Package oracle.jdbc.spi

Interface OracleConfigurationJsonSecretProvider

All Superinterfaces:
OracleConfigurationSecretProvider
public interface OracleConfigurationJsonSecretProvider extends OracleConfigurationSecretProvider

Defines the contract for secret providers in a JSON Configuration. For more information please refer to: OracleConfigurationProvider.

There is a new interface OracleConfigurationSecretProvider designed for broader use cases that accepts Map as the input type and returns secrets. This interface (OracleConfigurationProvider) is kept due to backward compatibility reasons. The interface extends OracleConfigurationProvider so its implementations can still be located by a Service Loader.

The JSON Secret Provider can either define a 'password' or a 'wallet_location' with the following properties. For an example look at OracleConfigurationProvider:

  • 'type'. The secret type, required string. It is used by the Service Provider Interface to load the OracleConfigurationJsonSecretProvider implementation at runtime. The driver provides a built-in basic provider using Base64 (not recommended for production environments). Known external providers include: 'ocivault' and 'azurevault'.
  • 'value'. A reference to the secret value, required string, it depends on the secret type and the OracleConfigurationJsonSecretProvider implementation. If the type is 'base64', then it is the Base64 encoding of the secret. If the type is 'vault-oci', then it is the OCID of the secret in OCI. If it is 'vault-azure', then it is the Azure Key Vault URI.
  • 'authentication'. It is an optional object used by the OracleConfigurationJsonSecretProvider implementation to configure the authentication. Each provider can define the schema of this 'authentication' object. The built-in Base64 provider doesn't use it.

  • Method Details

    • getSecret

      char[] getSecret(OracleJsonObject secret)

      Returns the secret using the 'value' and 'authentication' attributes of the password or wallet_location JSON Object.

      For example: if the password type is 'vault-oci', the password value should be the OCID of the Secret holding the password in OCI Vault. The same applies to the 'wallet_location' object.

      Parameters:
      secret - JSON Object, required by the provider to get the secret (either password or wallet_location). Not null.
      Returns:
      secret value. Not null.

    • getSecret

      default char[] getSecret(Map<String,String> secretProperties)

      Returns the secret using the 'value' and 'authentication' attributes of the password or wallet_location objects in configuration.

      For example: if the password type is 'ocivault', the password value should be the OCID of the Secret holding the password in OCI Vault. The same applies to the 'wallet_location' object.

      This method has default implementation which recovers the input secretProperties to the original OracleJsonObject format, and calls getSecret(OracleJsonObject) using the recovered OracleJsonObject to get the secret.

      Specified by:
      getSecret in interface OracleConfigurationSecretProvider
      Parameters:
      secretProperties - secret map, required by the provider to get the secret (either password or wallet_location). Not null.
      Returns:
      secret value. Not null.

    • find

      static OracleConfigurationJsonSecretProvider find(String secretType)

      Helper method to load the Provider depending on its type. External providers for a secret in a JSON Provider need to implement this interface. The secret type is indicated in the JSON payload by the 'type' attribute in the 'password' or 'wallet_location' objects. Providers need to implement getSecretType() with this in mind.

      This method will look at runtime for (SPI) secret providers which type equals the one defined in the JSON payload.

      Parameters:
      secretType - secret type of the SPI to be found. Not null.
      Returns:
      OracleConfigurationJsonSecretProvider of this specific type.