Once the Oracle profiler (PR #2187) lands, it ships with auth_type: password only. Oracle's enterprise auth surface is meaningfully richer than SQL Server's; several of these modes are common asks for the customers we're targeting:
- Oracle Wallet (
TNS_ADMIN + sqlnet.ora + cwallet.sso) — encrypted credentials, mandated in regulated environments where security teams ban plaintext DB passwords in YAML files.
- External / Kerberos auth — for SSO and AD integration.
- OCI IAM tokens — for Oracle Cloud and Autonomous Database.
- mTLS / TCPS with client certs — required for Autonomous Database "TLS-only" mode.
The auth_type field in the credential schema is reserved per the PR #2187 review, so adding modes later is a code change rather than a credential schema migration.
Scope / acceptance criteria
- Implement the four auth modes above in
OracleConnector._connect().
- Wire each into
ConfigureOracleAssessment as auth_type choices.
- Add a
loginTimeout parameter to match MSSQLConnector (which sets "loginTimeout": "30").
- Update
oracle.mdx to document each auth mode and its prerequisites.
- Add unit tests covering each new branch.
References
Once the Oracle profiler (PR #2187) lands, it ships with
auth_type: passwordonly. Oracle's enterprise auth surface is meaningfully richer than SQL Server's; several of these modes are common asks for the customers we're targeting:TNS_ADMIN+sqlnet.ora+cwallet.sso) — encrypted credentials, mandated in regulated environments where security teams ban plaintext DB passwords in YAML files.The
auth_typefield in the credential schema is reserved per the PR #2187 review, so adding modes later is a code change rather than a credential schema migration.Scope / acceptance criteria
OracleConnector._connect().ConfigureOracleAssessmentasauth_typechoices.loginTimeoutparameter to matchMSSQLConnector(which sets"loginTimeout": "30").oracle.mdxto document each auth mode and its prerequisites.References
configure_assessment.py:91(auth_typeschema).database_manager.py:129(OracleConnectorlimitations).