Securing passwords using oracle wallet

Hardcoding passwords is not a good idea; I have hardcoding my passwords in a lot of my scripts these days and i was asked to share a few scripts with another guy in my team. He has his own db accounts and i was asked to give him execute access to some of my scripts.

I was not confortable sharing my password because the scripts were doing some serious DB operations and I was looking for an option which will have minimal changes to my scripts. After going through the oracle documenation i realized that i can use oracle wallet and changed my scripts to use the wallet entries instead of hardcoding the usernames and passwords.

Now, the script stays the same but myself and my colleage have different wallets set up and oracle picks up the account details from the respective wallets depending upon who is running the script.

This is how we can setup an oracle wallet to store our passwords.

1. First step is to create the wallet, which can be done by running the following command

$  mkstore -wrl -create
Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

2. Now store the wallet in the current directory. In my case i’m saving it in my home directory. Oracle asks you to create a password to protect the wallet from any unauthorized access.

$ mkstore -wrl ./wallet -create
Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter password:
Enter password again:

3. Add database connection (including connetion_string, username and password)

$mkstore -wrl ./wallet -createCredential <ConnectionString> <UserName> <Password>

Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
Create credential oracle.security.client.connect_string1

4. We can check for the entries in the wallet by using the below given command

$ mkstore -wrl ./wallet -listCredential

Oracle Secret Store Tool : Version 11.2.0.2.0 – Production
Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:
List credential (index: connect_string username)
1: <ConnectionString> <UserNname>

Or delete/Modify the enties in the wallet

$mkstore -wrl ./wallet -modigyCredential <db_connection_string> <username> <password>
$mkstore -wrl ./wallet -deleteCredential <db_connection_string>

5. Add the following lines to sqlnet.ora which is saved under TNS_ADMIN directory

 WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = <path of the wallet file>)))

SQLNET.WALLET_OVERRIDE = TRUE

6. Now you can login to the server as

$sqlplus /@<ConnectionString>

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s