Using DBMS_CLOUD for Authentication

7.1 Using DBMS_CLOUD for Authentication

You can access the cloud storage using the DBMS_CLOUD Credential command. Presently, the DBMS_CLOUD Credential supports Oracle Cloud database.

With the DBMS_CLOUD Credential command (dbcc), you can:

Create a credential using Swift, OCI credentials, or an existing OCI profile.
Enable, disable, update, and drop a credential.
List the credentials.
Set the default credential.

Create a Credential

To create authentication using the Swift credential, use the following command:

dbcc create <new-credential-name> user <username> pass <password>

To create authentication using the OCI credential, use the following command:

dbcc create <new-credential-name> fingerprint <fingerprint> user_ocid <user-id> tenancy_ocid <tenancy-id> private_path <path-to-private-key>

To create authentication using OCI profile, use the following command:

dbcc create <new-credential-name> profile <oci-profile-name>

Enable, Disable, Update, and Drop a Credential

To enable a credential, use the following command:

dbcc enable <credential-name>

To disable a credential, use the following command:

dbcc disable <credential-name>

To update a credential, use the following command:

dbcc update <credential-name> <attribute> <value>

where <attribute> : [user_ocid] [tenancy | tenancy_id] [key_path | private_key_path] [print | fingerprint]

To drop a credential, use the following command:

dbcc drop <credential-name>

List the Credentials

To display a list of available credentials, use the following command:

dbcc list

Set the Default Credential

To set mycred as the default credential, use the following command:

dbcc mycred

To find help on the dbcc command, use the following command:

help dbccred

An Example to Create and Set a DBMS_CLOUD Credential

The following example details the steps to create and set different types of DBMS_CLOUD credentials.


--Set the path to the Wallet zip file on your system
SQL> set cloudconfig <path-to-Wallet-file>
Operation is successfully completed.

--Supply the database user name, password and the database service name provided in the tnsnames.ora
SQL> connect admin/<password>@adw20200526_high
Connected.

--Set Cloud Storage URL to the bucket
SQL> cs https://objectstorage.us-ashburn-1.example.com/n/test/b/example
DBMS_CLOUD Credential: Not Set
OCI Profile: Not Set
Transer Method: Not Set
URI as specified: https://objectstorage.us-ashburn-1.example.com/n/test/b/example

--create CREDENTIAL using Swift authentication
SQL> dbcc create swiftcred user <username> pass <password>
Credential SWIFTCRED created.
DBMS_CLOUD Credential set to SWIFTCRED.
Transfer method set to DBMS_CLOUD.

--create CREDENTIAL using OCI authentication
SQL> dbcc create ocicred fingerprint ec:98:83:**:**:**:b5 
     user_ocid ocid1.user.oc1......**g4xoca 
     tenancy_ocid ocid1.tenancy.oc1.....a**3n3a 
     private_path C:\\Users\\test\\.oci/freedb_api_key.pem
Credential OCICRED created.
DBMS_CLOUD Credential set to OCICRED.
Transfer method set to DBMS_CLOUD.

--create CREDENITAL using an existing OCI profile called freedb
--If profile name is not passed as a parameter, it takes the default 
   OCI profile details which is already set.
SQL> dbcc create profcred profile [freedb]      
Credential PROFCRED created.
DBMS_CLOUD Credential set to PROFCRED.
Transfer method set to DBMS_CLOUD.