dnrops
/
node-oracledb
mirror of https://github.com/oracle/node-oracledb
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add 1-way TLS documentation

This commit is contained in:
Christopher Jones 2022-09-08 16:47:29 +10:00
parent 6b28cb3c58
commit a61ef1f721
1 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
doc/api.md
View File

@ -502,6 +502,8 @@ For installation information, see the [Node-oracledb Installation Instructions][
- 16.10.5 [Database Call Timeouts](#dbcalltimeouts)
- 16.11 [Connecting to Oracle Real Application Clusters (RAC)](#connectionrac)
- 16.12 [Connecting to Oracle Cloud Autonomous Databases](#connectionadb)
- 16.12.1 [TLS Connections to Oracle Cloud Autonomous Databases](#connectionadbtls)
- 16.12.2 [Mutual TLS Connections to Oracle Cloud Autonomous Databases](#connectionadbmtls)
- 16.13 [Connecting to Sharded Databases](#sharding)
17. [SQL Execution](#sqlexecution)
- 17.1 [SELECT Statements](#select)
@ -11864,11 +11866,52 @@ Oracle Database][178].
### <a name="connectionadb"></a> 16.12 Connecting to Oracle Cloud Autonomous Databases
To enable connection to Oracle Autonomous Database in Oracle Cloud, a wallet
needs be downloaded from the cloud, and node-oracledb needs to be configured to
use it. The wallet gives mutual TLS which provides enhanced security for
authentication and encryption. A database username and password is still
required for your application connections.
To enable connection to Oracle Autonomous Database (ADB) in Oracle Cloud, you
can use TLS (aka "1-way" TLS) or mutual TLS (mTLS) connections.
#### <a name="connectionadbtls"></a> 16.12.1 TLS Connections to Oracle Cloud Autonomous Database
Node-oracledb does not need any additional configuration to use TLS connections
to ADB. However you must use Oracle Client libraries versions 19.14 (or
later), or 21.5 (or later).
Configure ADB through the cloud console settings 'Allow secure access from
specified IPs and VCNs' to allow connections from your Node.js host. In your
applications use the correct TLS connection string (available in the cloud
console). The connection strings for TLS and mTLS are different.
For example:
```javascript
const cs = `(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)
(host=abc.oraclecloud.com))(connect_data=(service_name=xyz.adb.oraclecloud.com))
(security=(ssl_server_dn_match=yes)))`;
connection = await oracledb.getConnection({
user: "scott",
password: mypw, // mypw contains the scott schema password
connectString: cs
});
```
A database username and password is required for your application connections.
If you need to create a new database schema so you do not login as the
privileged ADMIN user, refer to the relevant Oracle Cloud documentation, for
example see [Create Database Users][161] in the Oracle Autonomous Transaction
Processing Dedicated Deployments manual.
If you have downloaded the 'wallet' zip used for mTLS file, then remove the
`sqlnet.ora` file, or comment out its `WALLET_LOCATION` line, or set a valid
directory name for `WALLET_LOCATION` (see the mTLS discussion below).
Otherwise an incorrect path can cause a connection error when the file is
parsed.
#### <a name="connectionadbmtls"></a> 16.12.2 Mutal TLS connections to Oracle Cloud Autonomous Database
For Mutal TLS (mTLS) connections to ADB, a wallet needs be downloaded from the
cloud console, and node-oracledb needs to be configured to use it. Mutual TLS
provides enhanced security for authentication and encryption. A database
username and password is still required for your application connections.
##### Install the Wallet and Network Configuration Files