From c8fe4bc800491aa81ab4d5139917e232bdb90d1f Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:38:33 +0000 Subject: [PATCH 1/2] backport of commit d573a9d96df654fea7b5eee9291b47275662d293 --- .../content/docs/secrets/databases/oracle.mdx | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/website/content/docs/secrets/databases/oracle.mdx b/website/content/docs/secrets/databases/oracle.mdx index 71630cce424..6578060c75c 100644 --- a/website/content/docs/secrets/databases/oracle.mdx +++ b/website/content/docs/secrets/databases/oracle.mdx @@ -106,9 +106,6 @@ pluggable databases rather than the container database in the `connection_url` f ### Connect Using SSL -~> **Note**: The wallets used when connecting via SSL should be available on every Vault -server when using high availability clusters. - If the Oracle server Vault is trying to connect to uses an SSL listener, the database plugin will require additional configuration using the `connection_url` parameter: @@ -133,6 +130,21 @@ vault write database/config/oracle \ password="password" ``` +#### Wallet Permissions + +~> **Note**: The wallets used when connecting via SSL should be available on every Vault +server when using high availability clusters. + +The wallet used by Vault should be in a well known location with the proper filesystem permissions. For example, if Vault is running as the `vault` user, +the wallet directory may be setup as followed: + +```shell +mkdir -p /etc/vault/wallets +cp cwallet.sso /etc/vault/wallets/cwallet.sso +chown -R vault:vault /etc/vault +chmod 600 /etc/vault/wallets/cwallet.sso +``` + ### Using TNS Names ~> **Note**: The `tnsnames.ora` file and environment variable used when connecting via SSL should From 04fcc299fc8ab744fbcf75d0caf8f98dfff4edaf Mon Sep 17 00:00:00 2001 From: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:59:13 +0000 Subject: [PATCH 2/2] backport of commit dbb79986ee8b635ba6dba5818db7cc9dfae3e815 --- website/content/docs/secrets/databases/oracle.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/secrets/databases/oracle.mdx b/website/content/docs/secrets/databases/oracle.mdx index 6578060c75c..9a8405cb8aa 100644 --- a/website/content/docs/secrets/databases/oracle.mdx +++ b/website/content/docs/secrets/databases/oracle.mdx @@ -136,7 +136,7 @@ vault write database/config/oracle \ server when using high availability clusters. The wallet used by Vault should be in a well known location with the proper filesystem permissions. For example, if Vault is running as the `vault` user, -the wallet directory may be setup as followed: +the wallet directory may be setup as follows: ```shell mkdir -p /etc/vault/wallets