Friday, May 29, 2020

Use Oracle Secure External Password Store to store database credentials

export ORACLE_SID=ORCL
export ORACLE_BASE=/u01/db
export ORACLE_HOME=/u01/db
export LD_LIBRARY_PATH=/u01/db/lib
export PATH=$ORACLE_HOME/bin:$PATH
export TNS_ADMIN=/home/opc/tns


[opc@db19c ~]$ mkdir ~/wallet
[opc@db19c ~]$ mkdir ~/tns

[opc@db19c ~]$ cp $ORACLE_HOME/network/admin/sqlnet.ora ~/tns/
[opc@db19c ~]$ cp $ORACLE_HOME/network/admin/tnsnames.ora ~/tns/

[opc@db19c ~]$ mkstore -wrl /home/opc/wallet -create
Oracle Secret Store Tool Release 20.0.0.0.0 - Production
Version 21.0.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Enter password:    <-- font="" welcome1="">
Enter password again: <-- font="" welcome1="">

# Wallets can be copied to different machines, which can represent a security risk. 
# In 11g Release 2, you can prevent the auto login functionality of the wallet from working 
# if it is copied to another machine by creating a local wallet 
# using the "orapki" command, instead of the "mkstore" command.
# orapki wallet create -wallet "/home/opc/wallet" -pwd "welcome1" -auto_login_local

[opc@db19c ~]$ mkstore -wrl /home/opc/wallet -createCredential apppdb1 donghua2
Oracle Secret Store Tool Release 20.0.0.0.0 - Production
Version 21.0.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Your secret/Password is missing in the command line
Enter your secret/Password:
Re-enter your secret/Password:
Enter wallet password:


[opc@db19c ~]$ mkstore -wrl /home/opc/wallet -listCredential
Oracle Secret Store Tool Release 20.0.0.0.0 - Production
Version 21.0.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
List credential (index: connect_string username)
1: apppdb1 donghua2
[opc@db19c ~]$

[opc@db19c ~]$ sqlplus /@apppdb1

SQL*Plus: Release 19.0.0.0.0 - Production on Fri May 29 18:45:36 2020
Version 19.7.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Last Successful login time: Fri May 29 2020 17:49:58 +08:00

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.7.0.0.0

SQL> show user;
USER is "DONGHUA2"
SQL> exit

[opc@db19c ~]$ ls -l ~/wallet/
total 8
-rw-------. 1 opc opc 589 May 29 17:49 cwallet.sso
-rw-------. 1 opc opc   0 May 29 17:44 cwallet.sso.lck
-rw-------. 1 opc opc 544 May 29 17:49 ewallet.p12
-rw-------. 1 opc opc   0 May 29 17:44 ewallet.p12.lck

1 comment:

  1. Good blog along with the excellent quality stuff and I’m sure this will be greatly helpful.
    weblink

    ReplyDelete