Use Vault Secret Credentials

Describes using vault secret credentials, where the credentials secret (password) is stored as a secret in a vault. You can then use vault secret credentials to access cloud resources or to access other databases (use anywhere that username/password type credentials are required).

You can create vault secret credentials with secrets stored in any of the supported vaults:

  • Oracle Cloud Infrastructure Vault

  • Azure Key Vault

  • AWS Secrets Manager

  • GCP Secret Manager

For example, some possible uses cases for vault secret credentials:

  • You can avoid duplicating secrets (passwords) when you access cloud resources from an Autonomous Database instance. In this case, you store secrets in a vault and Autonomous Database accesses the vault. This allows you to rotate secrets without updating the credentials you create to access cloud resources.

  • You can use vault secret credentials with database links. In this case, you can create routines that access another database and you don't need to expose passwords in your code.

Note the following limitations for vault secret credentials:

  • Operations that use Oracle Data Pump do not support vault secret credentials (for example impdp and expdp).

  • Access for big data format files, such as Parquet, AVRO, or ORC with Oracle Cloud Infrastructure Native URLs do not support vault secret credentials.