Use Vault Secret Credentials

Describes using vault secret credentials, where the credentials secret (password) is stored as a secret in a vault. You can then use vault secret credentials to access cloud resources or to access other databases (use anywhere that username/password type credentials are required).

You can create vault secret credentials with secrets stored in any of the supported vaults:

  • Oracle Cloud Infrastructure Vault

  • Azure Key Vault

  • AWS Secrets Manager

  • GCP Secret Manager

For example, some possible uses cases for vault secret credentials:

  • You can avoid duplicating secrets (passwords) when you access cloud resources from an Autonomous Database instance. In this case, you store secrets in a vault and Autonomous Database accesses the vault. This allows you to rotate secrets without updating the credentials you create to access cloud resources.

  • You can use vault secret credentials with database links. In this case, you can create routines that access another database and you don't need to expose passwords in your code.

  • You can use vault secret credentials with DBMS_DATAPUMP APIs.

Note

Operations that use Oracle Data Pump support vault secret credentials (for example impdp and expdp). Oracle Data Pump support with vault secret credentials is limited to Oracle Cloud Infrastructure Swift URIs and Oracle Cloud Infrastructure Native URIs. See DBMS_CLOUD URI Formats for more information.

Topics