Subscribe to Posts by Email

Subscriber Count

    699

Disclaimer

All information is offered in good faith and in the hope that it may be of use for educational purpose and for Database community purpose, but is not guaranteed to be correct, up to date or suitable for any particular purpose. db.geeksinsight.com accepts no liability in respect of this information or its use. This site is independent of and does not represent Oracle Corporation in any way. Oracle does not officially sponsor, approve, or endorse this site or its content and if notify any such I am happy to remove. Product and company names mentioned in this website may be the trademarks of their respective owners and published here for informational purpose only. This is my personal blog. The views expressed on these pages are mine and learnt from other blogs and bloggers and to enhance and support the DBA community and this web blog does not represent the thoughts, intentions, plans or strategies of my current employer nor the Oracle and its affiliates or any other companies. And this website does not offer or take profit for providing these content and this is purely non-profit and for educational purpose only. If you see any issues with Content and copy write issues, I am happy to remove if you notify me. Contact Geek DBA Team, via geeksinsights@gmail.com

Pages

18c Database : Encrypt DB Link Passwords

In previous releases of Oracle, the database links and scheduler links password are stored in password column in sys.link$ and sys.scheduler$_link table, however the passwords are obfuscated not encrypted.

We can encrypt the obfuscated password in 18c using "alter database dictionary" command.

Create a keystore and define encryption method

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/etc/ORACLE/WALLETS/orcl' IDENTIFIED BY password;
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "password";
ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY IDENTIFIED BY "password" WITH BACKUP;

Alter dictionary to encrypt the credentials

ALTER DATABASE DICTIONARY ENCRYPT CREDENTIALS;

For all in a container database use

ALTER DATABASE DICTIONARY ENCRYPT CREDENTIALS CONTAINER = ALL;

Now the password columns in the link$ and scheduler$_link passwords are encrypted. When you do export and import you must provide the encryption password for wallet to ensure the passwords are decrypted while  expdp/impdp

-Suresh

Comments are closed.