Home > Oracle > securing passwords with Oracle Wallet

securing passwords with Oracle Wallet

To prevent hard coding passwords in any script is not a good idea, specially for rman backup scripts as the account bring used need sysdba privileges

steps to store the password in a wallet

1. create a wallet

Wallets can be copied to different machines, which can represent a security risk. In 11g Release 2, you can prevent the auto login functionality of the wallet from working if it is copied to another machine by creating a local wallet using the “orapki” command, instead of the “mkstore” command.

orapki wallet create -wallet "/u02/wallet" -pwd "mypassword" -auto_login_local

Once the wallet is created , it can be modified using the “mkstore” command

2. Add database connection ( including connection_string, username and password )

mkstore -wrl -createCredential <db_connection_string> <username> <password>

mkstore -wrl /u01/app/wallet -createCredential rmancpr  rman rmanpwd

3. Add the following code to your sqlnet.ora

     (DIRECTORY = /u01/app/wallet)

If you are using RAC make sure that the sqlnet.ora is updated on all nodes

WALLET_LOCATION: points to the directory where the wallet resides.
SQLNET.WALLET_OVERRIDE: will force all connections as /@db_connection_string to use the information being stored on the wallet to authenticate to databases.

4. test the connection

we can replace



Other options that wallet offer

1.- list the content being stored on the wallet:
mkstore -wrl /u01/app/wallet -listCredential

2.- Add credentials:
mkstore -wrl /u01/app/wallet -createCredential <db_connection_string> <username> <password>

3.- Modify credentials:
mkstore -wrl /u01/app/wallet -modigyCredential <db_connection_string> <username> <password>

4.- Delete credentials:
mkstore -wrl /u01/app/wallet -deleteCredential <db_connection_string>

Categories: Oracle
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: