1. Getting Started with Oracle Autonomous Database for Transaction Processing and Mixed Workloads
  2. Connecting to Autonomous Database
  3. Download Client Credentials (Wallets)

Download Client Credentials (Wallets)

To download client credentials you can use the Oracle Cloud Infrastructure Console or Database Actions.

Note:

The password you provide when you download the wallet protects the downloaded Client Credentials wallet.

For commercial regions, the wallet password complexity for the password you supply requires the following:

  • Minimum of 8 characters
  • Minimum of 1 letter
  • Minimum of 1 numeric character or 1 special character
For US Government regions, the wallet password complexity requires all of the following:
  • Minimum of 15 characters
  • Minimum of 1 lowercase letter
  • Minimum of 1 uppercase letter
  • Minimum of 1 numeric character
  • Minimum 1 special character

To download client credentials from the Oracle Cloud Infrastructure Console:

  1. Navigate to the Autonomous Database details page.
  2. Click DB Connection.
  3. On the Database Connection page select the Wallet Type:
    • Instance Wallet: Wallet for a single database only; this provides a database-specific wallet.
    • Regional Wallet: Wallet for all Autonomous Databases for a given tenant and region (this includes all service instances that a cloud account owns).

    Note:

    Oracle recommends you provide a database-specific wallet, using Instance Wallet, to end users and for application use whenever possible. Regional wallets should only be used for administrative purposes that require potential access to all Autonomous Databases within a region.
  4. Click Download Wallet.
  5. In the Download Wallet dialog, enter a wallet password in the Password field and confirm the password in the Confirm Password field.
  6. Click Download to save the client security credentials zip file.

    By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want.

    You must protect this file to prevent unauthorized database access.

To download client credentials from Database Actions:

First, access Database Actions as the ADMIN user. See Access Database Actions as ADMIN for more information.

  1. Access Database Actions as the ADMIN user. See Access Database Actions as ADMIN for more information.

  2. On the Database Actions Launchpad, under Administration, select Download Client Credentials (Wallet).

  3. On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field and confirm the password in the Confirm Password field.

  4. Click Download to save the client security credentials zip file. By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file to prevent unauthorized database access.

Note:

When you use Database Actions to download a wallet there is no Wallet Type option on the Download Client Credentials (Wallet) page and you always download an instance wallet. If you need to download the regional wallet use DB Connection on the Oracle Cloud Infrastructure Console.

The zip file includes the following:

  • tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net client side configuration.

  • cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. The PKCS12 file is protected by the wallet password provided while downloading the wallet.

  • keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet password provided while downloading the wallet.

  • ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This should be in the same path as tnsnames.ora.

  • README: Contains wallet expiration information and links for Autonomous Database tools and resources.

    See Wallet README File for information on the contents of the README file.

Notes for wallet files and the wallet password:

  • Wallet files, along with the Database user ID and password provide access to data in your database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

  • For better security, Oracle recommends using restricted permissions on wallet files. This means setting the file permissions to 600 on Linux/Unix. Similar restrictions can be achieved on Windows by letting the file owner have Read and Write permissions while all other users have no permissions.

  • Autonomous Database uses strong password complexity rules for all users based on Oracle Cloud security standards. For more information on the password complexity rules see Create Users on Autonomous Database.

  • The README file that contains wallet expiration information is not available in wallet zip files that were downloaded before April 2020.

  • Starting six weeks before the wallet expiration date Autonomous Database sends notification emails each week, indicating the wallet expiration date. These emails provide notice before your wallet expires that you need to download a new wallet. You will receive these notification emails only if there is a connection that uses a wallet that is about to expire.

    You can also use the WalletExpirationWarning event to be notified when a wallet is due to expire. You will receive these notification events only if you are subscribed to Critical events and there is a connection that uses a wallet that is about to expire. See About Events Based Notification and Automation on Autonomous Database for more information.