Oracle Cloud Infrastructure Documentation

Create a Network Protocol Secret

You can create Oracle Cloud Infrastructure Vault service secrets that contain the network protocol credentials and details required to connect to the External MySQL DB system, when registering the External MySQL DB system in Database Management.

A secret securely contains sensitive information such as passwords, certificates, SSH keys, or authentication tokens. For information on Vault service secrets, see Managing Vault Secrets.

In the registration process, to connect to the External MySQL DB system deployed on premises, you must select a network protocol and provide the credentials and details within a secret in the Vault service. You can create the secret before you register the External MySQL DB system or during the registration process in Database Management. Note that before you create a secret, you must ensure that you have the required permissions. For information, see Permissions Required to Register External MySQL DB Systems and Enable Database Management.

If you want to create a secret in the Vault service before you register the External MySQL DB system, here's the format of the network protocol credentials that must be added to the secret:

  • TCP credentials
    {"userName":"<username>",
"password":"<user_password>",
"credentialName":"<credential_name>"}
  • TCP with SSL credentials
    {"userName":"<username>",
"password":"<user_password>",
"credentialName":"<credential_name>",
"trustCertificateKeyStoreType":"<trust_certificate_key_store_type>",
"trustCertificateKeyStoreUrl":"<trust_certificate_key_store_URL>" ,
"trustCertificateKeyStorePassword":"<trust_certificate_key_store_password>",
"clientCertificateKeyStoreType":"<client_certificate_key_store_type>",
"clientCertificateKeyStoreUrl":"<client_certificate_key_store_URL>",
"clientCertificateKeyStorePassword":"<client_certificate_key_store_password>",
"sslMode":"<ssl_mode>"}

    To provide the SSL cipher for the encrypted connection, add the following at the end of the TCP with SSL credentials:

    "tlsCiphersuites":"<TLS_Cipher_Suites>"
  • Socket credentials without password
    {"userName":"<username>",
"credentialName":"<credential_name>",
"socketFile":"<socket_file>"}

    Socket credentials with password

    {"userName":"<username>",
"password":"<user_password>",
"credentialName":"<credential_name>",
"socketFile":"<socket_file>"}
Note

If creating the network protocol credentials secret directly in the Vault service, the following free-form tags must be associated with the secret to make it available for use when registering the External MySQL DB system:
  • Secret for TCP credentials: TCP_SECRET_MYSQL
  • Secret for TCP with SSL credentials: TLS_SECRET_MYSQL
  • Secret for socket credentials: SOCKET_SECRET_MYSQL

Create a Secret for TCP Credentials

  1. Access the Register External MySQL DB system panel. For information, see Register an External MySQL DB System.
  2. In the Create connector section:
    1. Select TCP in the Network protocol field.
    2. Select Create new secret... in the TCP secret field.
  3. In the Create new TCP secret panel:
    1. Specify the following secret-related details:
      1. Name: Enter a user-friendly name to easily identify the secret. Note that a name in the following format is already displayed in this field and you can change it, if required:
        TCP_SECRET_MYSQL_<YYYYMMDDHHMMSS in UTC>
      2. Description: Optionally, enter a description for the secret.
      3. Choose compartment: Select the compartment in which you want to create the secret.
      4. Vault: Select the vault in which you want to create the secret. If you have to create a new vault for the secret, see Create a Vault.
      5. Encryption key: Select the master encryption key that you want to use to encrypt the contents of the secret while the secret is imported to the vault. Note that the key must belong to the same vault and the key must be a symmetric key. For information on encryption keys, see Managing Keys.
    2. Specify the credentials used to connect to the External MySQL DB system:
      1. User name: Enter the user name to connect to the External MySQL DB system.
      2. User password: Enter the password to connect to the External MySQL DB system.
      3. Credential name prefix: Enter the first part of the full credential name. This value is prefixed to a system-generated credential name to create the full credential name.
      4. Credential name: (Read-only) Credential name of the connection.
    3. Click Create secret.

Create a Secret for TCP with SSL Credentials

  1. Access the Register External MySQL DB system panel. For information, see Register an External MySQL DB System.
  2. In the Create connector section:
    1. Select TCP with SSL in the Network protocol field.
    2. Select Create new secret... in the SSL secret field.
  3. In the Create new SSL secret panel:
    1. Specify the following secret-related details:
      1. Name: Enter a user-friendly name to easily identify the secret. Note that a name in the following format is already displayed in this field and you can change it, if required:
        TLS_SECRET_MYSQL_<YYYYMMDDHHMMSS in UTC>
      2. Description: Optionally, enter a description for the secret.
      3. Choose compartment: Select the compartment in which you want to create the secret.
      4. Vault: Select the vault in which you want to create the secret. If you have to create a new vault for the secret, see Create a Vault.
      5. Encryption key: Select the master encryption key that you want to use to encrypt the contents of the secret while the secret is imported to the vault. Note that the key must belong to the same vault and the key must be a symmetric key. For information on encryption keys, see Managing Keys.
      6. SSL mode: Select an SSL mode from the following options:
        • If available: Establishes an encrypted connection if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established. This is the preferred option.
        • Require: Establishes an encrypted connection if the server supports encrypted connections.
        • Require and Verify CA: Similar to Require, but additionally verifies the server Certificate Authority (CA) certificate against the configured CA certificates. The connection attempt fails if no valid matching CA certificate is found.
        • Require and Verify Identity: Similar to Require and Verify CA, but additionally performs host name identity verification by checking the host name the client uses for connecting to the server against the identity in the certificate that the server sends to the client.
      7. SSL trust store type: Select the SSL trust store type.
      8. SSL trust store location: Enter the file path where the trust store file, .jks or .p12, is stored.
      9. SSL trust store password: Enter the SSL trust store password.
      10. SSL key store type: (Read-only) Type of SSL key store.
      11. SSL key store location: Enter the file path where the key store file, .jks or .p12, is stored.
      12. SSL key store password: Enter the SSL key store password.
      13. SSL cipher: Optionally, enter the SSL cipher for the encrypted connection.
    2. Specify the credentials used to connect to the External MySQL DB system:
      1. User name: Enter the user name to connect to the External MySQL DB system.
      2. User password: Enter the password to connect to the External MySQL DB system.
      3. Credential name prefix: Enter the first part of the full credential name. This value is prefixed to a system-generated credential name to create the full credential name.
      4. Credential name: (Read-only) Credential name of the connection.
    3. Click Create secret.

Create a Secret for Socket Credentials

  1. Access the Register External MySQL DB system panel. For information, see Register an External MySQL DB System.
  2. In the Create connector section:
    1. Select Sockets in the Network protocol field.
    2. Select Create new secret... in the Socket secret field.
  3. In the Create new Socket secret panel:
    1. Specify the following secret-related details:
      1. Name: Enter a user-friendly name to easily identify the secret. Note that a name in the following format is already displayed in this field and you can change it, if required:
        SOCKET_SECRET_MYSQL_<YYYYMMDDHHMMSS in UTC>
      2. Description: Optionally, enter a description for the secret.
      3. Choose compartment: Select the compartment in which you want to create the secret.
      4. Vault: Select the vault in which you want to create the secret. If you have to create a new vault for the secret, see Create a Vault.
      5. Encryption key: Select the master encryption key that you want to use to encrypt the contents of the secret while the secret is imported to the vault. Note that the key must belong to the same vault and the key must be a symmetric key. For information on encryption keys, see Managing Keys.
      6. Socket file path: Enter the location of the socket file within the MySQL server.
    2. Specify the credentials used to connect to the External MySQL DB system:
      1. User name: Enter the user name to connect to the External MySQL DB system.
      2. User password: Enter the password to connect to the External MySQL DB system.
      3. Credential name prefix: Enter the first part of the full credential name. This value is prefixed to a system-generated credential name to create the full credential name.
      4. Credential name: (Read-only) Credential name of the connection.
    3. Click Create secret.