different API keys and external silo CA chains for each profile.

Consider creating a file of environment variables for each profile. In addition to setting OCI_CLI_PROFILE, set OCI_CLI_CERT_BUNDLE to the same path that you specified in your oci_cli_rc file. Set OCI_CLI_TENANCY to the OCID of the tenancy for this profile. Giving other compartments and resources names makes commands easier to enter and read. For example:

oci network subnet create -c $Networking --vcn-id $VCN1 ...