Skip navigation

DBMS_WALLET built-in package to manage certificates via PL/SQL API

score 330
You have not voted. Active

Currently, Oracle Wallets are located in the filesystem and therefore the DBA with OS level access must be involved in adding or updating certificate information. Oracle PL/SQL developers who wish to do secure callouts from the database via UTL_HTTP, APEX_WEB_SERVICE, etc. must therefore communicate with the DBA for certificate maintenance tasks, which is time-consuming.

 

The idea is to add a built-in PL/SQL package, tentatively named DBMS_WALLET, that could be used to add, update, delete and list certificates and perform other relevant actions. The EXECUTE privilege on the package could be granted to trusted developers. Setup and maintenance of certificates could also be scripted using PL/SQL if this package existed.

 

Certificates are just plain text, and could therefore be passed to an add/update procedure via a CLOB parameter. The package could handle the storage of the certificate at the OS level, or the certificate could even be stored in some internal database table (this would require a change to how UTL_HTTP retrieves certificate info, though).

 

See also https://twitter.com/mortenbraten/status/1259587371479203843

Comments

Vote history