Creating a wallet - secure external password store

Oracle wallet enables autologin feature without supplying a password. It is no longer a part of Oracle Advanced Security and available in all licensed editions of all supported releases of the Oracle database.

Prepare a secured folder for the wallet

$ mkdir -p $ORACLE_HOME/owm/wallets/oracle
$ chmod -R 700 $ORACLE_HOME/owm/wallets
Create the wallet
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -create
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter password:
Enter password again:
Edit sqlnet.ora and add the wallet location created in the previous step
$ vi $ORACLE_HOME/network/admin/sqlnet.ora
SQLNET.WALLET_OVERRIDE = TRUE
WALLET_LOCATION=(
SOURCE=(METHOD=FILE)
(METHOD_DATA=(DIRECTORY=/oracle/product/12.2.0.1/dbhome_1/owm/wallets/oracle/))
)
Add credentials
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -createCredential prmy_db
sys P@$$w0rd
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -createCredential stndby_db
sys P@$$w0rd
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -createCredential frsnc_db
sys P@$$w0rd
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
List the contents of the wallet
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -listCredential
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
List credential (index: connect_string username)
3: frsnc_db sys
2: stndby_db sys
1: prmy_db sys
Verify connection with no password - using the wallet
$ sqlplus /@prmy_db as sysdba

SQL*Plus: Release 12.2.0.1.0 Production on Thu Nov 9 18:22:25 2017

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit
Production

SYS@prmy_db:SQL> Disconnected from Oracle Database 12c Enterprise
Edition Release 12.2.0.1.0 - 64bit Production
$
Modifying Credentials
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -modifyCredential prmy_db
sys Passw0rd
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
Deleting Credentials
$ mkstore -wrl $ORACLE_HOME/owm/wallets/oracle/ -deleteCredential prmy_db
Oracle Secret Store Tool : Version 12.2.0.1.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights
reserved.

Enter wallet password:
Using a Wallet is not valid for Grid Infrastructure (Doc ID 1153244.1)

Reference:

Comments

Post a Comment

Popular posts from this blog

Silent Installation

Some times there are problems using installation with GUI, the reason can be: 1. Firewall 2. Unix security 3. Client software (missing or not working( and maybe some more reasons If your environment is cooperative helping you solve this - it is simple - go for it. But if you are on your own and can't reach "the right guys" - do it yourself " Silently " Look for the proper response file fits for your needs in /database/response/ Edit it and run the following command: $ ./runInstaller -force -invPtrLoc /oraInst.loc -silent -noconfig -ignoreSysPrereqs -responseFile /database/response/enterprise.rsp You can also run the installer without a response file as mentioned in Metalink Note 782918.1 $ ./runInstaller -silent -force -debug \ FROM_LOCATION="/mount/dvd/database/stage/products.xml" \ ORACLE_HOME="/u01/app/oracle/product/11.1.0/db_1" \ ORACLE_HOME_NAME="Ora11gDb1" ORACLE_BASE="/u01/app/oracle" \ TOPLEVEL_COMPONENT='{&q
Read more

Data Guard - Changing IP Addresses

Image
When changing IP of a host we should update/recheck the following places: /etc/hosts or DNS listener.ora tnsnames.ora Database parameters (local_listener, remote_listener) Data Guard configuration This document is also relevant when changing the IP address of the connection between the hosts, other than the original IP addresses we used during the installation. When installation is done using the hostname and not the IP address, most of the changes are not relevant except for /etc/hosts. In this document, I will describe how to change the Data Guard Broker configuration. Dataguard configuration Show the environment DGMGRL> show configuration Configuration - dr   Protection Mode: MaxAvailability   Members:   pdb7 - Primary database     fdb7 - Far sync instance       sdb7 - Physical standby database Fast-Start Failover: DISABLED Configuration Status: SUCCESS   (status updated 351 seconds ago) Show detailed information of the Primary
Read more

Fixing & Registering ORACLE_HOMES in Central Inventory

Central Inventory location is determined by oraInst.loc located in: HP/Solaris /var/opt/oracle/oraInst.loc Linux /etc/oraInst.loc Windows \\HKEY_LOCAL_MACHINE\Software\Oracle\inst_loc To check if all oracle homes are registered within the Central Inventory run the following command: ${ORACLE_HOME}/oui/bin/opatch lsinventory -all Invoking OPatch 10.2.0.3.0 Oracle interim Patch Installer version 10.2.0.3.0 Copyright (c) 2005, Oracle Corporation. All rights reserved.. Oracle Home : /software/oracle/OEM10gR2/agent10g Central Inventory : /software/oracle/oraInventory from : /var/opt/oracle/oraInst.loc OPatch version : 10.2.0.3.0 OUI version : 10.2.0.3.0 OUI location : /software/oracle/OEM10gR2/agent10g/oui Log file location : /software/oracle/OEM10gR2/agent10g/cfgtoollogs/opatch/opatch....log Lsinventory Output file location : /software/oracle/OEM10gR2/agent10g/cfgtoollogs/....lsinventory.....txt ----------------------------------... List of Oracle Homes:
Read more