Security and Authentication in Autonomous Transaction Processing

Autonomous Transaction Processing stores all data in encrypted format in the Oracle Database. Only authenticated users and applications can access the data when they connect to the database.

All connections to Autonomous Transaction Processing use certificate-based authentication and Secure Sockets Layer (SSL). This ensures that there is no unauthorized access to Autonomous Transaction Processing and that communications between the client and server are fully encrypted and cannot be intercepted or altered.

Certificate based authentication uses an encrypted key stored in a wallet on both the client (where the application is running) and the server (where your database is running). The key on the client must match the key on the server to make a connection. A wallet contains a collection of files, including the key and other information needed to connect to your database. For more information on connections to Autonomous Transaction Processing see About Connecting to an Autonomous Transaction Processing Instance.

You do not need to do any manual configuration to encrypt your data and the connections to your database. These are implemented by Autonomous Transaction Processing.

Autonomous Transaction Processing uses strong password complexity rules for all users based on Oracle Cloud security standards. For more information on the password complexity rules see Create Users on Autonomous Database.

You can further restrict connections by specifying a network Access Control List (ACL). By specifying a network ACL a specific Autonomous Transaction Processing database only accepts connections from addresses on the ACL and rejects all other client connections. See Overview of Restricting Access with ACLs for more information.

When you provision or clone an Autonomous Database, you can configure the network access so that the database uses a private endpoint. If your organization has strict security mandates that do not allow you to have a public endpoint for your database, this provides you with the necessary private endpoint. When you use private access, your database is only accessible through the IP address of the associated private endpoint. Additionally, this allows you to configure your access so that the traffic does not use public subnets and allows you to keep all traffic to and from your Autonomous Database off of the public internet within one of your tenancy's virtual cloud networks (VCNs). See Overview of Private Endpoints for more information.