@@ -112,7 +112,7 @@ plugin will require additional configuration using the `connection_url` paramete
112112``` shell
113113vault write database/config/oracle \
114114 plugin_name=vault-plugin-database-oracle \
115- connection_url=' {{ username }}/{{ password }}@tcps:// <host>: port/ <service_name>?param1=...¶m2=...&... ' \
115+ connection_url=' {{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL= tcps)(HOST= <host>(PORT=< port>))(CONNECT_DATA=(SERVICE_NAME= <service_name>))(SECURITY=(SSL_SERVER_CERT_DN="<cert_dn>")(MY_WALLET_DIRECTORY=<path_to_wallet>))) '
116116 allowed_roles=" my-role"
117117 username=" admin"
118118 password=" password"
@@ -124,12 +124,72 @@ to use for connection and verification could be configured using:
124124``` shell
125125vault write database/config/oracle \
126126 plugin_name=vault-plugin-database-oracle \
127- connection_url=' {{ username }}/{{ password }}@tcps://<host>:port/<service_name>?ssl_server_cert_dn= "CN=hashicorp.com,OU=TestCA,O=HashiCorp=com"&wallet_location=" /etc/oracle/wallets" ' \
127+ connection_url=' {{ username }}/{{ password }}@(DESCRIPTION=(ADDRESS=(PROTOCOL= tcps)(HOST=hashicorp.com)(PORT=1523))(CONNECT_DATA=(SERVICE_NAME=ORCL))(SECURITY=(SSL_SERVER_CERT_DN= "CN=hashicorp.com,OU=TestCA,O=HashiCorp=com")(MY_WALLET_DIRECTORY= /etc/oracle/wallets))) '
128128 allowed_roles=" my-role"
129129 username=" admin"
130130 password=" password"
131131```
132132
133+ ### Using TNS Names
134+
135+ Vault can optionally use TNS Names in the connection string when connecting to Oracle databases using a ` tnsnames.ora ` file. An example
136+ of a ` tnsnames.ora ` file may look like the following:
137+
138+ ``` shell
139+ AWSEAST=
140+ (DESCRIPTION =
141+ (ADDRESS = (PROTOCOL = TCPS)(HOST = hashicorp.us-east-1.rds.amazonaws.com)(PORT = 1523))
142+ (CONNECT_DATA =
143+ (SERVER = DEDICATED)
144+ (SID = ORCL)
145+ )
146+ (SECURITY =
147+ (SSL_SERVER_CERT_DN = " CN=hashicorp.rds.amazonaws.com/OU=RDS/O=Amazon.com/L=Seattle/ST=Washington/C=US"
148+ (MY_WALLET_DIRECTORY = /etc/oracle/wallet/east)
149+ )
150+ )
151+
152+ AWSWEST=
153+ (DESCRIPTION =
154+ (ADDRESS = (PROTOCOL = TCPS)(HOST = hashicorp.us-west-1.rds.amazonaws.com)(PORT = 1523))
155+ (CONNECT_DATA =
156+ (SERVER = DEDICATED)
157+ (SID = ORCL)
158+ )
159+ (SECURITY =
160+ (SSL_SERVER_CERT_DN = " CN=hashicorp.rds.amazonaws.com/OU=RDS/O=Amazon.com/L=Seattle/ST=Washington/C=US"
161+ (MY_WALLET_DIRECTORY = /etc/oracle/wallet/west)
162+ )
163+ )
164+ ```
165+
166+ To configure Vault to use TNS names, set the following environment variable on the Vault server:
167+
168+ ``` shell
169+ TNS_ADMIN=/path/to/tnsnames/directory
170+ ```
171+
172+ ~ > If Vault returns a "could not open file" error, double check that this environment
173+ variable is available to the Vault server.
174+
175+ Finally, use the alias in the ` connection_url ` parameter on the database configuration:
176+
177+ ```
178+ vault write database/config/oracle-east \
179+ plugin_name=vault-plugin-database-oracle \
180+ connection_url="{{ username }}/{{ password }}@AWSEAST" \
181+ allowed_roles="my-role" \
182+ username="VAULT_SUPER_USER" \
183+ password="myreallysecurepassword"
184+
185+ vault write database/config/oracle-west \
186+ plugin_name=vault-plugin-database-oracle \
187+ connection_url="{{ username }}/{{ password }}@AWSWEST" \
188+ allowed_roles="my-role" \
189+ username="VAULT_SUPER_USER" \
190+ password="myreallysecurepassword"
191+ ```
192+
133193## Usage
134194
135195### Dynamic Credentials
0 commit comments