Oracle Wallet Manager – External Password Store

Share on:

Configuring catalogue users to Use the External Password Store

oracle wallet amanger

This era of security is a major concern. Organizations use various password management safe to meet the compliance requirements. Protecting database schema and passwords are very important factors for any organization. In this article, I’m going to focus on securing the RMAN (Recovery Manager) catalogue user passwords login.

Oracle Wallet is a really user-friendly option that enables autologin feature without supplying a password. It is no longer a part of Oracle Advanced Security. This feature is available in all licensed editions of all supported releases of the Oracle database.

The link below provides more information about the Oracle Wallet Manager as an external password store:

https://docs.oracle.com/middleware/1213/wls/JDBCA/oraclewallet.htm#JDBCA596

This explanation will be useful for those who are new to Oracle Wallet.

 

What is the use of Oracle Wallet?

Oracle Wallet provides a simple and easy method to manage database credentials across multiple domains. It allows you to update database credentials by updating the Wallet instead of having to change individual data source definitions. This is accomplished by using a database connection string in the data source definition that is resolved by an entry in the Wallet.

This feature can be taken a step further by also using the Oracle TNS (Transparent Network Substrate) administrative file to hide the details of the database connection string (hostname, port number, and service name) from the data source definition and instead use an alias. If the connection information changes, it is simply a matter of changing the tnsnames.ora file instead of potentially many data source definitions.

The Wallet can be used to have common credentials between different domains. That includes two different WLS domains or sharing credentials between WLS and the database. When used correctly, it makes having passwords in the data source configuration unnecessary.

 

Here are the steps to create Wallet and add a user credential to Wallet:

 

Create Wallet

mkstore -wrl /u01/app/oracle/admin/wallet -create

Wallet password : 0racle123#

[oracle@crs01 wallet]$ mkstore -wrl /u01/app/oracle/admin/wallet -create
Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Enter password:
PKI-01002: Invalid password. Passwords must have a minimum length of eight characters and contain alphabetic characters combined with numbers or special characters.
Enter password:
Enter password again:
[oracle@crs01 wallet]$ ls -lrth
total 8.0K
-rw-------. 1 oracle oinstall   0 Sep 29 14:32 ewallet.p12.lck
-rw-------. 1 oracle oinstall 149 Sep 29 14:32 ewallet.p12
-rw-------. 1 oracle oinstall   0 Sep 29 14:32 cwallet.sso.lck
-rw-------. 1 oracle oinstall 194 Sep 29 14:32 cwallet.sso

 

Add user to Wallet and verify

[oracle@crs01 admin]$ mkstore -wrl /u01/app/oracle/admin/wallet -createCredential RMAN_CAT_PDB  RMAN_TWHSE rman_twhse
Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
[oracle@crs01 admin]$  mkstore -wrl /u01/app/oracle/admin/wallet -listCredential
Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
2: RMAN_CAT_PDB RMAN_TWHSE
1: TWHSE_PDB CHANAKA
[oracle@crs01 admin]$

 

Login to the catalogue database

[oracle@crs01 admin]$ sqlplus /@rman_cat_pdb

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Oct 12 16:00:11 2021
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Last Successful login time: Tue Oct 12 2021 15:55:17 -04:00

Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
SQL> show user
USER is "RMAN_TWHSE"
SQL>W

 

Login RMAN catalogue without specifying the password

[oracle@crs01 admin]$ rman target / catalog /@rman_cat_pdb

Recovery Manager: Release 19.0.0.0.0 - Production on Tue Oct 12 16:02:14 2021
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle and/or its affiliates.  All rights reserved.

connected to target database: TWHSE01 (DBID=3636451434)
connected to recovery catalog database

RMAN> create catalog tablespace RMAN_TWHSE_TBS;

recovery catalog created

RMAN> register database;

database registered in recovery catalog
starting full resync of recovery catalog
full resync complete

RMAN>

 

Modify catalogue user password

mkstore -wrl /u01/app/oracle/scripts/tns -modifyCredential RMAN_CAT_PDB  RMAN_TWHSE rman_twhse_123
Share on:

More from this Author

OCI OEM Installation – (Using Market Place Image)

OCI OEM Installation – (Using Market Place Image)

  Introduction Monitoring plays a major part in mission-critical environments. Most businesses depend on IT infrastructure.  As the ... Read More

OCI Tablespace Creation Error ORA 28361 Master Key not yet set for CREATE TABLESPACE in OCI DBCS

OCI Tablespace Creation Error – ORA-28361: Master Key not yet set for CREATE TABLESPACE in OCI DBCS

Introduction We are living in a data era. Every organization invests in a colossal sum of money to secure its IT infrastructure environment. ... Read More

Back to Top