8.3.2.4 Step 3: Add the Wallet Vault Reference (Optional)

To the same JSON file, add the wallet location. The wallet location value is a vault reference.

This step is optional. With this configuration, you can store an Oracle wallet in a remote store using OCI Object Storage.

1. Ensure that you have created either OCI Vault or Azure Key Vault with your wallet data stored as a secret, as explained in Prerequisites for Using the OCI Object Storage JSON File.
2. Specify the wallet_location object with the wallet data.

   • type: Type of vault used. Specify ocivault for OCI Vault and azurevault for Azure Key Vault.

   • value: For OCI Vault, specify the OCID of the secret stored in your vault. You can get this value from the Secret Details page under Secret Information in the OCI console. For example: "ocid2.vaultsecret.my-wallet-secret-id"

     For Azure Key Vault, specify the URI value of Azure Key Vault. You can get this value from the Azure portal or use REST API that gives details about vault. For example: "https://dbclients.vault.azure.net/secrets/saleswallet"

   • authentication: Authentication parameters to access the Azure Key Vault secrets store:

     { 
       "azure_client_id" : "<client id>", 
       "azure_client_secret" : "<secret>",
       "azure_tenant_id" : "<tenant id>" 
     }

     You can access OCI Vault using the authentication parameters set at the command line in the connect identifier.

   The following sales.json file shows the user, password, and wallet_location attributes along with connect_descriptor, configured for the sales.myexample.com service. The password and wallet data are stored in Azure Key Vault.

   { 
    "connect_descriptor" : "(DESCRIPTION=
                              (ADDRESS=
                                 (PROTOCOL=TCP) 
                                 (HOST=my sales dbserver)
                                 (PORT=1521))
                              (CONNECT_DATA=
                                 (SERVER=DEDICATED)
                                 (SERVICE_NAME=sales.myexample.com))
                            )"
    "user" : "admin",  
    "password" : {
       "type" : "azurevault",
       "value" : "https://dbclient.vault.azure.net/secrets/salesdbpasswd",
       "authentication" : {
          "azure_client_id" : "a12a1b12-ab12-1ab1-a1b2-12345a123aba",
          "azure_client_secret" : "A1B1A~ABCabc~ABaAbAb1223ABAB12abc_abcd",
          "azure_tenant_id" : "1a123ab1-a1b2-1a12-a1b1-a12bcdab01234"
       }
    },
    "wallet_location" : {
       "type" : "azurevault",
       "value" : "https://dbclient.vault.azure.net/secrets/saleswallet"
       "authentication" : {
          "azure_client_id" : "a12a1b12-ab12-1ab1-a1b2-12345a123aba",
          "azure_client_secret" : "A1B1A~ABCabc~ABaAbAb1223ABAB12abc_abcd",
          "azure_tenant_id" : "1a123ab1-a1b2-1a12-a1b1-a12bcdab01234"
    }  
   }

   Similarly, the following multi.json file shows the user, password, and wallet_location attributes along with connect_descriptor, specified for the sales and hr objects. The passwords and wallet data are stored in OCI Vault.

   { 
    "sales" : { 
       "connect_descriptor" : "(DESCRIPTION=
                                 (ADDRESS=
                                    (PROTOCOL=TCP)
                                    (HOST=my sales dbserver)
                                    (PORT=1521))
                                 (CONNECT_DATA=
                                    (SERVER=DEDICATED)
                                    (SERVICE_NAME=sales.myexample.com))
                               )"
       "user" : "admin", 
       "password" : { 
         "type" : "ocivault", 
         "value" : "ocid1.vaultsecret.my-password-secret-id"
       } 
       "wallet_location" : {
         "type" : "ocivault",
         "value" : "ocid2.vaultsecret.my-wallet-secret-id"
       }
    },
    "hr" : { 
       "connect_descriptor" : "(DESCRIPTION=
                                 (ADDRESS=
                                    (PROTOCOL=TCP)
                                    (HOST=my dbserver.my.example.com)
                                    (PORT=1521))
                                 (CONNECT_DATA=
                                    (SERVER=DEDICATED)
                                    (SERVICE_NAME=hr.my.example.com))
                              )" 
       "user" : "admin", 
       "password" : { 
         "type" : "ocivault", 
         "value" : "ocid1.vaultsecret.my-password-secret-id" 
       } 
       "wallet_location" : {
         "type" : "ocivault",
         "value" : "ocid2.vaultsecret.my-wallet-secret-id"
       }
    } 
   }

3. Store your updated JSON file in the OCI Object Storage:

   In the OCI console, navigate to the Object Storage - Bucket Details page of your bucket and upload the file to that bucket under Objects.