This token is used to access Oracle cloud databases from database clients. The database client or application requests the db-token using one of a number of principal tokens. Claims can be made as part of the db-token request and will be part of the db-token.

When running this command inside the Cloud Shell, it will by default use the delegation token for the IAM user to request the db-token. Outside of the cloud shell, this command will default to use the API-key in the default profile in the default OCI configuration.

In order to use a temporary security token, use –auth security-token. Instead of using the default (API-key), this will use the existing valid security token for the user. If one doesn’t exist, OCI CLI will open a browser window to allow the user to authenticate with IAM. For more detail, please visit


oci iam db-token get [OPTIONS]

Optional Parameters

--db-token-location [text]

Provide the directory where you would like to store token and private/public key. Default is ~/.oci/db-token

--from-json [text]

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id –> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our “using CLI with advanced JSON options” link:

--scope [text]

If a scope isn’t provided, the default will be the tenancy scope. Adding scope allows you to constrain access by the db-token databases in one or more compartments.

Example scope values: