Brief: What is Oracle Wallet?

Lucas Jellema

An Oracle Wallet is an encrypted file that contains database credentials – username and password – for connecting to an Oracle Database. This avoids writing hard code user passwords in a shell script or in an application database configuration file. A wallet can also contain certificates – for example for conduct secure HTTP (aka HTTPS) conversations.

Use of a wallet for managing database credentials will enhance your security and management of user passwords as now you will only update passwords in your wallet and have no need to share user passwords with the application teams. The wallet should be the only place where a database password is stored. The location of the wallet is configured in the sqlnet.ora file.

Through the use of the Oracle TNS (Transparent Network Substrate) administrative file to hide the details of the database connection string (host name, port number, and service name) we further reduce the spread of configuration details- and allow clients instead to use only an alias to indicate the database they want to connect to. The wallet contains a username & password combination for a TNS alias and the tnsnames.ora file provides the database connection string details for that alias. A client that wants to create a database connection refers to that alias. The database client library combines the details from tnsnames.ora with those from the wallet in order establish the connection.

Note: Using a wallet doesn’t prevent people from accessing to the database. Anyone having access to the wallet can use the stored credentials through an Oracle Database client library without needing a password. A script needs to run on the server with the wallet and under the user that created the wallet in order to use it for accessing the database. However the passwords are stored in an encrypted way and cannot be read.

Resources

Use a wallet to encrypt Oracle client passwords by Nicolas Jardot- https://blog.dbi-services.com/use-a-wallet-to-encrypt-oracle-client-passwords/

DBsGuru – Oracle Wallet Usage – External Passwords Store   – https://dbsguru.com/oracle-wallet-usage-external-passwords-store/ 

Oracle Database 19c Docs – Using Oracle Wallet Manager – https://docs.oracle.com/en/database/oracle/oracle-database/19/dbimi/using-oracle-wallet-manager.html#GUID-D0AA8373-B0AC-4DD8-9FA9-403E345E5A71 

Using Oracle Wallet for certificates use for HTTPS conversations – https://oracle-base.com/articles/misc/utl_http-and-ssl#create-a-wallet

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Next Post

AMIS DataSafe, the answer to Black Swan scenarios

How to be prepared for a black swan scenario?
%d bloggers like this: