Oracle Connections
Keeper Connections - Oracle Protocol
Overview
KeeperPAM enables zero-trust privileged session management for Oracle databases through the visual KeeperDB interface. This guide shows how to configure Oracle connections on PAM Database records in the Keeper Vault. Sessions start from the Vault, route through the Keeper Gateway, and connect to the target database.
Prerequisites
Before you begin, review the connection prerequisites on Getting Started.
You need these records to configure an Oracle connection:
Stores the infrastructure details needed to reach the target.
Stores the Oracle host and connection details.
Stores the Oracle credentials used for the session.
This guide uses an Oracle Database record as the target.
Oracle is supported on the PAM Database record type.
Use KeeperDB for visual database access, monitoring, and KeeperAI-assisted workflows. Use KeeperDB Proxy to connect from a native desktop client without exposing credentials.
PAM Settings - Oracle Protocol
Accessing connection settings
After you create the target PAM record, open the connection settings:
Edit the PAM record.
Click Set Up in PAM Settings.
Open the Connection section.
Configuring connection settings
Before you configure the Oracle protocol, set these required fields:
PAM Configuration
The PAM Configuration provides access to the target defined on the record.
Administrative Credential Record
The linked PAM User used for authentication and administrative actions.
The following table lists the Oracle-specific connection settings:
Protocol
Required. Select Oracle. Keeper populates the available settings for this protocol.
Enable Connection
Required. Enable this toggle to allow launches from the record.
Graphical Session Recording
Enables graphical session recording for this connection.
Text Session Recording (Typescript)
Enables raw text session recording with timing data.
Include Key Events
Includes keystrokes in playback. This can capture typed secrets.
Connection Port
Uses the port on the PAM Database by default. Override it here if needed. The default Oracle port is 1521.
Launch Credentials
Uses the selected credentials to authenticate the session. See Connection Authentication Methods.
Allow users to select credentials from their vault
Lets users choose their own private vault credentials. See Connection Authentication Methods.
Rotate launch credentials upon session termination
Rotates the selected launch credential when the session ends.
Default Database
Required. Selects the default database or service name when the session starts. Example: "ORCL"
Can download
Allows export from KeeperDB when supported by the client session.
Can upload
Allows import from KeeperDB when supported by the client session.
Can copy to clipboard
Lets users copy text from the session.
Can paste from clipboard
Lets users paste local clipboard content into the session.
Connection Authentication Methods
Oracle connections support these authentication methods:
Launch Credential Keeper uses the credential linked on the PAM record. Users do not need direct access to that credential.
Personal/Private Credential When Allow users to select credentials from their vault is enabled, users can authenticate with their own private vault credential.
Ephemeral Accounts Keeper creates a temporary privileged account for the session and deletes it after the session ends. This supports Just-In-Time access.
Session Recordings - Oracle Protocol
For this protocol, Keeper records both the graphical session and the full raw text stream, including timing data. Learn how to access and review recordings on Session Recording & Playback.
Learn more about Session Recording & Playback
KeeperDB Settings
Use KeeperDB for visual database access, monitoring, and KeeperAI-assisted workflows on this connection.
JIT Settings
Tunnel Settings
KeeperAI Settings
Workflow Settings
Connection Templates
You can also configure the PAM record as a connection template. Connection templates let users launch sessions without predefining a specific hostname or credential.
Learn more about Connection Templates
Last updated