Table of Contents
Depending on the type of store deployment, there are two ways passwords can be externally stored. For Enterprise Edition (EE) deployments, Oracle Wallet is used. For Community Edition (CE) deployments, a simple read protected clear-text password file is used.
In the most basic mode of operation, external passwords are used only by the server to track the keystore password. User passwords, which are stored securely within the database, can also be supplied during client authentication.
When a password store is used as a component of a login file,
the alias that is used for either password store type should be
the username to which the password applies. For example, for a user
named root, the password should be stored under the
alias root.
When a password store is used as part of the server, the alias keystore
is used. The user password store should be a completely different file
than the one in the security directory located under KVROOT.
The following commands provide functionality to
manipulate Oracle wallet stores within the securityconfig tool.
These commands are available in EE only. For more
information on the securityconfig tool, see
Configuring Security with Securityconfig.
To create a new auto-login wallet, run the wallet create
command:
wallet create -dir <wallet directory>
Auto-login wallets store passwords in an obfuscated state. Access to the wallet is secured against reading by unauthorized users using the OS-level login.
To manipulate secrets (passwords), which are associated
with a name (alias), run the wallet
secret command:
wallet secret
-dir <wallet directory>
{-set | -delete} -alias <alias>
If the -set option is specified, the user is prompted for a new password for the specified alias and required to verify the new secret.
If the -delete option is specified, the secret is deleted from the store.
Special considerations should be taken if Oracle wallet is used and you are deploying your Oracle NoSQL Database. For more information, see Guidelines for Deploying Secure Applications.