Your infrastructure team sets up SSH access once. After that, your DBAs never open a terminal again — all operations run through TuneVault's browser UI.
SSH credential setup is a one-time infrastructure task. Once configured, DBAs interact with TuneVault entirely through the browser. No terminal access is needed for day-to-day Oracle operations — monitoring, EBS ops, SQL tuning, or incident response.
SSH setup is split cleanly between your infrastructure team and your DBA team. The infra team handles it once; DBAs use the browser from day one.
| Task | Owner | Frequency |
|---|---|---|
| Create OS user for TuneVault SSH | Infra team | Once per server |
| Generate SSH key pair | Infra team | Once per server |
| Add public key to authorized_keys | Infra team | Once per server |
| Add SSH target in TuneVault UI | Infra team | Once per connection |
| Run EBS SSH checks | DBA team | On-demand (browser) |
| View SSH audit log | DBA team | Anytime (browser) |
This is a one-time setup. Estimated time: 15–20 minutes per server.
Create a non-root OS user on the Oracle/EBS application server. This user only needs read access to specific EBS directories (APPL_TOP, log directories). No oracle or apps group membership required for most checks.
Generate an ED25519 or RSA key pair. Keep the private key — you'll paste it into TuneVault's SSH vault (encrypted at rest with AES-256-GCM). Add the public key to the OS user's ~/.ssh/authorized_keys.
In TuneVault Settings → SSH Targets, add the target and use the Test Connection button. This runs a safe identity check only — no filesystem access, no Oracle queries.
That's it. DBAs can now run EBS SSH checks, view filesystem usage, check ADOP status, and monitor WLS logs — all from the browser. No terminal access needed.
Start with a DB health check — no SSH needed. Add SSH targets when you're ready for EBS ops.