Add Resource Providers for HCP Vault Dedicated

ojdbc-provider-hashicorp/example-test.properties

@@ -124,6 +124,36 @@ GITHUB_TOKEN=your-github-personal-access-token
 # Optional path for GitHub authentication in Vault (default: github)
 GITHUB_AUTH_PATH=github
 
+# The secret path for the username provider in HCP Vault Dedicated.
+USERNAME_SECRET_PATH=/v1/namespace/secret/data/username
+
+# The secret path for the password provider in HCP Vault Dedicated.
+PASSWORD_SECRET_PATH=/v1/namespace/secret/data/password
+
+# The secret path for the connection string provider in HCP Vault Dedicated.
+TNSNAMES_SECRET_PATH=/v1/namespace/secret/data/tnsnames
+
+# The alias in the tnsnames.ora file to use for the connection string.
+TNS_ALIAS=your_tns_alias
+
+# The secret path for the TCPS (TLS) wallet in HCP Vault Dedicated.
+TLS_WALLET_SECRET_PATH=/v1/namespace/secret/data/tcps-wallet
+
+# The type of the file stored in HCP Vault Dedicated (SSO, PKCS12, PEM).
+TLS_FILE_TYPE=PKCS12
+
+# Optional password for the TLS file stored in HCP Vault Dedicated.
+TLS_FILE_PASSWORD=******
+
+# The secret path for the SEPS wallet in HCP Vault Dedicated.
+SEPS_WALLET_SECRET_PATH=/v1/namespace/secret/data/seps-wallet
+
+# Optional password for the SEPS wallet stored in HCP Vault Dedicated.
+SEPS_WALLET_PASSWORD=*****
+
+# Optional index to select specific credentials from the SEPS wallet.
+SEPS_CONNECTION_STRING_INDEX=1
+
 ################################################################################
 # HCP VAULT SECRETS CONFIGURATION
 ################################################################################

ojdbc-provider-hashicorp/example-vault-dedicated-wallet.properties

@@ -0,0 +1,82 @@
+################################################################################
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# obtain a TLS wallet and SEPS credentials from HashiCorp Vault Dedicated.
+#
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the HCP Vault Dedicated TCPS (TLS) Wallet Provider. The vault URL and
+# secret path are configured as environment variables or JVM system properties named
+# "VAULT_ADDR" and "TLS_WALLET_SECRET_PATH".
+oracle.jdbc.provider.tlsConfiguration=ojdbc-provider-hcpvault-dedicated-tls
+oracle.jdbc.provider.tlsConfiguration.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.tlsConfiguration.secretPath=${TLS_WALLET_SECRET_PATH}
+
+# Configures the HCP Vault Dedicated TLS Wallet Password. The password for the
+# file is optional and can be configured as an environment variable or JVM
+# system property named "TLS_FILE_PASSWORD".
+oracle.jdbc.provider.tlsConfiguration.walletPassword=${TLS_FILE_PASSWORD}
+
+# Specifies the file type (SSO, PKCS12, or PEM) for the TCPS wallet.
+# This can be configured as an environment variable or JVM system property named "TLS_FILE_TYPE".
+oracle.jdbc.provider.tlsConfiguration.type=${TLS_FILE_TYPE}
+
+# Configures the HCP Vault Dedicated SEPS (Secure External Password Store) Provider.
+# The vault URL and secret path are configured as environment variables or JVM system properties
+# named "VAULT_ADDR" and "SEPS_WALLET_SECRET_PATH".
+oracle.jdbc.provider.username=ojdbc-provider-hcpvault-dedicated-seps
+oracle.jdbc.provider.password=ojdbc-provider-hcpvault-dedicated-seps
+
+# Configures the vault URL and secret path for SEPS.
+oracle.jdbc.provider.username.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.username.secretPath=${SEPS_WALLET_SECRET_PATH}
+oracle.jdbc.provider.password.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.password.secretPath=${SEPS_WALLET_SECRET_PATH}
+
+# Optional password for SEPS Wallet stored in HCP Vault Dedicated.
+oracle.jdbc.provider.username.walletPassword=${SEPS_WALLET_PASSWORD}
+oracle.jdbc.provider.password.walletPassword=${SEPS_WALLET_PASSWORD}
+
+# Optional connection string index for SEPS Wallet.
+# This determines which set of credentials (username/password) to use from the SEPS Wallet.
+oracle.jdbc.provider.username.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+oracle.jdbc.provider.password.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+

ojdbc-provider-hashicorp/example-vault-dedicated.properties

@@ -0,0 +1,67 @@
+################################################################################
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# login using a username and password managed by HashiCorp Vault Dedicated service.
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the HCP Vault Dedicated Username Provider. The vault Address and secret path
+# are configured as environment variables or JVM system properties
+# named "VAULT_ADDR" and "USERNAME_SECRET_PATH".
+oracle.jdbc.provider.username=ojdbc-provider-hcpvault-dedicated-username
+oracle.jdbc.provider.username.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.username.secretPath=${USERNAME_SECRET_PATH}
+
+# Configures the HCP Vault Dedicated Password Provider. The vault Address and secret path
+# are configured as environment variables or JVM system properties
+# named "VAULT_ADDR" and "PASSWORD_SECRET_PATH".
+oracle.jdbc.provider.password=ojdbc-provider-hcpvault-dedicated-password
+oracle.jdbc.provider.password.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.password.secretPath=${PASSWORD_SECRET_PATH}
+
+# Configures the HCP Vault Dedicated Connection String Provider. The vault Address, secret path,
+# and tns alias are configured as environment variables or JVM system properties
+# named "VAULT_ADDR", "TNSNAMES_SECRET_PATH", and "TNS_ALIAS".
+oracle.jdbc.provider.connectionString=ojdbc-provider-hcpvault-dedicated-tnsnames
+oracle.jdbc.provider.connectionString.vaultAddr=${VAULT_ADDR}
+oracle.jdbc.provider.connectionString.secretPath=${TNSNAMES_SECRET_PATH}
+oracle.jdbc.provider.connectionString.tnsAlias=${TNS_ALIAS}
+
+

ojdbc-provider-hashicorp/example-vault-secrets-wallet.properties

@@ -0,0 +1,78 @@
+################################################################################
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# obtain a TLS wallet and SEPS credentials from HCP Vault Secrets Service.
+#
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the HCP Vault Secrets TCPS (TLS) Wallet Provider. The secret name is
+# configured as an environment variable or JVM system property  named "TLS_WALLET_SECRET_NAME".
+oracle.jdbc.provider.tlsConfiguration=ojdbc-provider-hcpvault-secrets-tls
+oracle.jdbc.provider.tlsConfiguration.secretName=${TLS_WALLET_SECRET_NAME}
+
+# Configures the HCP Vault Secrets TLS Wallet Password. The password for the
+# file is optional and can be configured as an environment variable or JVM
+# system property named "TLS_FILE_PASSWORD".
+oracle.jdbc.provider.tlsConfiguration.walletPassword=${TLS_FILE_PASSWORD}
+
+# Specifies the file type (SSO, PKCS12, or PEM) for the TCPS wallet.
+# This can be configured as an environment variable or JVM system property named "TLS_FILE_TYPE".
+oracle.jdbc.provider.tlsConfiguration.type=${TLS_FILE_TYPE}
+
+# Configures the HCP Vault Secrets SEPS (Secure External Password Store) Provider.
+# Secret Name is configured as environment variables or JVM system properties
+# named "SEPS_WALLET_SECRET_NAME".
+oracle.jdbc.provider.username=ojdbc-provider-hcpvault-secrets-seps
+oracle.jdbc.provider.password=ojdbc-provider-hcpvault-secrets-seps
+
+# Configures the Secret Name for SEPS.
+oracle.jdbc.provider.username.secretPath=${SEPS_WALLET_SECRET_NAME}
+oracle.jdbc.provider.password.secretPath=${SEPS_WALLET_SECRET_NAME}
+
+# Optional password for SEPS Wallet stored in HCP Vault Secret.
+oracle.jdbc.provider.username.walletPassword=${SEPS_WALLET_PASSWORD}
+oracle.jdbc.provider.password.walletPassword=${SEPS_WALLET_PASSWORD}
+
+# Optional connection string index for SEPS Wallet.
+# This determines which set of credentials (username/password) to use from the SEPS Wallet.
+oracle.jdbc.provider.username.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+oracle.jdbc.provider.password.connectionStringIndex=${SEPS_CONNECTION_STRING_INDEX}
+

ojdbc-provider-hashicorp/example-vault-secrets.properties

@@ -0,0 +1,61 @@
+################################################################################
+# Copyright (c) 2025 Oracle and/or its affiliates.
+#
+# The Universal Permissive License (UPL), Version 1.0
+#
+# Subject to the condition set forth below, permission is hereby granted to any
+# person obtaining a copy of this software, associated documentation and/or data
+# (collectively the "Software"), free of charge and under any and all copyright
+# rights in the Software, and any and all patent rights owned or freely
+# licensable by each licensor hereunder covering either (i) the unmodified
+# Software as contributed to or provided by such licensor, or (ii) the Larger
+# Works (as defined below), to deal in both
+#
+# (a) the Software, and
+# (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+# one is included with the Software (each a "Larger Work" to which the Software
+# is contributed by such licensors),
+#
+# without restriction, including without limitation the rights to copy, create
+# derivative works of, display, perform, and distribute the Software and make,
+# use, sell, offer for sale, import, export, have made, and have sold the
+# Software and the Larger Work(s), and to sublicense the foregoing rights on
+# either these or other terms.
+#
+# This license is subject to the following condition:
+# The above copyright notice and either this complete permission notice or at
+# a minimum a reference to the UPL must be included in all copies or
+# substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+################################################################################
+
+# An example of a connection properties file that configures Oracle JDBC to
+# login using a username and password managed by HashiCorp Vault Secrets service.
+# This file can be located by Oracle JDBC using the "oracle.jdbc.config.file"
+# connection property. For details, see:
+# https://docs.oracle.com/en/database/oracle/oracle-database/23/jajdb/oracle/jdbc/OracleConnection.html#CONNECTION_PROPERTY_CONFIG_FILE
+
+# Configures the HCP Vault Secrets Username Provider.The secret name is
+# configured as an environment variable or JVM system property named "USERNAME_SECRET_NAME".
+oracle.jdbc.provider.username=ojdbc-provider-hcpvault-secrets-username
+oracle.jdbc.provider.username.secretName=${USERNAME_SECRET_NAME}
+
+# Configures the HCP Vault Secrets Password Provider.The secret name is
+# configured as an environment variable or JVM system property named "PASSWORD_SECRET_NAME".
+oracle.jdbc.provider.password=ojdbc-provider-hcpvault-secrets-password
+oracle.jdbc.provider.password.secretName=${PASSWORD_SECRET_NAME}
+
+# Configures the HCP Vault Secrets Connection String Provider. The secret name and alias
+# are configured as environment variables or JVM system properties named "TNSNAMES_SECRET_NAME" and "TNS_ALIAS".
+oracle.jdbc.provider.connectionString=ojdbc-provider-hcpvault-secrets-tnsnames
+oracle.jdbc.provider.connectionString.secretName=${TNSNAMES_SECRET_NAME}
+oracle.jdbc.provider.connectionString.tnsAlias=${TNS_ALIAS}
+
+