How to set up a secure Oracle database connection using wallets
Create an encrypted Oracle Wallet using orapki or OWM, 2. Store credentials via mkstore with DB alias, username, and password, 3. Configure sqlnet.ora for wallet location and SSL settings, define TCPS connection in tnsnames.ora, 4. Connect using sqlplus /@DB_ALIAS or JDBC with wallet location; ensure strict permissions and backups.
To set up a secure Oracle database connection using wallets, you enable passwordless and encrypted authentication by storing credentials externally. This method improves security by removing passwords from application code and configuration files. Oracle Wallets support SSL/TLS connections and can manage multiple credentials securely.
1. Create and Configure the Oracle Wallet
The wallet stores authentication details like usernames, passwords, and SSL certificates in an encrypted format.
- Use Oracle Wallet Manager (OWM) or mkstore command-line tool to create the wallet.
- Run:
orapki wallet create -wallet /path/to/wallet -auto_loginto generate an auto-login wallet. - Alternatively, use SQL*Plus with
WALLET_LOCATIONdefined insqlnet.ora.
2. Add Database Credentials to the Wallet
Store the database connect string, username, and password inside the wallet.
- Use the
mkstorecommand:mkstore -wrl /path/to/wallet -createCredential DB_ALIAS USERNAME PASSWORD - Replace
DB_ALIASwith the TNS alias for your database. - Ensure the
TNS_ADMINenvironment variable points to the wallet directory.
3. Configure sqlnet.ora and tnsnames.ora
These files define how the client connects and uses the wallet.
- In
sqlnet.ora, add:WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = /path/to/wallet))) SQLNET.WALLET_OVERRIDE = TRUE
- Set connection type in
sqlnet.ora:SSL_SERVER_DN_MATCH=yesfor certificate validation. - In
tnsnames.ora, define the DB connection:DB_ALIAS = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = dbhost.example.com)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = orcl)))
4. Connect Using the Wallet
Once configured, connect without entering credentials.
- Use SQL*Plus:
sqlplus /@DB_ALIAS— it pulls credentials from the wallet. - Applications can use JDBC with
oracle.net.wallet_locationproperty. - Test connectivity and verify logs if authentication fails.
Keep the wallet file permissions strict (e.g., chmod 700 on the directory). Back up the wallet securely, as losing it means losing access unless credentials are stored elsewhere. Basically, this setup removes hardcoded passwords and enables strong encryption for Oracle connections.
The above is the detailed content of How to set up a secure Oracle database connection using wallets. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undresser.AI Undress
AI-powered app for creating realistic nude photos
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Popular tool
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
20521
7
13634
4
How to use Oracle APEX to build a low-code app? (Rapid Development)
Mar 13, 2026 am 12:48 AM
OracleAPEXislow-glue,notno-code:itskipsinfrastructurebutrequiresSQL,PL/SQL,anddeclarativelogic;ApplicationProcesseshandleserver-sidevalidationandsideeffects,DynamicActionsmanageclient-sideinteractivity;InteractiveGridneedskey-preservedsourcesforediti
How to troubleshoot the Oracle Listener startup? (Network Services)
Mar 10, 2026 am 12:58 AM
Oraclelistenerstartupfailuresstemfromsilentlistener.oraparsingerrors,hostnameresolutionissues,orpermissionproblems—notbinariesorports;validatesyntaxwithreload,checkownership,verifyactualconfigpath,testDNS,useexplicitIPs,confirmADR_BASE,enabletracingp
How to patch Oracle Grid Infrastructure? (System Maintenance)
Mar 10, 2026 am 01:00 AM
Three things must be confirmed before applying the GI patch: 1. The opatchlsinventory-detail output of each node is consistent; 2. OCR and VoteDisk are online and crsctlcheckcluster-all and ocrcheck both return SUCCESS; 3. $GRID_HOME/crs/install/rootcrs.sh-prepatch has been successfully executed.
How to manage Flashback Data Archive_Flashback Data Archive table space allocation
Mar 28, 2026 pm 04:06 PM
The reason why the FlashbackDataArchive table space is full is that the hidden history table (SYS_FBA_HIST_XXXXXX) occupies the table space where the main table is located and does not go through ASSM cleaning; you need to use ALTERFLASHBACKARCHIVE...MODIFYTABLESPACE to migrate to the local management automatic segment space table space, and manually clean up the orphan history table.
How to implement Transparent Data Encryption (TDE) in Oracle? (Data Security)
Mar 13, 2026 am 12:14 AM
OracleTDE must first enable and open the encrypted wallet (Wallet), otherwise ORA-28365 will be reported when executing ALTERTABLESPACE...ENCRYPTION; Wallet needs to be created, opened and managed through the ADMINISTERKEYMANAGEMENT command, and the path must be explicitly configured in sqlnet.ora and permissions must be ensured.
How to grant flashback permission_GRANT FLASHBACK ON and FLASHBACK ANY TABLE
Apr 03, 2026 pm 11:54 PM
FLASHBACK permissions must be explicitly granted: GRANTFLASHBACKONschema.tableTOuser for a single table, and GRANTFLASHBACKANYTABLETOuser for all tables; basic permissions such as SELECT and ALTER and row movement enablement are also required.
How to use JSON data types in Oracle Database? (NoSQL Features)
Mar 08, 2026 am 01:03 AM
In Oracle's JSON scenario, you should select VARCHAR2 (4000CHAR) plus ISJSON constraints (small documents) or BLOB plus ISJSON constraints (large documents), and disable CLOB; ISJSON is a column-level constraint syntax, not a function call; the JSON_VALUE path must be a string literal; JSON_EXISTS needs to be speeded up with the JSON_VALUE function index.
How to grant SYSDBA permissions_sysdba management of password files and OS authentication
Apr 03, 2026 am 08:54 AM
Ordinary users can be authorized through GRANTSYSDBATOusername; provided that the database enables password file authentication (REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE) and has logged in with SYS; there is no need to restart after authorization, but the connection needs to explicitly specify assysdba, and the user credentials must exist in the V$PWFILE_USERS view.
