Download Client Credentials (Wallets)

Oracle client credentials (wallet files) are downloaded from Autonomous Transaction Processing by a service administrator. If you are not an Autonomous Transaction Processing administrator, your administrator should provide you with the client credentials.

To download client credentials you can use the Oracle Cloud Infrastructure console or the Autonomous Transaction Processing Service Console.

To download client credentials from the Oracle Cloud Infrastructure console:

  1. Navigate to the Autonomous Transaction Processing details page.
  2. Click DB Connection.
  3. On the Database Connection page select the Wallet Type:
    • Instance Wallet: Wallet for a single database only; this provides a database-specific wallet.
    • Regional Wallet: Wallet for all Autonomous Databases for a given tenant and region (this includes all service instances that a cloud account owns).

    Note:

    Oracle recommends you provide a database-specific wallet, using Instance Wallet, to end users and for application use whenever possible. Regional wallets should only be used for administrative purposes that require potential access to all Autonomous Databases within a region.
  4. Click Download Wallet.
  5. In the Download Wallet dialog, enter a wallet password in the Password field and confirm the password in the Confirm Password field.
    The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. This password protects the downloaded Client Credentials wallet.
  6. Click Download to save the client security credentials zip file.

    By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want.

    You must protect this file to prevent unauthorized database access.

To download client credentials from the Autonomous Transaction Processing Service Console:

  1. From the Service Console click the Administration link.

  2. Click Download Client Credentials (Wallet).

  3. On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field and confirm the password in the Confirm Password field. The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character. This password protects the downloaded Client Credentials wallet.

  4. Click Download to save the client security credentials zip file. By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file to prevent unauthorized database access.

When you use the Service Console to download a wallet there is no Wallet Type option on the Download Client Credentials (Wallet) page and you always download an instance wallet. If you need to download the regional wallet, use DB Connection on the Oracle Cloud Infrastructure console as specified above.

The zip file includes the following:

  • tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net client side configuration.

  • cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the wallet password provided in the UI.

  • keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet password provided while downloading the wallet.

  • ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This should be in the same path as tnsnames.ora.

Notes:

  • To invalidate database client certification keys associated with a wallet, see Rotate Wallets for Autonomous Database.

  • Wallet files, along with the Database user ID and password provide access to data in your Autonomous Transaction Processing database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

  • For better security, Oracle recommends using restricted permissions on wallet files. This means setting the file permissions to 600 on Linux/Unix. Similar restrictions can be achieved on Windows by letting the file owner have Read and Write permissions while all other users have no permissions.

  • Autonomous Database uses strong password complexity rules for all users based on Oracle Cloud security standards. For more information on the password complexity rules see Create Users with Autonomous Transaction Processing.