DBA Hub

šŸ“‹Steps in this guide1/27

How to Create an Oracle Wallet for Applications to Use

Learn how to create and configure an Oracle Wallet for applications to securely connect to Oracle databases. Step-by-step guide with mkstore, auto-login wallet, examples, and best practices.

oracle configurationintermediate
by OracleDba
13 views
1

Introduction

In modern enterprise environments, security is not optional it is mandatory. Applications frequently need to connect to Oracle databases using credentials, certificates, or secure communication channels. Hardcoding usernames and passwords inside application code or configuration files is a major security risk. This is where Oracle Wallet plays a crucial role. An Oracle Wallet is a secure container used to store authentication credentials, SSL certificates, encryption keys, and database passwords. It allows applications to connect to Oracle databases without exposing sensitive credentials . In this blog, we will cover: - What Oracle Wallet is - Why applications need Oracle Wallet - Types of Oracle Wallets - Step-by-step process to create an Oracle Wallet - How applications use Oracle Wallet - Common issues and best practices
2

Why Applications Need Oracle Wallet

Applications often face the following security challenges: - Hardcoded database passwords - Password exposure in config files - Difficulty rotating passwords - Non-compliance with security standards
3

Benefits of Using Oracle Wallet

- No hardcoded credentials - Centralized credential management - Easy password rotation without code changes - Strong encryption for stored secrets - Supports SSL/TLS for secure connections - Required for Autonomous Database and TCPS connections
4

1. Password-Based Wallet

- Protected by a wallet password - Must be opened manually - Suitable for interactive environments
5

2. Auto Login Wallet (cwallet.sso)

- No password required at runtime - Automatically opens when accessed - Recommended for application usage Most applications use Auto Login Wallets .
6

Prerequisites

Before creating an Oracle Wallet, ensure: - Oracle Client or Database software is installed - ORACLE_HOME is set correctly - utility is available - OS user has permissions on wallet directory
7

On Linux / Unix

Code/Command (click line numbers to comment):

1
2
mkdir -p /u01/app/wallets/app_wallet
chmod 700 /u01/app/wallets/app_wallet
8

On Windows

> šŸ” Tip: Wallet directory should be owned by the application or Oracle user. šŸ” Tip: Wallet directory should be owned by the application or Oracle user.

Code/Command (click line numbers to comment):

1
mkdir C:\oracle\wallets\app_wallet
9

Step 2: Create the Oracle Wallet

Use the mkstore utility.
10

Linux / Unix

Code/Command (click line numbers to comment):

1
mkstore -wrl /u01/app/wallets/app_wallet -create
11

Windows

You will be prompted to set a wallet password. Wallet files created: -

Code/Command (click line numbers to comment):

1
mkstore -wrl C:\oracle\wallets\app_wallet -create
12

Step 3: Create Auto Login Wallet (Recommended)

Auto login wallet allows applications to access the wallet without a password.
13

Linux

Code/Command (click line numbers to comment):

1
mkstore -wrl /u01/app/wallets/app_wallet -createALogin
14

Windows

This creates: -

Code/Command (click line numbers to comment):

1
mkstore -wrl C:\oracle\wallets\app_wallet -createALogin
15

Syntax

Code/Command (click line numbers to comment):

1
mkstore -wrl <wallet_location> -createCredential <db_connect_string> <username> <password>
16

Example (Linux)

Code/Command (click line numbers to comment):

1
2
mkstore -wrl /u01/app/wallets/app_wallet \
-createCredential orclpdb app_user Welcome@123
17

Example (Windows)

Code/Command (click line numbers to comment):

1
mkstore -wrl C:\oracle\wallets\app_wallet -createCredential orclpdb app_user Welcome@123
18

Step 5: Verify Wallet Contents

Output example:

Code/Command (click line numbers to comment):

1
2
3
4
mkstore -wrl /u01/app/wallets/app_wallet -listCredential

List credential (index: connect_string username)
1: orclpdb app_user
19

Step 6: Configure sqlnet.ora

Applications and Oracle clients must know the wallet location. Edit > šŸ”¹ ensures wallet credentials override login prompts. šŸ”¹ ensures wallet credentials override login prompts.

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
8
9
WALLET_LOCATION =
 (SOURCE =
   (METHOD = FILE)
   (METHOD_DATA =
     (DIRECTORY = /u01/app/wallets/app_wallet)
   )
 )

SQLNET.WALLET_OVERRIDE = TRUE
20

Using SQL*Plus (No Password)

Code/Command (click line numbers to comment):

1
sqlplus /@orclpdb
21

JDBC Connection Example

Code/Command (click line numbers to comment):

1
2
3
4
5
String url = "jdbc:oracle:thin:@orclpdb";
Properties props = new Properties();
props.put("oracle.net.wallet_location", "/u01/app/wallets/app_wallet");

Connection conn = DriverManager.getConnection(url, props);
22

TNS Entry Example (tnsnames.ora)

Code/Command (click line numbers to comment):

1
2
3
4
5
6
7
ORCLPDB =
 (DESCRIPTION =
   (ADDRESS = (PROTOCOL = TCP)(HOST = dbhost)(PORT = 1521))
   (CONNECT_DATA =
     (SERVICE_NAME = orclpdb)
   )
 )
23

Common Use Cases for Oracle Wallet

- Secure application-to-database connectivity - SSL/TLS database connections (TCPS) - Oracle Autonomous Database - Database links without passwords - REST API authentication - OCI services integration
24

ORA-01017: Invalid username/password

- Check wallet credentials - Verify connect string
25

ORA-28759: Failed to open file

- Check wallet directory permissions - Verify wallet path in sqlnet.ora
26

ORA-29024: Certificate validation failure

- Ensure correct SSL certificates - Verify wallet contains trusted certs
27

Best Practices

- Always use Auto Login Wallet for applications - Restrict wallet directory permissions - Never commit wallet files to source control - Rotate passwords using without code changes - Backup wallet securely

Comments (0)

Please to add comments

No comments yet. Be the first to comment!