There are several articles of how to use Secure External Password Store, e.g. Using The Secure External Password Store [ID 340559.1] and official doc Managing the Secure External Password Store for Password Credentials or Oracle’s White Paper Secure External Password Store. However, the main utility mkstore is not a part of Instant Client package. So how to use it?
I guess it is possible to create and edit wallet on the one of the server machines where all the commands needed definitely present and then copy it to the local machine, but let’s try another way.
mkstore actually is a shell script file located as bin/mkstore.bat on Windows and bin/mkstore on Unix in a standard Oracle Client installation. So copy it to our Instant Client directory, make some edits and copy other java libraries which could be necessary to run mkstore. Finally I’ve got it as such (for Windows client)
@ECHO OFF SETLOCAL SET ORACLE_HOME=%HOMEPATH%\Apps\instantclient_11_2 REM Get the command line arguments set args= :loop if !%1==! goto :done set args=%args% %1 shift goto :loop :done REM Classpath for mkstore, copy these libraries from full installation SET CP=%ORACLE_HOME%\oraclepki.jar SET CP=%CP%;%ORACLE_HOME%\osdt_core.jar SET CP=%CP%;%ORACLE_HOME%\osdt_cert.jar java -classpath %CP% oracle.security.pki.OracleSecretStoreTextUI %args% endlocal
All other action should be done as usual: create a wallet location and the wallet itself, edit sqlnet.ora, create credentials and so on. It worked for me.
A look to Unix version of mkstore suggests to add two more libraries: encryption/jlib/ojpse.jar and ldap/test/lib/emma.jar; these could be useful for cases I’m not able to test.