Chapter 3

Connect to Autonomous Database

If you are not an Autonomous Database administrator and your application requires a
wallet to connect, then your administrator should provide you with the client
credentials. You can also view TNS names and connection strings for your database.
• Download Client Credentials (Wallets)
To download client credentials you can use the Oracle Cloud Infrastructure
Console or Database Actions.
• Wallet README File
The wallet README file contains the wallet expiration information and details for
Autonomous Database tools and resources.
• View TNS Names and Connection Strings for an Autonomous Database Instance
From the Database Connection page on the Oracle Cloud Infrastructure Console
you can view Autonomous Database TNS names and connection strings.

Download Client Credentials (Wallets)

To download client credentials you can use the Oracle Cloud Infrastructure Console or
Database Actions.

Note:
The password you provide when you download the wallet protects the
downloaded Client Credentials wallet.

For commercial regions, the wallet password complexity for the password you supply
requires the following:
• Minimum of 8 characters
• Minimum of 1 letter
• Minimum of 1 numeric character or 1 special character
For US Government regions, the wallet password complexity requires all of the
following:
• Minimum of 15 characters
• Minimum of 1 lowercase letter
• Minimum of 1 uppercase letter
• Minimum of 1 numeric character
• Minimum 1 special character
To download client credentials from the Oracle Cloud Infrastructure Console:
1. Navigate to the Autonomous Database details page.
2. Click Database connection.
3. On the Database connection page select the Wallet type:
• Instance wallet: Wallet for a single database only; this provides a database-
specific wallet.
• Regional wallet: Wallet for all Autonomous Databases for a given tenant and
region (this includes all service instances that a cloud account owns).

3-34
 Chapter 3
Connect to Autonomous Database

Note:
Oracle recommends you provide a database-specific wallet, using Instance
wallet, to end users and for application use whenever possible. Regional
wallets should only be used for administrative purposes that require potential
access to all Autonomous Databases within a region.

4. Click Download wallet.

5. In the Download wallet dialog, enter a wallet password in the Password field and
confirm the password in the Confirm password field.
6. Click Download to save the client security credentials zip file.
By default the filename is: Wallet_databasename.zip. You can save this file as any
filename you want.
You must protect this file to prevent unauthorized database access.
To download client credentials from Database Actions:
First, access Database Actions as the ADMIN user. See Access Database Actions as ADMIN
for more information.
1. Access Database Actions as the ADMIN user. See Access Database Actions as ADMIN
for more information.
2. On the Database Actions Launchpad, under Administration, select Download Client
Credentials (Wallet).
3. On the Download Client Credentials (Wallet) page, enter a wallet password in the
Password field and confirm the password in the Confirm Password field.
4. Click Download to save the client security credentials zip file. By default the filename is:
Wallet_databasename.zip. You can save this file as any filename you want. You must
protect this file to prevent unauthorized database access.

Note:
When you use Database Actions to download a wallet there is no Wallet type
option on the Download Client Credentials (Wallet) page and you always
download an instance wallet. If you need to download the regional wallet click
Database connection on the Oracle Cloud Infrastructure Console.

The zip file includes the following:

File Description
cwallet.sso Auto-open SSO wallet
ewallet.p12 PKCS12 file. The PKCS12 file is protected by the
wallet password provided while downloading the
wallet.
ewallet.pem Encoded certificate file used to authenticate with
certificate authority (CA) server certificate.

3-35
 Chapter 3
Connect to Autonomous Database

File Description
keystore.jks Java keystore file. This file is protected by the
wallet password provided while downloading the
wallet.
ojdbc.properties Contains the wallet related connection property
required for JDBC connection. This should be in
the same path as tnsnames.ora.
README Contains wallet expiration information and links for
Autonomous Database tools and resources.
See Wallet README File for information on the
contents of the README file.
sqlnet.ora SQL*Net client side configuration.
tnsnames.ora Network configuration file storing connect
descriptors.
truststore.jks Java truststore file. This file is protected by the
wallet password provided while downloading the
wallet.

Notes for wallet files and the wallet password:

• To invalidate database client certification keys associated with a wallet, see Rotate
Wallets with Immediate Rotation.
• Wallet files, along with the Database user ID and password provide access to data
in your database. Store wallet files in a secure location. Share wallet files only with
authorized users. If wallet files are transmitted in a way that might be accessed by
unauthorized users (for example, over public email), transmit the wallet password
separately and securely.
• For better security, Oracle recommends using restricted permissions on wallet
files. This means setting the file permissions to 600 on Linux/Unix. Similar
restrictions can be achieved on Windows by letting the file owner have Read and
Write permissions while all other users have no permissions.
• Autonomous Database uses strong password complexity rules for all users based
on Oracle Cloud security standards. For more information on the password
complexity rules see Create Users on Autonomous Database - Connecting with a
Client Tool.
• The README file that contains wallet expiration information is not available in wallet
zip files that were downloaded before April 2020.
• Starting six weeks before the wallet expiration date Autonomous Database sends
notification emails each week, indicating the wallet expiration date. These emails
provide notice before your wallet expires that you need to download a new wallet.
You will receive these notification emails only if there is a connection that uses a
wallet that is about to expire.
You can also use the WalletExpirationWarning event to be notified when a wallet
is due to expire. You will receive these notification events only if you are
subscribed to Critical events and there is a connection that uses a wallet that is
about to expire. See About Events Based Notification and Automation on
Autonomous Database for more information.

3-36
 Chapter 3
Connect to Autonomous Database

Wallet README File

The wallet README file contains the wallet expiration information and details for Autonomous
Database tools and resources.
The wallet expiration information at the top of the README file shows the following
information:
• The date when the wallet was downloaded.
• The date when the wallet SSL certificate provided in the wallet expires. If your wallet is
nearing expiration or is expired, then download a new wallet or obtain a new wallet from
your Autonomous Database administrator. If you do not download a new wallet before the
expiration date, you will no longer be able to connect to your database.
The Autonomous Database tools and resources area provides the following information:

Tool or Resource Description

Database Actions Load, explore, transform, model, and catalog your data. Use an
SQL worksheet, build REST interfaces and low-code apps,
manage users and connections, build and apply machine learning
models.
Access Link: provides the link to use Database Actions. See
Connect with Built-In Oracle Database Actions for more
information.
Graph Studio Oracle Graph Studio lets you create scalable property graph
databases. Graph Studio automates the creation of graph models
and in-memory graphs from database tables. It includes
notebooks and developer APIs that allow you to execute graph
queries using PGQL (an SQL-like graph query language) and over
50 built-in graph algorithms. Graph Studio also offers dozens of
visualization, including native graph visualization.
Access Link provides the link to use Graph Studio. See About
Oracle Graph Studio on Autonomous Database for more
information.
Oracle APEX Oracle APEX is a low-code development platform that enables
you to build scalable, secure enterprise apps that can be deployed
anywhere.
Access Link: provides the link to use Oracle APEX. See Access
Oracle APEX Administration Services for more information.
Oracle Machine Learning User Create new Oracle Machine Learning user accounts and manage
Management the credentials for existing Oracle Machine Learning users.
Access Link: provides the link to use Oracle Machine Learning
User Management. See Create and Update User Accounts for
Oracle Machine Learning Components on Autonomous Database
for more information.

3-37
 Chapter 3
Connect to Autonomous Database

Tool or Resource Description

Oracle Machine Learning User Oracle Machine Learning notebooks provide easy access to
Notebooks Oracle's parallelized, scalable in-database implementations of a
library of Oracle Advanced Analytics' machine learning algorithms
(classification, regression, anomaly detection, clustering,
associations, attribute importance, feature extraction, times series,
and so on), SQL, PL/SQL and Oracle's statistical and analytical
SQL functions.
Access Link: provides the link to use Oracle Machine Learning
User Notebooks. See Work with Oracle Machine Learning User
Interface for Data Access, Analysis, and Discovery for more
information.
SODA Drivers Simple Oracle Document Access (SODA) is a set of APIs that let
you work with JSON documents managed by the Oracle
Database without needing to use SQL. SODA drivers are available
for REST, Java, Node.js, Python, PL/SQL, and C.
Access Link: provides the link to download the SODA drivers. See
Work with Simple Oracle Document Access (SODA) in
Autonomous Database for more information.

Notes for wallet README file:

• If you rename your Autonomous Database instance, the tools links change and the
old links no longer work. To obtain valid tools links you must download a new
Wallet zip file with an updated README file. The SODA drivers link is a resource
link and this link does not change when you rename an instance.
• The README in a regional wallet does not contain the Autonomous Database tools
and resources links.

View TNS Names and Connection Strings for an Autonomous Database

Instance
From the Database Connection page on the Oracle Cloud Infrastructure Console you
can view Autonomous Database TNS names and connection strings.

Note:
See Update your Autonomous Database Instance to Allow both TLS and
mTLS Authentication for information on allowing TLS connections.

Perform the following steps as necessary:

• Open the Oracle Cloud Infrastructure Console by clicking the next to Oracle
Cloud.
• From the Oracle Cloud Infrastructure left navigation menu click Oracle Database
and then, depending on your workload click one of: Autonomous Data Warehouse,
Autonomous JSON Database, or Autonomous Transaction Processing.
• On the Autonomous Databases page select your Autonomous Database from the
links under the Display Name column.

3-38
 Chapter 3
Connect to Autonomous Database

To view the TNS names and connection strings, do the following:

1. On the Autonomous Database details page, click Database connection.
By default this shows the Mutual TLS connection information in a table with the TNS
names and connection strings for the Autonomous Database instance.
2. When both Mutual TLS (mTLS) and TLS connections are allowed, under TLS
authentication select TLS to view the TNS names and connection strings for
connections with TLS authentication.
The TNS names are the same for mTLS and TLS authentication. The connection strings
differ for mTLS and TLS connections, with different port definitions. Mutual TLS (mTLS)
connections use port 1522. TLS connections use port 1521.
In the Connection String column, click Show to display the full value of a connection
string or click Copy to copy a connection string.
For example, when you click Show you see the full connection string.

3-39
 Chapter 3
Connect to Autonomous Database

Connect to Autonomous Database Using Oracle Database Tools

Oracle Database Tools such as SQL Developer, SQL*Plus, and SQLcl can be used
with Autonomous Database.

3-40
 Chapter 3
Connect to Autonomous Database

The following sections provide step-by-step instructions for connecting to Autonomous

Database using these tools.
• Connect Oracle SQL Developer with a Wallet (mTLS)
Oracle SQL Developer is a free integrated development environment that simplifies the
development and management of Autonomous Database.
• Connect Oracle SQL Developer Without a Wallet
Oracle SQL Developer is a free integrated development environment that simplifies the
development and management of Autonomous Database. Oracle SQL Developer
provides support for connecting using TLS authentication without a wallet.
• Connect Oracle SQL Developer (earlier than Version 18.2) with a Wallet (mTLS)
Oracle SQL Developer is a free integrated development environment that simplifies the
development and management of Oracle Database in both traditional and cloud
deployments.
• Connect SQL*Plus with a Wallet (mTLS)
SQL*Plus is a command-line interface used to enter SQL commands. SQL*Plus connects
to an Oracle database.
• Connect SQL*Plus Without a Wallet
SQL*Plus is a command-line interface used to enter SQL commands. SQL*Plus connects
to an Oracle database.
• Connect Oracle SQLcl Cloud with a Wallet (mTLS)
SQLcl is a command-line interface used to enter SQL commands. You can use SQLcl to
connect to an Autonomous Database with client credentials configured (mTLS).
• Connect Oracle SQLcl Cloud Without a Wallet
SQLcl is a command-line interface used to enter SQL commands. You can use SQLcl to
connect to an Autonomous Database with TLS authentication without a wallet.

Connect Oracle SQL Developer with a Wallet (mTLS)

Oracle SQL Developer is a free integrated development environment that simplifies the
development and management of Autonomous Database.
SQL Developer can connect to Autonomous Database and contains enhancements for key
Autonomous Database features. You can download the latest version of Oracle SQL
Developer for your platform from the Download link on this page: Oracle SQL Developer.
For connecting with mTLS authentication, Oracle SQL Developer provides support for wallet
files using the Cloud Wallet Connection Type. Oracle recommends that you use version 18.2
(or later); however, earlier versions of SQL Developer will work with Autonomous Database
using an Oracle Wallet.
For connecting with TLS authentication, Oracle SQL Developer provides support using the
Custom JDBC Connection Type. See Connect with Oracle SQL Developer with TLS
Authentication for details on connecting using TLS authentication.
To create a new mTLS connection to Autonomous Database, do the following:
Obtain your credentials to access Autonomous Database. For more information, see
Download Client Credentials (Wallets).
1. Start Oracle SQL Developer and in the connections panel, right-click Connections and
select New Database Connection....

3-41
 Chapter 3
Connect to Autonomous Database

2. Choose the Connection Type Cloud Wallet.

3. Enter the following information:
• Connection Name: Enter the name for this connection.
• Username: Enter the database username. You can either use the default
administrator database account (ADMIN) provided as part of the service or
create a new schema, and use it.
• Password: Enter the password for the database user.
• Connection Type: Select Cloud Wallet (if you are using SQL Developer 18.2,
this is Cloud PDB)
• Configuration File : Click Browse, and select the client credentials zip file.
• Service: Enter the database TNS name. The client credentials file includes a
tnsnames.ora file that provides database TNS names with corresponding
services.

Note:
Versions of SQL Developer before 18.2 require that you enter a
Keystore Password. For more information, see Connect Oracle
SQL Developer (earlier than Version 18.2) with a Wallet (mTLS).

3-42
 Chapter 3
Connect to Autonomous Database

4. Click Connect to connect to the database.

Note:
If you are using Microsoft Active Directory, then for Username enter the Active
Directory "AD_domain\AD_username" (you may include double quotes), and for the
Password, enter the password for the Active Directory user. See Use Microsoft
Active Directory with Autonomous Database for more information.

Connect Oracle SQL Developer Without a Wallet

Oracle SQL Developer is a free integrated development environment that simplifies the
development and management of Autonomous Database. Oracle SQL Developer provides
support for connecting using TLS authentication without a wallet.

Note:
See Update your Autonomous Database Instance to Allow both TLS and mTLS
Authentication for information on allowing TLS connections.

To create a new TLS connection to Autonomous Database:

1. Copy a connection string for the Autonomous Database.
To connect with TLS authentication copy a TLS connection string. On the Database
Connection page, under TLS Authentication, select TLS to view the connection strings
for connecting with TLS authentication.

3-43