To create a Database Connection:

1. Open the navigation menu and click Developer Services.
2. In the Database Tools section, click Connections.
3. On the Connections list view page, click Create Connection.
4. Provide the following information about the connection:
   • Name: A user-friendly informative name to describe the connection.
   • Compartment: Choose a compartment you have permission to work in for the connection.

5. Use the Select Database option to select a database that exists in your Oracle Cloud Infrastructure tenancy, or use the Enter Database Information option to enter the database information yourself.

   If you are using the Enter Database Information option, go to step 8.

6. For the Select Database option, use the Database Type menu to select a database type: Oracle Autonomous Database, Oracle Database (Bare Metal, VM, Exadata), MySQL Database, and Oracle Exadata on Oracle Public Cloud.

   • For Oracle Autonomous Database:
     1. Use the Databases menu to choose an Autonomous Database. Use the Change Compartment link to find an Autonomous Database in a different compartment.
   • For Oracle Database (Bare Metal, VM, Exadata):
     1. Use the Database System menu to choose an existing DB system to use for this connection. Use the Change Compartment link to find an DB system in a different compartment.
     2. Use the Database Home menu to pick the Database Home containing the database you want to connect to.
     3. Use the Database menu to choose a database.
     4. After you select a Database, use the Pluggable Database menu to choose the pluggable database (PDB) you want to connect to. If you want to create a connection to the container database (CDB), do not select a pluggable database. Container and pluggable databases are available in Oracle Database 12.1 and greater.
   • For MySQL Database:
     1. Use the Databases type menu to choose a MySQL Database. Use the Change Compartment link to find a MySQL Database in a different compartment.
   • For Oracle Exadata on Oracle Public Cloud:
     1. Use the VM Cluster menu to select the Exadata VM cluster containing the database you would like to use for this connection. Use the Change Compartment link to find an Exadata VM cluster in a different compartment.
     2. Once the VM Cluster has been selected, use the Database menu to pick a database you want to connect to.

7. For the Select Database option, provide the user information you want to use to connect to the database.

   (If you selected the Enter Database Information option, go to step 8.)

   1. User Name: The database user you want to use for the connection. For Oracle Database, you can connect through a proxy user using the following user name syntax: proxyUser[proxyClient]. See Creating Proxy User Accounts
   2. Role: Use this menu to select a high-level, system wide administrative privileged role to be granted to the user you provided. If no role is needed, you can leave the default value.
      Note
      
      Role is not used with Autonomous Database or MySQL Database connections.
   3. User Password Secret: This menu is populated with any secrets you have access to from the Oracle Cloud Infrastructure vault. Click Change Compartment to find a secret in a different compartment.

   4. Create Password Secret: If no secrets are listed or a new secret must created, use this and provide the following information in the Create Password Secret dialog:

      1. Name: Give the secret a name. Do not use the password or hints of the password in the name. For example, if a connection to the sales PDB is needed for the DBA user, the name could be salesPDB-DBA.
      2. Description: Optionally, provide a description of the secret.
      3. Compartment: Select a compartment which you would like to create the secret in.
      4. Vault: Choose an Oracle Cloud Infrastructure vault that you have access to where the secret will be kept. Click Change Compartment to find a vault in a different compartment.
      5. Encryption Key: Select an encryption key to be used to encrypt the supplied password in the vault. Click Change Compartment to find an encryption key in the same vault that is contained a different compartment.
      6. User Password: Provide the password for the user.
      7. Confirm User Password: Retype the password previously entered.
      8. Click Create when done to create the secret in the vault.

8. The Connection String field is pre-populated if you used Select Database to select a database. If you selected Enter Database Information, you must provide the connect string.

   Connect string formats are as follows:

   • For Oracle Databases

     • HOSTNAME:DB_PORT/SERVICE_NAME

       Example:

       myserver.oraclecloud.com:1521/salespdb.privatesubnet.oraclecloud.com

     • (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=HOSTNAME)(PORT=DB_PORT)) (CONNECT_DATA=(SERVICE_NAME=SERVICE_NAME))

       Example:

       (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP) (HOST=myserver.oraclecloud.com)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=salespdb.privatesubnet.oraclecloud.com))
   • For MySQL Databases

     • mysql://HOST_IP_ADDRESS:DB_PORT

       Example:

       mysql://10.0.1.44:3306
9. Use the Network Connectivity via Private Endpoint checkbox to designate that this connection will use a Private Endpoint. Then select the endpoint using the Private Endpoint menu. Click Change Compartment to find a private endpoint in a different compartment.
10. Click Show Advanced Options to configure the following:
    • Connections Properties: Provide additional parameters to this database connection. See To add or remove Connection Properties for details, including valid connection property names.

      For a proxy connection, the special oracle.jdbc.proxyClientName connection property can be used. See To add or remove Connection Properties

    • Proxy Authentication: For proxy authentication, provide the proxy client information to connect to the database.
      • Select Enable proxy authentication.
      • Proxy client username: The proxy client you want to use for the connection.
      • User Password Secret: This menu is populated with any secrets you have access to from the Oracle Cloud Infrastructure vault. Click Change Compartment to find a secret in a different compartment.
      • Create Password Secret: If no secrets are listed or to create a new secret, use this option and provide the following information in the Create Password Secret dialog:
        1. Name: Give the secret a name. Do not use the password or hints of the password in the name. For example, if a connection to the sales PDB is needed for the DBA user, the name could be salesPDB-DBA.
        2. Description: Optionally, provide a description of the secret.
        3. Compartment: Select a compartment in which to create the secret.
        4. Vault: Choose an Oracle Cloud Infrastructure vault that you have access to where the secret will be kept. Click Change Compartment to find a vault in a different compartment.
        5. Encryption Key: Select an encryption key to encrypt the supplied password in the vault. Click Change Compartment to find an encryption key in the same vault but in a different compartment.
        6. User Password: Provide the password for the user.
        7. Confirm User Password: Retype the password previously entered.
        8. Click Create to create the secret in the vault.
      • Proxy client database roles: Use this menu to add a comma-separated list of database roles for the client. These roles are enabled if the proxy is authorized to use the roles on behalf of the client. If no role is needed, you can leave it empty.
    • Tags: Apply free-form tags or defined tags to this resource. You must have permissions to use the tag namespace for defined tags. See Resource Tags for information about using tags to manage your OCI resources.
11. After you complete the Connection Details section, click Next.

12. Provide Secure Connection details.

    • For Oracle Databases

      A wallet must be provided when the use of mutual TLS (mTLS) authentication is required, or when TLS authentication is used and the database returns a certificate not signed by a trusted certificate authority. Oracle recommends using an SSO wallet.

      Choose one of the following options in the Wallet Format menu:

      • SSO wallet (e.g, cwallet.sso)
      • Java Key Store (e.g., keystore.jks, truststore.jks)
      • PKCS#12
      • None

      Click Create Key Store Content Secret to add key stores to the vault, then provide the following information

      1. Name: Give the content secret a name.
      2. Description: Provide an optional description of the secret.
      3. Compartment: Select a compartment which you would like to create the content secret in.
      4. Vault: Choose an Oracle Cloud Infrastructure vault you have access to where the content secret is kept. Click Change Compartment to find a vault in a different compartment.
      5. Encryption Key: Select an encryption key to be used to encrypt the content secret in the vault. Click Change Compartment to find an encryption key in a different compartment but in the same vault as previously chosen.

      6. Add the client credentials to you vault.

         For Autonomous Database, you have a manual upload option and one of two automated options, depending on your Autonomous Database deployment and Data Guard configurations. The automated options are:

         • For Autonomous Databases on shared Exadata infrastructure that are not using Cross-Region Data Guard, the Retrieve regional auto login wallet from Autonomous Database option is available.
         • For Autonomous Databases on dedicated Exadata infrastructure, or Autonomous Databases on shared Exadata infrastructure that are using Cross-Region Data Guard, the Retrieve instance auto login wallet from Autonomous Database option is available.

         The manual Upload auto login wallet option lets you upload the cwallet.sso or ewallet.p12 files in the browser. You can drag and drop a file directly into the Wallet field, or click the Select a file link and navigate to the locally-stored file you are uploading.

         Click Create when done to create the content secret in the vault.

    • For MySQL Databases:

      SSL Details

      Use the select list to choose from the following options. For a MySQL Database Service, Require is the default and only option to choose.

      • Require: Establish an encrypted connection if the server supports encrypted connections. The connection attempt fails if an encrypted connection cannot be established.

      • Require and Verify CA: Similar to Require, but additionally verify the server Certificate Authority (CA) certificate against the configured CA certificates. The connection attempt fails if no valid matching CA certificates are found.

      • Require and Verify Identity: Similar to Require and Verify CA, but additionally perform host name identity verification by checking the host name the client uses for connecting to the server against the identity in the certificate that the server sends to the client.

13. Click Create to create the Database Connection.