Connect Python Applications Using mTLS
APPLIES TO: Exadata Cloud@Customer only
You can connect Python applications to your Autonomous Database instance using mTLS.
The python-oracledb driver's default "Thin mode" connects directly to Oracle Database. The driver can optionally use Oracle Client libraries, "Thick mode", for some additional functionality. The Oracle Client libraries can be from Oracle Instant Client, the full Oracle Client, or from an Oracle Database installation.
Follow these steps to connect your Python application to an Autonomous Database instance using mTLS:
- Install Python and the python-oracledb Driver
- Obtain Security Credentials (Oracle Wallet) and Enable Network Connectivity
- Perform this step if you only want to connect in Thin mode: Run Python Application with python-oracledb Thin Mode (mTLS)
- Perform this step if you want to connect in Thick mode: Run Python Application with python-oracledb Thick Mode (mTLS)
- Install Python and the python-oracledb Driver
To connect to Autonomous Database from your Python application, install Python and the python-oracledb driver. - Obtain Security Credentials (Oracle Wallet) and Enable Network Connectivity
Obtain client security credentials to connect to an Autonomous Database instance. - Run Python Application with python-oracledb Thin Mode (mTLS)
By default, python-oracledb uses Thin mode to connect directly to your Autonomous Database instance. - Run Python Application with python-oracledb Thick Mode (mTLS)
By default, python-oracledb runs in Thin mode which connects directly to Oracle Database. Additional python-oracledb features are available when the driver runs in Thick mode.
Parent topic: Connect to Autonomous Database
Install Python and the python-oracledb Driver
To connect to Autonomous Database from your Python application, install Python and the python-oracledb driver.
Parent topic: Connect Python Applications Using mTLS
Obtain Security Credentials (Oracle Wallet) and Enable Network Connectivity
Obtain client security credentials to connect to an Autonomous Database instance.
Parent topic: Connect Python Applications Using mTLS
Run Python Application with python-oracledb Thin Mode (mTLS)
By default, python-oracledb uses Thin mode to connect directly to your Autonomous Database instance.
In Thin mode only two files from the wallet zip are needed:
-
tnsnames.ora
: Maps net service names used for application connection strings to your database services. -
ewallet.pem
: Enables SSL/TLS connections in Thin mode.
To connect in Thin mode:
If you are behind a firewall, you can tunnel TLS/SSL connections through a proxy using HTTPS_PROXY in the connect descriptor or by setting connection attributes. Successful connection depends on specific proxy configurations. Oracle does not recommend using a proxy in a production environment, due to the possible impact on performance.
In Thin mode you can specify a proxy by adding the https_proxy
and
http_proxy_port
parameters.
For example, on Linux:
connection=oracledb.connect(
config_dir="/opt/OracleCloud/MYDB",
user="admin",
password=password,
dsn="db2024_low",
wallet_location="/opt/OracleCloud/MYDB",
wallet_password=wallet_pw,
https_proxy='myproxy.example.com',
https_proxy_port=80)
For example, on Windows:
connection=oracledb.connect(
config_dir=r"C:\opt\OracleCloud\MYDB",
user="admin",
password=password,
dsn="db2024_low",
wallet_location=r"C:\opt\OracleCloud\MYDB",
wallet_password=wallet_pw,
https_proxy='myproxy.example.com',
https_proxy_port=80)
Parent topic: Connect Python Applications Using mTLS
Run Python Application with python-oracledb Thick Mode (mTLS)
Thick mode requires that the Oracle Client libraries are installed where you run Python. You must also call
oracledb.init_oracle_client()
in your Python code.
In Thick mode the following three files from the wallet zip file are required:
-
tnsnames.ora
: Contains the net service names used for application connection strings and maps the strings to your database services. -
sqlnet.ora
: Specifies the SQL*Net client side configuration. cwallet.sso
: Contains the auto-open SSO wallet.
To connect in Thick mode:
If you are behind a firewall, you can tunnel TLS/SSL connections through a proxy using HTTPS_PROXY in the connect descriptor or by setting connection attributes. Successful connection depends on specific proxy configurations. Oracle does not recommend using a proxy in a production environment, due to the possible impact on performance.
In Thick mode you can specify a proxy by editing the
sqlnet.ora
file and adding a line:
SQLNET.USE_HTTPS_PROXY=on
In addition, edit tnsnames.ora
and add an
HTTPS_PROXY
proxy name and HTTPS_PROXY_PORT
port to the connect descriptor address list of any service name you plan to use.
For example:
mydb_high=(description=
(address=(https_proxy=myproxy.example.com)
(https_proxy_port=80)
(protocol=tcps)(port=1522)(host=...)
See Enabling python-oracledb Thick mode for information on Thick mode.
Parent topic: Connect Python Applications Using mTLS