Oracle Cloud Infrastructure Documentation

To create a Database Connection:

  1. On the Connections list page, select Create Connection. If you need help finding the list page, see To list Database Connections.

  2. On the Create connection page, enter the following information:

    • Name: A user-friendly informative name to describe the connection.

    • Compartment: Choose a compartment you have permission to work in for the connection.

  3. Use the Select Database option to select a database that exists in your Oracle Cloud Infrastructure tenancy, or use the Enter Database Information option to enter the database information yourself.

    If you are using the Enter Database Information option, go to step 8.

  4. For the Select Database option, use the Database Type menu to select a database type: Oracle Autonomous Database, Oracle Database (Bare Metal, VM, Exadata), MySQL Database, and Oracle Exadata on Oracle Public Cloud.

    • For Oracle Autonomous Database:
      1. Use the Databases menu to choose an Autonomous Database. Use the Change Compartment link to find an Autonomous Database in a different compartment.
    • For Oracle Database (Bare Metal, VM, Exadata):
      1. Use the Database System menu to choose an existing DB system to use for this connection. Use the Change Compartment link to find a DB system in a different compartment.
      2. Use the Database Home menu to pick the Database Home containing the database you want to connect to.
      3. Use the Database menu to choose a database.
      4. After you select a Database, use the Pluggable Database menu to choose the pluggable database (PDB) you want to connect to. If you want to create a connection to the container database (CDB), do not select a pluggable database. Container and pluggable databases are available in Oracle Database 12.1 and greater.
    • For MySQL Database:
      1. Use the Databases type menu to choose a MySQL Database. Use the Change Compartment link to find a MySQL Database in a different compartment.
    • For Oracle Exadata on Oracle Public Cloud:
      1. Use the VM Cluster menu to select the Exadata VM cluster containing the database you would like to use for this connection. Use the Change Compartment link to find an Exadata VM cluster in a different compartment.
      2. Once the VM Cluster has been selected, use the Database menu to pick a database you want to connect to.

  5. For the Select Database option, provide the user information you want to use to connect to the database.

    (If you selected the Enter Database Information option, go to step 8.)

    1. User Name: The database user you want to use for the connection. For Oracle Database, you can connect through a proxy user using the following user name syntax: proxyUser[proxyClient]. See Creating Proxy User Accounts
    2. Role: Use this menu to select a high-level, system-wide administrative privileged role to be granted to the user you provided. If no role is needed, you can leave the default value.
      Note

      Role is not used with Autonomous Database or MySQL Database connections.
    3. User Password Secret: This menu is populated with any secrets you have access to from the Oracle Cloud Infrastructure vault. Select Change Compartment to find a secret in a different compartment.

    4. Create Password Secret: If no secrets are listed or a new secret must created, use this and provide the following information in the Create Password Secret dialog:

      1. Name: Give the secret a name. Do not use the password or hints of the password in the name. For example, if a connection to the sales PDB is needed for the DBA user, the name could be salesPDB-DBA.
      2. Description: Optionally, provide a description of the secret.
      3. Compartment: Select a compartment which you would like to create the secret in.
      4. Vault: Select an Oracle Cloud Infrastructure vault that you have access to where the secret will be kept. Select Change Compartment to find a vault in a different compartment.
      5. Encryption Key: Select an encryption key to be used to encrypt the supplied password in the vault. Select Change Compartment to find an encryption key in the same vault that is contained a different compartment.
      6. User Password: Provide the password for the user.
      7. Confirm User Password: Retype the password previously entered.
      8. Select Create when done to create the secret in the vault.

  6. The Connection String field is pre-populated if you used Select Database to select a database. If you selected Enter Database Information, you must provide the connect string.

    Connect string formats are as follows:

    • For Oracle Databases

      • HOSTNAME:DB_PORT/SERVICE_NAME

        Example:

        myserver.oraclecloud.com:1521/salespdb.privatesubnet.oraclecloud.com

      • (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=HOSTNAME)(PORT=DB_PORT)) (CONNECT_DATA=(SERVICE_NAME=SERVICE_NAME))

        Example:

        (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=myserver.oraclecloud.com)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=salespdb.privatesubnet.oraclecloud.com))
    • For MySQL Databases

      • mysql://HOST_IP_ADDRESS:DB_PORT

        Example:

        mysql://10.0.1.44:3306
  7. Use the Access database via a private network checkbox to designate that this connection will use a Private Endpoint. Then select the endpoint using the Private Endpoint menu. Select Change Compartment to find a private endpoint in a different compartment.

  8. Provide Secure Connection details.

    • For Oracle Databases

      A wallet must be provided when the use of mutual TLS (mTLS) authentication is required, or when TLS authentication is used and the database returns a certificate not signed by a trusted certificate authority. Oracle recommends using an SSO wallet.

      Select one of the following options in the Wallet Format menu:

      • SSO wallet (e.g, cwallet.sso)
      • Java Key Store (e.g., keystore.jks, truststore.jks)
      • PKCS#12
      • None

      Select Create Key Store Content Secret to add key stores to the vault, then provide the following information

      1. Name: Give the content secret a name.
      2. Description: Provide an optional description of the secret.
      3. Compartment: Select a compartment which you would like to create the content secret in.
      4. Vault: Select an Oracle Cloud Infrastructure vault you have access to where the content secret is kept. Select Change Compartment to find a vault in a different compartment.
      5. Encryption Key: Select an encryption key to be used to encrypt the content secret in the vault. Select Change Compartment to find an encryption key in a different compartment but in the same vault as previously chosen.

      6. Add the client wallet details to your vault.

        For Autonomous Database, you have a manual upload option and one of two automated options, depending on your Autonomous Database deployment and Data Guard configurations. The automated options are:
        • For Autonomous Databases on shared Exadata infrastructure that are not using Cross-Region Data Guard, the Retrieve regional auto login wallet from Autonomous Database option is available.
        • For Autonomous Databases on dedicated Exadata infrastructure, or Autonomous Databases on shared Exadata infrastructure that are using Cross-Region Data Guard, the Retrieve instance auto login wallet from Autonomous Database option is available.

        The manual Upload auto login wallet option lets you upload the cwallet.sso or ewallet.p12 files in the browser. You can drag and drop a file directly into the Wallet field, or select the Select a file link and navigate to the locally-stored file you are uploading.

        Select Create when done to create the content secret in the vault.

    • For MySQL Databases:

      SSL Details

      Use the select list to select from the following options. For a MySQL Database Service, Require is the default and only option to choose.

      • Require: Establish an encrypted connection if the server supports encrypted connections. The connection attempt fails if an encrypted connection cannot be established.

      • Require and Verify CA: Similar to Require, but additionally verify the server Certificate Authority (CA) certificate against the configured CA certificates. The connection attempt fails if no valid matching CA certificates are found.

      • Require and Verify Identity: Similar to Require and Verify CA, but additionally perform host name identity verification by checking the host name the client uses for connecting to the server against the identity in the certificate that the server sends to the client.

  9. Expand Advanced Options to configure the following:
    • Connections Properties: Provide additional parameters to this database connection. See To add or remove Connection Properties for details, including valid connection property names.

      For a proxy connection, the special oracle.jdbc.proxyClientName connection property can be used. See To add or remove Connection Properties

      Select Enable runtime support to use the SQL worksheet in OCI.

    • Proxy Authentication: For proxy authentication, provide the proxy client information to connect to the database.
      • Select Enable proxy authentication.
      • Proxy client username: The proxy client you want to use for the connection.
      • User Password Secret: This menu is populated with any secrets you have access to from the Oracle Cloud Infrastructure vault. Select Change Compartment to find a secret in a different compartment.
      • Create Password Secret: If no secrets are listed or to create a new secret, use this option and provide the following information in the Create Password Secret dialog:
        1. Name: Give the secret a name. Do not use the password or hints of the password in the name. For example, if a connection to the sales PDB is needed for the DBA user, the name could be salesPDB-DBA.
        2. Description: Optionally, provide a description of the secret.
        3. Compartment: Select a compartment in which to create the secret.
        4. Vault: Select an Oracle Cloud Infrastructure vault that you have access to where the secret will be kept. Select Change Compartment to find a vault in a different compartment.
        5. Encryption Key: Select an encryption key to encrypt the supplied password in the vault. Select Change Compartment to find an encryption key in the same vault but in a different compartment.
        6. User Password: Provide the password for the user.
        7. Confirm User Password: Retype the password previously entered.
        8. Select Create to create the secret in the vault.
      • Proxy client database roles: Use this menu to add a comma-separated list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client. If no role is needed, you can leave it empty.

    • Tags: (Optional) In the Tags section, add one or more tags to the connection.

      If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

  10. Select Create to create the Database Connection.