Scope
Usually a user name and password are specified when connecting to a database.
- Such configurations are considered being insecure as the passwords are stored in clear text in external files or in job parameters.
- The Oracle Wallet® provides a means to connect to a database without specifying user and password.
Oracle Wallet
Documentation
The Oracle Wallet® configuration is described in the Oracle documentation:
- Configuring clients to use the External Password Store e.g. in http://docs.oracle.com/cd/B19306_01/network.102/b14266/cnctslsh.htm#CBHEHGCE
- Or in a bit more condensed version on Oracle-Base web site e.g. in https://oracle-base.com/articles/10g/secure-external-password-store-10gr2
- The location of the docs depend on the specific Oracle version in use.
Usage
Once Oracle Wallet® is configured for the user that will trigger the jobs, the user is able to connect to an Oracle database without password specification, e.g. by using sqlplus /@db11g
Prerequisites
Prerequisites to execute SQL*Plus with Oracle Wallet® on Linux:
- Oracle client installed
- Environment variables being set:
ORACLE_HOME
,LD_LIBRARY_PATH
=$ORACLE_HOME/lib,TNS_ADMIN
Prerequisites to execute shell scripts from JobScheduler Master that call SQL*Plus with Oracle Wallet®:
- Copy declaration and initialization with export of the environment variables to the script
./user_bin/jobscheduler_environment_variables.sh
ORACLE_HOME=/some_location
LD_LIBRARY_PATH=$ORACLE_HOME/lib
TNS_ADMIN=/some_location
export ORACLE_HOME LD_LIBRARY_PATH TNS_ADMIN- This script is executed on JobScheduler start in the context of the user account that JobScheduler is operated for. The environment variables are forwarded to subsequent jobs.
- Restart JobScheduler
Hints
- The Oracle Wallet® cannot be copied to other server/or user, it should be configured separately per each environment.
- The same mechanism is available for JobScheduler Agent that allows to set and to export environment variables from its instance script.