Package oracle.jdbc.spi

Interface OracleConfigurationJsonSecretProvider

public interface OracleConfigurationJsonSecretProvider

Defines the contract for secret providers in a JSON Configuration. For more information please refer to: OracleConfigurationProvider.

The JSON Secret Provider can either define a 'password' or a 'wallet_location' with the following properties. For an example look at OracleConfigurationProvider:

  • 'type'. The secret type, required string. It is used by the Service Provider Interface to load the OracleConfigurationJsonSecretProvider implementation at runtime. The driver provides a built-in basic provider using Base64 (not recommended for production environments). Known external providers include: 'vault-oci' and 'vault-azure'.
  • 'value'. A reference to the secret value, required string, it depends on the secret type and the OracleConfigurationJsonSecretProvider implementation. If the type is 'base64', then it is the Base64 encoding of the secret. If the type is 'vault-oci', then it is the OCID of the secret in OCI. If it is 'vault-azure', then it is the Azure Key Vault URI.
  • 'authentication'. It is an optional object used by the OracleConfigurationJsonSecretProvider implementation to configure the authentication. Each provider can define the schema of this 'authentication' object. The built-in Base64 provider doesn't use it.

The driver provides a built-in basic provider using Base64 (not recommended for production environments).

  • Method Summary

    Modifier and Type
    Method
    Description
    static OracleConfigurationJsonSecretProvider
    find(String secretType)
    Helper method to load the Provider depending on its type.
    char[]
    getSecret(OracleJsonObject secret)
    Returns the secret using the 'value' and 'authentication' attributes of the password or wallet_location JSON Object.
    String
    getSecretType()
    Returns the secret type, which is a unique identifier for the Service Provider Interface.

  • Method Details

    • getSecret

      char[] getSecret(OracleJsonObject secret)

      Returns the secret using the 'value' and 'authentication' attributes of the password or wallet_location JSON Object.

      For example: if the password type is 'vault-oci', the password value should be the OCID of the Secret holding the password in OCI Vault. The same applies to the 'wallet_location' object.

      Parameters:
      secret - JSON Object, required by the provider to get the secret (either password or wallet_location). Not null.
      Returns:
      secret value. Not null.

    • getSecretType

      String getSecretType()
      Returns the secret type, which is a unique identifier for the Service Provider Interface. It is used by the JSON Provider at Runtime to load the different JSON Secret providers.
      Returns:
      secret type. Not null.

    • find

      static OracleConfigurationJsonSecretProvider find(String secretType)

      Helper method to load the Provider depending on its type. External providers for a secret in a JSON Provider need to implement this interface. The secret type is indicated in the JSON payload by the 'type' attribute in the 'password' or 'wallet_location' objects. Providers need to implement getSecretType() with this in mind.

      This method will look at runtime for (SPI) secret providers which type equals the one defined in the JSON payload.

      Parameters:
      secretType - secret type of the SPI to be found. Not null.
      Returns:
      OracleConfigurationJsonSecretProvider of this specific type.