Forum Stats

  • 3,824,847 Users
  • 2,260,430 Discussions
  • 7,896,330 Comments

Discussions

DBMS_WALLET built-in package to manage certificates via PL/SQL API

MortenBraten
MortenBraten Member Posts: 303 Bronze Badge
edited May 12, 2020 6:41AM in Database Ideas - Ideas

Currently, Oracle Wallets are located in the filesystem and therefore the DBA with OS level access must be involved in adding or updating certificate information. Oracle PL/SQL developers who wish to do secure callouts from the database via UTL_HTTP, APEX_WEB_SERVICE, etc. must therefore communicate with the DBA for certificate maintenance tasks, which is time-consuming.

The idea is to add a built-in PL/SQL package, tentatively named DBMS_WALLET, that could be used to add, update, delete and list certificates and perform other relevant actions. The EXECUTE privilege on the package could be granted to trusted developers. Setup and maintenance of certificates could also be scripted using PL/SQL if this package existed.

Certificates are just plain text, and could therefore be passed to an add/update procedure via a CLOB parameter. The package could handle the storage of the certificate at the OS level, or the certificate could even be stored in some internal database table (this would require a change to how UTL_HTTP retrieves certificate info, though).

See also https://twitter.com/mortenbraten/status/1259587371479203843

FatMartinRAnton SchefferMortenBraten2981413b6221e96-21c2-4411-83dc-174d64482b51MarkusHohlochApexBinecormacoSullivanKBilly VerreynneTobias ArnholdSenthil LawanyaUser_Z9WW3Davor MTinchatns42Crnogorac MiroslavMatt PaineStefan Dobre[Deleted User]SatupledOmar M. SawalhahGregVOlafur TludodbaberxBartCernUser_OFE7SUser_BE6JKJorge RimblasJuergen SchusterjozzhAlex NuijtenandremlUser_EE1AEChristian Neumueller-OraclePhilipp Salvisbergyachtsman60TyskJohanUser_S24QDPatrick Wolf-OracledebebusErik van RoonMiloBandit-OracleSven W.Niels Heckersdstuber
47 votes

Active · Last Updated

Comments