Oracle Wallet Password Stores allow the driver to retrieve database credentials from an Oracle Wallet to be used when authenticating to the server. Using Oracle Wallet Password Stores simplifies password management by centrally storing database credential information, thereby providing a method to modify the user ID and password without changing application code. In addition, by storing credentials in a wallet, security is improved by eliminating the need include passwords in the application code or scripts.
When this feature is enabled, the driver retrieves the user ID and password for a database from the Oracle Wallet file specified by the Credentials Wallet Path (CredentialsWalletPath) option. Since multiple sets of database credentials can be stored in a wallet file, the driver retrieves only the user name and password associated with the string specified by the CredentialsWalletEntry (CredentialsWalletEntry). After the user ID and password are retrieved, the driver uses these credentials to authenticate to the server.
Entries for data base connection credentials in a wallet are created using the following syntax from a command line:
From these entries, you can determine the values for the Credentials Wallet Path and Credentials Wallet Entry options when configuring the driver.
To enable authentication using a Oracle Wallet password store:
Set the Authentication Method (AuthenticationMethod) option to 14 (Wallet UID & PWD).
Set the Credentials Wallet Path (CredentialsWalletPath) option to specify the fully-qualified path to the Oracle Wallet file in which your database credential information is stored. The driver supports ewallet.p12 and cwallet.sso files for wallets.
Set the Credentials Wallet Entry (CredentialsWalletEntry) to specify the string value used to identify database credential information stored in your Oracle Wallet. This value is defined when creating or modifying credentials stored in a wallet and is typically a net service name, Oracle service name, or host:port:SID string, but can be any value specified by the user. Credentials Wallet Entry provides a method to retrieve the correct credentials when multiple user name and password pairs are stored in a wallet file.
If you are using an ewallet.p12 file for your wallet, set the Wallet Password (CredentialsWalletPassword) to specify the password used to access the Oracle Wallet in which your database credential information is stored. The wallet password is typically configured when the wallet is created.
Note: On the GUI, the Wallet Password is exposed on the Logon dialog.
When using an Oracle Wallet password store (AuthenticationMethod=14), specifying values for the User Name (LogonID) or Password (Password) options returns a warning and the values are ignored.
If you are using an cwallet.sso file, you do no need to specify a value for the Wallet Password option. The password for the wallet is stored in this file and, therefore, no value for this option needs to be provided.
Set the Authentication Method (AuthenticationMethod) option to 14 (Wallet UID & PWD).