Oracle Cloud Infrastructure Documentation

Connecting to an Autonomous Database

This topic describes the following actions related to connecting client applications to an Autonomous Database:

  • Connecting a client to an Autonomous Database with serverless deployment
  • Obtaining the credentials and information you need to create a connection
  • Rotating the keys and credentials needed for a connection (wallet rotation)
  • Obtaining access URLs for Oracle Application Express (APEX) and Oracle SQL Developer Web

Tip

For information on connecting a client to an Autonomous Database with dedicated deployment, see the Connecting to Autonomous Data Warehouse and Connecting to Autonomous Transaction Processing.

About Connecting to Autonomous Databases

Applications and tools connect to Autonomous Databases by using Oracle Net Services (also known as SQL*Net). SQL*Net supports a variety of connection types to Autonomous Databases, including Oracle Call Interface (OCI), ODBC drivers, JDBC OC, and JDBC Thin Driver.

To support connections of any type, you'll need to download the client security credentials and network configuration settings required to access your database. You'll also need to supply the applicable TNS names or connection strings for a connection, depending on the client application or tool, type of connection, and service level. You can view or copy the TNS names and connection strings in the DB Connection dialog for your Autonomous Database. For detailed information about the TNS names, see Predefined Database Service Names for Autonomous Transaction Processing and Predefined Database Service Names for Autonomous Data Warehouse.

Connecting from a VCN

To connect to Autonomous Databases from a VCN, the VCN must be configured with one of the following gateways:

Make sure to configure the subnet's route table with a rule that sends the desired traffic to the specific gateway. Also configure the subnet's security lists to allow the desired traffic.

You can also connect to your database from a private IP addresses in your on-premises network by using transit routing with an Oracle Cloud Infrastructure VCN. This allows traffic to move directly from your on-premises network to your Autonomous Databasewithout going over the internet. See Transit Routing: Private Access to Oracle Services for more information on this method of access.

About Downloading Client Credentials

The client credentials .zip that you download contains the following files:

  • cwallet.sso - Oracle auto-login wallet
  • ewallet.p12 - PKCS #12 wallet file associated with the auto-login wallet
  • sqlnet.ora - SQL*Net profile configuration file that includes the wallet location and TNSNAMES naming method
  • tnsnames.ora - SQL*Net configuration file that contains network service names mapped to connect descriptors for the local naming method
  • Java Key Store (JKS) files - Key store files for use with JDBC Thin Connections
Important

Wallet files, along with the database user ID and password, provide access to data in your Autonomous Database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

For Autonomous Databases using serverless deployment, you have the choice of downloading an instance wallet file or a regional wallet file. The instance wallet contains only credentials and keys for a single Autonomous Database. The regional wallet contains credentials and keys for all Autonomous Databases in a specified region. For security purposes, Oracle recommends that regional wallets be used only by database administrators, and that instance wallets be supplied to other users whenever possible.

For Autonomous Databases using dedicated deployment, the wallet file contains only credentials and keys for a single Autonomous Database.

About Rotating Your Autonomous Database Wallet

For Autonomous Databases using serverless deployment, you can rotate an instance or regional wallet for security purposes. When your wallet rotation is complete, you will have a new set of certificate keys and credentials, and the old wallet's keys and credentials will be invalid. Rotating an instance wallet does not invalidate the regional wallet that covers the same database instance. Rotating a regional wallet affects all databases in the specified region. User session termination begins after wallet rotation completes, however this process does not happen immediately.

Important

If you are rotating a wallet to address a security breach and need to reestablish all database connections immediately using the keys and credentials of your newly rotated wallet, stop and restart the database instance.

Before You Begin

The Autonomous Database is preconfigured to support Oracle Net Services (a TNS listener is installed and configured to use secure TCPS and client credentials.) The client computer must be prepared to use Oracle Net Services to connect to the Autonomous Database. Preparing your client includes downloading the client credentials. See the following links for steps you might have to perform before you access the client credentials and connection information for your Autonomous Database

Serverless deployments
Dedicated deployments

Using the Oracle Cloud Infrastructure Console

To download a wallet for an Autonomous Database with serverless deployment
To download a wallet for an Autonomous Database with dedicated deployment
To rotate an Autonomous Database wallet (serverless deployment only)
To obtain access URLs for Oracle Application Express (APEX) and Oracle SQL Developer Web (dedicated deployment only)

Using the API

Use the GenerateAutonomousDatabaseWallet API operation to download the client credentials for your Autonomous Database.

Use the UpdateAutonomousDatabaseWalletDetails API operation to rotate the wallet for your Autonomous Database.

Use the AutonomousDatabase API operation to get the access URLs for Application Express (APEX) and SQL Developer Web.

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Hidden x-ref linking content. Do not remove! This topic has moved. Please update your bookmarks.

Hidden x-ref linking content. Do not remove! This topic has moved. Please update your bookmarks.