In modern database environments, security and ease of connectivity are paramount. Oracle Wallet is a powerful feature provided by Oracle Database that serves as a secure container to store authentication and signing credentials, such as private keys, certificates, and most importantly for this guide, database user credentials . The primary benefit of using an Oracle Wallet as an External Password Store (EPS) is the ability to achieve passwordless connections . This eliminates the need to hard-code usernames and passwords in application code, configuration files, or shell scripts, significantly improving security and simplifying credential management. While Oracle Wallet is crucial for features like Transparent Data Encryption (TDE) and SSL/TLS, this guide focuses specifically on its use for storing database login credentials, which is a common and highly sought-after configuration in both Oracle Database 19c and 21c .

An Oracle Wallet is a password-protected container that securely stores sensitive information such as: - TDE master encryption keys TDE master encryption keys - Database credentials Database credentials - SSL certificates SSL certificates - Private keys Private keys

Ensure the following before you proceed: - Oracle Database 19c or 21c installed Oracle Database 19c or 21c installed - OS user: OS user: - Oracle Home & ORACLE_SID set Oracle Home & ORACLE_SID set - Sufficient permissions on wallet directory Sufficient permissions on wallet directory - and utility available

This guide explains how to create and configure an Oracle Wallet for secure, passwordless database connections using Oracle Database 19c / 21c .

First, create a secure directory to store the wallet files. On Windows OS On Linux > Best Practice: Keep the wallet directory outside ORACLE_HOME and restrict permissions. Best Practice: Keep the wallet directory outside ORACLE_HOME and restrict permissions.

Use the utility to create the wallet. On Windows On Linux Example Output > This password protects the wallet ( ). This password protects the wallet ( ).

After creation, verify the wallet directory. Expected Files - → Password-protected wallet → Password-protected wallet - → Auto-login wallet (created automatically in most cases) → Auto-login wallet (created automatically in most cases) > If is missing, password-based wallet will still work, but DB startup may require manual wallet opening. If is missing, password-based wallet will still work, but DB startup may require manual wallet opening.

Before editing, identify the active Oracle Network directory: Look for: Navigate to: sqlnet.ora Configuration (Windows) sqlnet.ora Configuration (Linux) > Ensure there are no syntax errors in . Ensure there are no syntax errors in .

Connect as SYSDBA and create a common user (for CDB environments). > Skip this step if the user already exists. Skip this step if the user already exists.

Store credentials securely using the TNS alias. Syntax Example (Windows) Example (Linux)

Expected output:

Connect using only the TNS alias: If the connection succeeds, the wallet is working correctly. Setting up an Oracle Wallet as an External Password Store using the utility in Oracle Database 19c and 21c is a critical step in adopting a more secure and efficient database management practice. By centralizing credentials in a protected wallet and leveraging the power of TNS aliases, you can eliminate plaintext passwords, enhance overall security posture, and streamline application deployment. Explore more with Learnomate Technologies! Want to see how we teach? Head over to our YouTube channel for insights, tutorials, and tech breakdowns: www.youtube.com/@learnomate To know more about our courses, offerings, and team: Visit our official website: www.learnomate.org Interested in mastering Oracle Database Administration? Check out our comprehensive Oracle DBA Training program here: https://learnomate.org/oracle-dba-training/ Want to explore more tech topics? Check out our detailed blog posts here: https://learnomate.org/blogs/ And hey, I’d love to stay connected with you personally! Let’s connect on LinkedIn: Ankush Thavali Happy learning! Ankush😎