Problem
You want to use a wallet to securely store credentials to avoid exposing passwords in scripts
Solution
1) Prepare a tns entry and update the tnsnames.ora file with the entry:
<tns_alias> =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = <host>)(PORT = <port>))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = <service_name>)
)
)
2) Create a directory to store the wallet files:
mkdir -p <wallet_location>
3) Create a wallet:
mkstore -wrl <wallet_location> -create
It will prompt for the wallet password
4) Add a credential:
mkstore -wrl <wallet_location> -createCredential <tns_alias> '<user>' '<user_password>'
Omit the password on the command line to securely input on prompt instead
5) List credentials:
mkstore -wrl <wallet_location> -listCredential
6) Update sqlnet.ora file to enable the wallet:
WALLET_LOCATION =
(SOURCE =
(METHOD = File)
(METHOD_DATA = (DIRECTORY = <wallet_location>)))
SQLNET.WALLET_OVERRIDE=true
6) Verify connection
sqlplus /@<tns_alias>
Reference:
- My Oracle Support Note 340559.1
No comments:
Post a Comment