Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Vault
Commits
959e4c79
Commit
959e4c79
authored
3 years ago
by
Jason O'Donnell
Browse files
Options
Download
Email Patches
Plain Diff
backport of commit 6ad3d41e366cd18d5730ff29c63e7f310ceb9a1f
parent
912c8f12
Branches unavailable
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
website/content/docs/secrets/databases/oracle.mdx
+6
-6
website/content/docs/secrets/databases/oracle.mdx
with
6 additions
and
6 deletions
+6
-6
website/content/docs/secrets/databases/oracle.mdx
+
6
-
6
View file @
959e4c79
...
...
@@ -106,7 +106,7 @@ pluggable databases rather than the container database in the `connection_url` f
### Connect Using SSL
~> **Note**: The wallets used when connecting via SSL should be available on every Vault
~> **Note**: The wallets used when connecting via SSL should be available on every Vault
server when using high availability clusters.
If the Oracle server Vault is trying to connect to uses an SSL listener, the database
...
...
@@ -115,7 +115,7 @@ plugin will require additional configuration using the `connection_url` paramete
```shell
vault write database/config/oracle \
plugin_name=vault-plugin-database-oracle \
connection_url='{{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<host>(PORT=<port>))(CONNECT_DATA=(SERVICE_NAME=<service_name>))(SECURITY=(SSL_SERVER_CERT_DN="<cert_dn>")(MY_WALLET_DIRECTORY=<path_to_wallet>)))'
connection_url='{{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=<host>
)
(PORT=<port>))(CONNECT_DATA=(SERVICE_NAME=<service_name>))(SECURITY=(SSL_SERVER_CERT_DN="<cert_dn>")(MY_WALLET_DIRECTORY=<path_to_wallet>)))'
\
allowed_roles="my-role" \
username="admin" \
password="password"
...
...
@@ -127,7 +127,7 @@ to use for connection and verification could be configured using:
```shell
vault write database/config/oracle \
plugin_name=vault-plugin-database-oracle \
connection_url='{{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hashicorp.com)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=ORCL))(SECURITY=(SSL_SERVER_CERT_DN="CN=hashicorp.com,OU=TestCA,O=HashiCorp=com")(MY_WALLET_DIRECTORY=/etc/oracle/wallets)))'
connection_url='{{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hashicorp.com)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=ORCL))(SECURITY=(SSL_SERVER_CERT_DN="CN=hashicorp.com,OU=TestCA,O=HashiCorp=com")(MY_WALLET_DIRECTORY=/etc/oracle/wallets)))'
\
allowed_roles="my-role" \
username="admin" \
password="password"
...
...
@@ -135,10 +135,10 @@ vault write database/config/oracle \
### Using TNS Names
~> **Note**: The `tnsnames.ora` file and environment variable used when connecting via SSL should
~> **Note**: The `tnsnames.ora` file and environment variable used when connecting via SSL should
be available on every Vault server when using high availability clusters.
Vault can optionally use TNS Names in the connection string when connecting to Oracle databases using a `tnsnames.ora` file. An example
Vault can optionally use TNS Names in the connection string when connecting to Oracle databases using a `tnsnames.ora` file. An example
of a `tnsnames.ora` file may look like the following:
```shell
...
...
@@ -175,7 +175,7 @@ To configure Vault to use TNS names, set the following environment variable on t
TNS_ADMIN=/path/to/tnsnames/directory
```
~> **Note**: If Vault returns a "could not open file" error, double check that this environment
~> **Note**: If Vault returns a "could not open file" error, double check that this environment
variable is available to the Vault server.
Finally, use the alias in the `connection_url` parameter on the database configuration:
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help