Environment: Windows XP SP3, Oracle Client 11.1.0
Step 1:
Open your sqlnet.ora file (mine is located in C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN) and add section below at the end:
1 2 3 4 5 6 7 8 9 10 11 |
WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN) ) ) SQLNET.WALLET_OVERRIDE = TRUE SSL_CLIENT_AUTHENTICATION = FALSE SSL_VERSION = 0 |
The DIRECTORY parameter in line 5 determines where your wallet files will be created. It has to be an absolute path. To keep it simple I set mine to the same directory where sqlnet.ora, listener.ora and tnsnames.ora files sit.
Step 2:
Run shell command mkstore -wrl “C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN” -create (see below). You will be asked to set up a password for the wallet. This password has no relation to the TNS credentials, it’s to protects wallet itself. The directory path has to be the same as in previous step (in my case it’s C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN)
1 2 3 4 5 6 7 8 9 10 11 |
C:\>mkstore -wrl "C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN" -create Enter password: Invalid Password.... PASSWORD_POLICY : Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters. Enter password: Enter password again: C:\> |
You will notice wallet files created in that directory:
Step 3:
Open tnsnames.ora file (usually in the same directory where sqlnet.ora sits), and create a new TNS entry which you will be using with the wallet. Normally you would want to just copy an exiting entry giving it a new alias. In example below I create a TNS entry PRDSPW by copying an existing TEST one:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
TEST = (DESCRIPTION = (LOAD_BALANCE = YES) (ADDRESS = (PROTOCOL = TCP)(HOST = ...) (ADDRESS = (PROTOCOL = TCP)(HOST = ...) (CONNECT_DATA = (Service_name = ...) (FAILOVER_MODE = ... ) ) ) PRDSPW = (DESCRIPTION = (LOAD_BALANCE = YES) (ADDRESS = (PROTOCOL = TCP)(HOST = ...) (ADDRESS = (PROTOCOL = TCP)(HOST = ...) (CONNECT_DATA = (Service_name = ...) (FAILOVER_MODE = ... ) ) ) |
Step 4:
Run shell command mkstore -wrl “C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN” -createCredential PRDSPW dummy_user dummy_pass (see below), where PRDSPW is the special TNS name we created in Step 3, dummy_user – database username, dummy_pass – database password. You will be asked to provide wallet password that we set up in Step 2. Path (C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN) – is the same as in all previous steps.
1 2 3 4 |
C:\>mkstore -wrl "C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN" -createCredential PRDSPW dummy_user dummy_pass Enter wallet password: Create credential oracle.security.client.connect_string1 |
All done.
Now if you run command mkstore -wrl “C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN” -listCredential it will list a new wallet entry that we just created:
1 2 3 4 5 6 7 |
C:\>mkstore -wrl "C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN" -listCredential Enter wallet password: List credential (index: connect_string username) 1: PRDSPW dummy_user C:\> |
From now on you can connect to PRDSPW by calling wallet entry without exposing your database user name and password:
SQLPlus:
1 2 3 |
C:\>sqlplus /@prdspw ... SQL> |
cx_Oracle:
1 |
cx_Oracle.connect("/@prdspw") |
Command to delete an individual credential:
1 2 3 4 5 |
C:\Program Files\ConEmu>mkstore -wrl "C:\oracle\product\11.1.0\db_1\NETWORK\ADMIN" -deleteCredential PRDSPW Enter wallet password: Delete credential Delete 1 |