# Oracle Connections ## Overview KeeperPAM enables zero-trust privileged session management for Oracle databases through the visual [KeeperDB](/keeperpam/privileged-access-manager/keeperdb.md) interface. This guide shows how to configure Oracle connections on **PAM Database** records in the Keeper Vault. Sessions start from the Vault, route through the Keeper Gateway, and connect to the target database. ## Prerequisites Before you begin, review the connection prerequisites on [Getting Started](/keeperpam/privileged-access-manager/connections/getting-started.md). You need these records to configure an Oracle connection: | PAM record | Purpose | | -------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | | [PAM Configuration](/keeperpam/privileged-access-manager/getting-started/pam-configuration.md) | Stores the infrastructure details needed to reach the target. | | [PAM Database](/keeperpam/privileged-access-manager/getting-started/pam-resources/pam-database.md) | Stores the Oracle host and connection details. | | [PAM User](/keeperpam/privileged-access-manager/getting-started/pam-resources/pam-user.md) | Stores the Oracle credentials used for the session. | {% hint style="info" %} This guide uses an **Oracle Database** record as the target. Oracle is supported on the [PAM Database](/keeperpam/privileged-access-manager/getting-started/pam-resources/pam-database.md) record type. {% endhint %} ## PAM Settings - Oracle Protocol ### Accessing connection settings After you create the target PAM record, open the connection settings: 1. Edit the PAM record. 2. Click **Set Up** in **PAM Settings**. 3. Open the **Connection** section. ### Configuring connection settings Before you configure the Oracle protocol, set these required fields: | Field | Description | | -------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | PAM Configuration | The PAM Configuration provides access to the target defined on the record. | | Administrative Credential Record | The linked [PAM User](/keeperpam/privileged-access-manager/getting-started/pam-resources/pam-user.md) used for authentication and administrative actions. | The following table lists the Oracle-specific connection settings: | Field | Definition | | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | | Protocol | **Required.** Select **Oracle**. Keeper populates the available settings for this protocol. | | Enable Connection | **Required.** Enable this toggle to allow launches from the record. | | Graphical Session Recording | Enables graphical session recording for this connection. | | Text Session Recording (Typescript) | Enables raw text session recording with timing data. | | Include Key Events | Includes keystrokes in playback. This can capture typed secrets. | | Connection Port | Uses the port on the PAM Database by default. Override it here if needed. The default Oracle port is `1521`. | | Launch Credentials | Uses the selected credentials to authenticate the session. See [Connection Authentication Methods](#connection-authentication-methods). | | Allow users to select credentials from their vault | Lets users choose their own private vault credentials. See [Connection Authentication Methods](#connection-authentication-methods). | | Rotate launch credentials upon session termination | Rotates the selected launch credential when the session ends. | | Default Database | **Required.** Selects the default database or service name when the session starts. Example: "ORCL" | | Can download | Allows CSV export when supported by the client session. | | Can upload | Allows CSV import when supported by the client session. | | Can copy to clipboard | Lets users copy text from the session. | | Can paste from clipboard | Lets users paste local clipboard content into the session. | ## Connection Authentication Methods Oracle connections support these authentication methods: * [**Launch Credential**](/keeperpam/privileged-access-manager/connections/authentication-methods.md#launch-credential)\ Keeper uses the credential linked on the PAM record. Users do not need direct access to that credential. * [**Personal/Private Credential**](/keeperpam/privileged-access-manager/connections/authentication-methods.md#personal-private-credentials)\ When **Allow users to select credentials from their vault** is enabled, users can authenticate with their own private vault credential. * [**Ephemeral Accounts**](/keeperpam/privileged-access-manager/connections/authentication-methods.md#ephemeral-account)\ Keeper creates a temporary privileged account for the session and deletes it after the session ends. This supports [Just-In-Time access](/keeperpam/privileged-access-manager/just-in-time-access-jit.md). ## Session Recordings - Oracle Protocol For this protocol, Keeper records both the graphical session and the full raw text stream, including timing data. Learn how to access and review recordings on [Session Recording & Playback](/keeperpam/privileged-access-manager/session-recording-and-playback.md). * Learn more about [Session Recording & Playback](/keeperpam/privileged-access-manager/session-recording-and-playback.md) ## Connection Templates You can also configure the PAM record as a connection template. Connection templates let users launch sessions without predefining a specific hostname or credential. * Learn more about [Connection Templates](/keeperpam/privileged-access-manager/connections/connection-templates.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/privileged-access-manager/connections/session-protocols/oracle-connections.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.