How to pass Oracle Wallet auth to sh script?

dba.stackexchange https://dba.stackexchange.com/questions/260704

  •  25-02-2021
  •  | 
  •  

Question

I am running an Oracle DB update script that requires password. I have Oracle wallet installed. How to pass Oracle wallet to sh script so that I don't have to enter password when running the script?

I have my sqlnet.ora 

sqlnet.expire_time=60
sqlnet.inbound_connect_timeout=300
sqlnet.allowed_logon_version_server=10
sqlnet.allowed_logon_version_client=10

WALLET_LOCATION =
(SOURCE =
   (METHOD = FILE)
      (METHOD_DATA =
          (DIRECTORY = /oracle/app/oracle/product/base19/19/network/admin/wallet)
   )
)

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = TRUE

Credentials are correctly installed:
$ mkstore -wrl "/oracle/app/oracle/product/base19/19/network/admin/wallet" -listCredential

Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.4.0.0.0
Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.

Enter wallet password:   
List credential (index: connect_string username)
1: SID USER PASSWORD

I am running a script update_sql.sh: 

#!/bin/bash
sqlplus cobrball @release.sql

release.sql: 

spool release.log;
exit;
Was it helpful?

Solution

Create an auto-login wallet.

Creating an Auto-Login Wallet

Then connect to the database using the below syntax:

sqlplus /@connect_string @release.sql

connect_strings must be the same connect_string that is stored in the wallet. Otherwise the credentials in the wallet will not be used.

OTHER TIPS

Pass the name of the required wallet entry to sqlplus in this form: 

sqlplus /@entry-name

In your case, I tihnk this will be 

sqlplus /@SID

Note that you should have a TNS Alias with the same name (here "SID"), that describes how the client should get to the target database.

Personally, I'd suggest naming your wallet entries with something more purposeful than just where they're going. If you ever find yourself needing two connections to the same database for different purposes, then having two separate wallet entries makes that simplicity itself. 

mkstore -wrl . -createCredential SID_read_only user1 password1 
mkstore -wrl . -createCredential SID_update    user2 password2

If you only have one wallet entry that goes to the database, then it might mean one or other process running with far more (or less) privileges than it actually requires.

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top