As a DBA (or developer), you often need to make connection to your Oracle database from shell scripts.
That’s not a big deal if you connect locally to the database through the Linux/Unix account that owns the instance with “/ a sysdba”. But what if you need to connect to a remote database or a local database with a specific user?
Here are the solutions I have most often seen:
- Clear password in the shell script
- Clear password in a parameter file loaded from the shell script
- Environnement variable with clear password
- Function which decrypt a encrypted password, stored in a parameter file loaded from the shell script (more secure but easily breakable)
As you might have guessed, none of these solutions is secure!
Fortunately, Oracle provides us a free feature that allows you to get rid of clear passwords from your shell scripts:Secure external password store (also known as “SEPS” or “Oracle Wallets”).
The only prerequisite is to use Oracle 10gR2 or onward.