1 Reply Latest reply on Jul 12, 2012 1:22 PM by kuljeet singh -

    Query regarding client side wallet


      I need few clarifications regarding oracle wallet.

      db version: (Enterprise Edition)

      We have a requirement to run shell scripts calling stored procedures for specific activities, which are run on database server. We do not want to store passwords in shell scripts and decided to use Secure External Password Store for hiding passwords instead of os authentication method. need few clarifications on the below.

      1) Currently, we are creating oracle wallet entry on db server and making modifications in sqlnet.ora file accordingly. Is it good to use like this or we should do this only on a client machine?

      2) Do we need any licensing to use this option?

      3) Please also provide me any knows issues with using oracle wallet?

      4) Can we use orapki for creating oracle wallet instead of mkstore?

      5) Any knows issues we face during startup and shutdown of db activities?

      Thank you.

        • 1. Re: Query regarding client side wallet
          kuljeet singh -
          Oracle Wallet
          An Oracle Wallet is a PKCS#12 container used to store authentication and encryption keys. The database secure external password store feature stores passwords in an Oracle Wallet for authentication to the Oracle database. Oracle Advanced Security uses the Oracle Wallet to store credentials for PKI authentication to the Oracle Database, network encryption, and transparent data encryption. Oracle Wallet Manager is an application that wallet owners can use to manage and edit Oracle Wallets. Oracle Wallets can be deployed on clients, middle tiers, and database servers free of charge. However, the following features that use an Oracle Wallet in turn require licensing of the Oracle Advanced Security Option: PKI credentials for authentication to Oracle Database, network encryption (SSL/TLS) to the Oracle database from middle tiers and database clients, and transparent data encryption master keys. Oracle Advanced Security option is not required when configuring wallets to secure communication between the Oracle database and Oracle Internet Directory as part of the enterprise user security feature of Oracle Database.