8.3.2.3 Step 2: Add the User Name and Password Vault Reference (Optional)

To the JSON file that you created in Step 1, add the database user name and database password for authentication to Oracle Database. The password value is a vault reference.

This step is optional. With this configuration, you can omit database credentials in the connect identifier for the database connection.

1. Ensure that you have created either OCI Vault or Azure Key Vault with the database password stored as a secret, as explained in Prerequisites for Using the OCI Object Storage JSON File.
2. Specify the user and password objects in your JSON file.

   • user: Database user name.

   • password:

     • type: Type of vault used. Specify ocivault for OCI Vault and azurevault for Azure Key Vault.

     • value: For OCI Vault, specify the Oracle Cloud Identifier (OCID) of the secret stored in your vault. You can get this value from the Secret Details page under Secret Information in the OCI console. For example: "ocid1.vaultsecret.my-secret-id"

       For Azure Key Vault, specify the URI value of Azure Key Vault. You can get this value from the Azure portal or use REST API that gives details about vault. For example: "https://dbclients.vault.azure.net/secrets/salesappaswd"

     • authentication: Authentication parameters to access the Azure Key Vault secrets store:

       { 
         "azure_client_id" : "<client id>", 
         "azure_client_secret" : "<secret>",
         "azure_tenant_id" : "<tenant id>" 
       }

       You can access OCI Vault using the authentication parameters set at the command line in the connect identifier.

   The following sales.json file shows the user and password attributes along with connect_descriptor, configured for the sales.myexample.com service. The password is stored in Azure Key Vault.

   { 
    "connect_descriptor" : "(DESCRIPTION=
                              (ADDRESS=
                                 (PROTOCOL=TCP) 
                                 (HOST=my sales dbserver)
                                 (PORT=1521))
                              (CONNECT_DATA=
                                 (SERVER=DEDICATED)
                                 (SERVICE_NAME=sales.myexample.com))
                            )"
    "user" : "admin",  
    "password" : {
       "type" : "azurevault",
       "value" : "https://dbclient.vault.azure.net/secrets/salesdbpasswd",
       "authentication" : {
          "azure_client_id" : "a12a1b12-ab12-1ab1-a1b2-12345a123aba",
          "azure_client_secret" : "A1B1A~ABCabc~ABaAbAb1223ABAB12abc_abcd",
          "azure_tenant_id" : "1a123ab1-a1b2-1a12-a1b1-a12bcdab01234"
       }
    }
   }

   Similarly, the following multi.json file shows the user and password attributes along with connect_descriptor, specified for the sales and hr objects. The passwords are stored in OCI Vault.

   { 
    "sales" : { 
       "connect_descriptor" : "(DESCRIPTION=
                                 (ADDRESS=
                                    (PROTOCOL=TCP)
                                    (HOST=my sales dbserver)
                                    (PORT=1521))
                                 (CONNECT_DATA=
                                    (SERVER=DEDICATED)
                                    (SERVICE_NAME=sales.myexample.com))
                               )"
       "user" : "admin", 
       "password" : { 
         "type" : "ocivault", 
         "value" : "ocid1.vaultsecret.my-secret-id"
       }
    },
    "hr" : { 
       "connect_descriptor" : "(DESCRIPTION=
                                 (ADDRESS=
                                    (PROTOCOL=TCP)
                                    (HOST=my dbserver.my.example.com)
                                    (PORT=1521))
                                 (CONNECT_DATA=
                                    (SERVER=DEDICATED)
                                    (SERVICE_NAME=hr.my.example.com))
                              )" 
       "user" : "admin", 
       "password" : { 
         "type" : "ocivault", 
         "value" : "ocid1.vaultsecret.my-secret-id" 
       }
    } 
   }

3. Store your updated JSON file in the OCI Object Storage:

   In the OCI console, navigate to the Object Storage - Bucket Details page of your bucket and upload the file to that bucket under Objects.