Assign ZPR Security Attributes to Your Instance
Zero Trust Packet Routing (ZPR) protects sensitive data by enforcing intent-based policies on OCI resources that include security attributes. If your Oracle Integration instance needs to send information to a ZPR-secured OCI resource, your instance must include the appropriate security attributes, and you must use a private endpoint.
Your tenancy administrator enables ZPR, creates security attributes, and defines ZPR policies. Security attributes are labels that ZPR uses to organize and identify OCI resources. The security attributes are used in ZPR policies to define who can access those resources, and where the data can go. Then service administrators, like you, assign the security attributes to their service instances. When one OCI resource requests access to another OCI resource, ZPR looks at the security attributes for both resources and enforces the ZPR policies.
Example
Let's look at an example.
- Security attribute:
data:sensitive - Security attribute:
hosts:trusted - ZPR policy:
in networks:internal VCN allow hosts:trusted endpoints to connect to data:sensitive endpoints
Your Oracle Integration instance needs to send data to an OCI resource with the data:sensitive security attribute. So, your instance needs to include the security attribute hosts:trusted.
For more information on ZPR, see Zero Trust Packet Routing in the Oracle Cloud Infrastructure documentation.
You Must Use a Private Endpoint
The ZPR security attributes you add to your Oracle Integration instance are included only when you send data sent through a private endpoint. See Configure a Private Endpoint for Your Instance.
ZPR Applies to Outbound Traffic
The ZPR security attributes you assign to Oracle Integration apply to outbound data from Oracle Integration. If you want to control inbound access to Oracle Integration, see Restrict Access to an Instance Using an Allowlist.