When working with SQL in Oracle databases, any values not surrounded by “quotes” will become UPPERCASE. Keep this in mind when creating users.

Prerequisites

  1. Create a OracleDB Connection with the required Secret Rotation permissions

  2. Create two designated database users for Infisical to rotate the credentials for. Be sure to grant each user login permissions for the desired database with the necessary privileges their use case will require.

    An example creation statement might look like:

    -- create user roles
    CREATE USER INFISICAL_USER_1 IDENTIFIED BY "temporary_password";
    CREATE USER INFISICAL_USER_2 IDENTIFIED BY "temporary_password";
    
    -- grant necessary privileges
    GRANT ALL PRIVILEGES TO INFISICAL_USER_1;
    GRANT ALL PRIVILEGES TO INFISICAL_USER_2;
    

    Username must either be ALL UPPERCASE or not be surrounded by “quotes”. Values not surrounded by quotes get automatically transformed to uppercase by Oracle Database.

    To learn more about the Oracle Database permission system, please visit their documentation.

Create an Oracle Database Credentials Rotation in Infisical

  1. Navigate to your Secret Manager Project’s Dashboard and select Add Secret Rotation from the actions dropdown.

  2. Select the OracleDB Credentials option.

  3. Select the OracleDB Connection to use and configure the rotation behavior. Then click Next.

    • OracleDB Connection - the connection that will perform the rotation of the configured database user credentials.
    • Rotation Interval - the interval, in days, that once elapsed will trigger a rotation.
    • Rotate At - the local time of day when rotation should occur once the interval has elapsed.
    • Auto-Rotation Enabled - whether secrets should automatically be rotated once the rotation interval has elapsed. Disable this option to manually rotate secrets or pause secret rotation.
  4. Input the usernames of the database users created above that will be used for rotation. Then click Next.

    • Database Username 1 - the username of the first user that will be used for rotation.
    • Database Username 2 - the username of the second user that will be used for rotation.

    If your Oracle usernames were created without “quotes”, Oracle sees them as UPPERCASE. Please use UPPERCASE for those names in the fields above.

  5. Specify the secret names that the active credentials should be mapped to. Then click Next.

    • Username - the name of the secret that the active username will be mapped to.
    • Password - the name of the secret that the active password will be mapped to.
  6. Give your rotation a name and description (optional). Then click Next.

    • Name - the name of the secret rotation configuration. Must be slug-friendly.
    • Description (optional) - a description of this rotation configuration.
  7. Review your configuration, then click Create Secret Rotation.

  8. Your OracleDB Credentials are now available for use via the mapped secrets.