diff --git a/pkg/apis/vault/v1alpha1/vault_types.go b/pkg/apis/vault/v1alpha1/vault_types.go
index f6902523..e89016c4 100644
--- a/pkg/apis/vault/v1alpha1/vault_types.go
+++ b/pkg/apis/vault/v1alpha1/vault_types.go
@@ -661,6 +661,7 @@ type UnsealConfig struct {
 	Alibaba    *AlibabaUnsealConfig   `json:"alibaba,omitempty"`
 	Azure      *AzureUnsealConfig     `json:"azure,omitempty"`
 	AWS        *AWSUnsealConfig       `json:"aws,omitempty"`
+	OCI        *OCIUnsealConfig       `json:"oci,omitempty"`
 	Vault      *VaultUnsealConfig     `json:"vault,omitempty"`
 	HSM        *HSMUnsealConfig       `json:"hsm,omitempty"`
 }
@@ -710,6 +711,21 @@ func (usc *UnsealConfig) ToArgs(vault *Vault) []string {
 			"--azure-key-vault-name",
 			usc.Azure.KeyVaultName,
 		)
+	} else if usc.OCI != nil {
+		args = append(args,
+			"--mode",
+			"oci",
+			"--oci-key-ocid",
+			usc.OCI.KeyOCID,
+			"--oci-cryptographic-endpoint",
+			usc.OCI.CryptographicEndpoint,
+			"--oci-bucket-namespace",
+			usc.OCI.BucketNamespace,
+			"--oci-bucket-name",
+			usc.OCI.BucketName,
+			"--oci-bucket-prefix",
+			usc.OCI.BucketPrefix,
+		)
 	} else if usc.AWS != nil {
 		args = append(args,
 			"--mode",
@@ -911,6 +927,15 @@ type AWSUnsealConfig struct {
 	S3SSE                string `json:"s3SSE,omitempty"`
 }
 
+// AWSUnsealConfig holds the parameters for AWS KMS based unsealing
+type OCIUnsealConfig struct {
+	KeyOCID               string `json:"keyOCID"`
+	CryptographicEndpoint string `json:"cryptographicEndpoint"`
+	BucketName            string `json:"bucketName"`
+	BucketNamespace       string `json:"bucketNamespace,omitempty"`
+	BucketPrefix          string `json:"bucketPrefix,omitempty"`
+}
+
 // VaultUnsealConfig holds the parameters for remote Vault based unsealing
 type VaultUnsealConfig struct {
 	Address        string `json:"address"`