icon Enroll in the OCI Weekend Batch – Don’t Miss the Free Session! ENROLL NOW
Icon Wakad : +919325408926 Icon kalewadi : +918983069523 Icon kharadi : +919325408926
Book a Free Demo
Let's Talk
  • User AvatarPradip
  • 13 Dec, 2025
  • 0 Comments
  • 3 Mins Read

How to Set Up Oracle Wallet in Oracle Database 19c & 21c

Introduction to Oracle Wallet and External Password Stores

In modern database environments, security and ease of connectivity are paramount. Oracle Wallet is a powerful feature provided by Oracle Database that serves as a secure container to store authentication and signing credentials, such as private keys, certificates, and most importantly for this guide, database user credentials.

The primary benefit of using an Oracle Wallet as an External Password Store (EPS) is the ability to achieve passwordless connections. This eliminates the need to hard-code usernames and passwords in application code, configuration files, or shell scripts, significantly improving security and simplifying credential management.

While Oracle Wallet is crucial for features like Transparent Data Encryption (TDE) and SSL/TLS, this guide focuses specifically on its use for storing database login credentials, which is a common and highly sought-after configuration in both Oracle Database 19c and 21c.

What Is Oracle Wallet?

An Oracle Wallet is a password-protected container that securely stores sensitive information such as:

  • TDE master encryption keys

  • Database credentials

  • SSL certificates

  • Private keys

Prerequisites Before Creating Oracle Wallet

Ensure the following before you proceed:

  • Oracle Database 19c or 21c installed

  • OS user: oracle

  • Oracle Home & ORACLE_SID set

  • Sufficient permissions on wallet directory

  • sqlplus and mkstore utility available

Step-by-Step Guide to Create Oracle Wallet (19c & 21c)

This guide explains how to create and configure an Oracle Wallet for secure, passwordless database connections using Oracle Database 19c / 21c.

Step 1: Create a Wallet Directory

First, create a secure directory to store the wallet files.

On Windows OS

mkdir C:\test1\wallets

On Linux

mkdir -p /u01/app/wallets
chmod 700 /u01/app/wallets

Best Practice:
Keep the wallet directory outside ORACLE_HOME and restrict permissions.

Step 2: Create the Oracle Wallet

Use the mkstore utility to create the wallet.

On Windows

mkstore -wrl C:\test1\wallets -create

On Linux

mkstore -wrl /u01/app/wallets -create

Example Output

Oracle Secret Store Tool Release 19.0.0.0.0 - Production
Version 19.3.0.0.0

Enter password:
Enter password again:

This password protects the wallet (ewallet.p12).

Step 3: Verify Wallet Files

After creation, verify the wallet directory.

Expected Files

  • ewallet.p12 → Password-protected wallet

  • cwallet.sso → Auto-login wallet (created automatically in most cases)

If cwallet.sso is missing, password-based wallet will still work, but DB startup may require manual wallet opening.

Step 4: Configure sqlnet.ora

Before editing, identify the active Oracle Network directory:

lsnrctl status

Look for:

Listener Parameter File
Listener Log File

Navigate to:

$ORACLE_HOME/network/admin

sqlnet.ora Configuration (Windows)

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = C:\test1\wallets)
)
)

sqlnet.ora Configuration (Linux)

SQLNET.WALLET_OVERRIDE = TRUE
SSL_CLIENT_AUTHENTICATION = FALSE
SSL_VERSION = 0

WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u01/app/wallets)
)
)

Ensure there are no syntax errors in sqlnet.ora.

Step 5: Create a Database User (Optional)

Connect as SYSDBA and create a common user (for CDB environments).

CREATE USER C##mir_wallets IDENTIFIED BY mirwallets;
GRANT CONNECT, RESOURCE TO C##mir_wallets;

Skip this step if the user already exists.

Step 6: Store Database Credentials in the Wallet

Store credentials securely using the TNS alias.

Syntax

mkstore -wrl <wallet_location> -createCredential <TNS_ALIAS> <DB_USER> <DB_PASSWORD>

Example (Windows)

mkstore -wrl C:\test1\wallets -createCredential ORCL C##mir_wallets mirwallets

Example (Linux)

mkstore -wrl /u01/app/wallets -createCredential ORCL C##mir_wallets mirwallets

Step 7: Verify Stored Credentials

mkstore -wrl /u01/app/wallets -listCredential

Expected output:

List credential (index: connect_string username)
1: ORCL C##mir_wallets

Step 8: Test Passwordless Connection

Connect using only the TNS alias:

sqlplus /@ORCL

If the connection succeeds, the wallet is working correctly.

Conclusion

Setting up an Oracle Wallet as an External Password Store using the mkstore utility in Oracle Database 19c and 21c is a critical step in adopting a more secure and efficient database management practice. By centralizing credentials in a protected wallet and leveraging the power of TNS aliases, you can eliminate plaintext passwords, enhance overall security posture, and streamline application deployment.

Explore more with Learnomate Technologies!

Want to see how we teach?
Head over to our YouTube channel for insights, tutorials, and tech breakdowns:
👉 www.youtube.com/@learnomate

To know more about our courses, offerings, and team:
Visit our official website:
👉 www.learnomate.org

Interested in mastering Oracle Database Administration?
Check out our comprehensive Oracle DBA Training program here:
👉https://learnomate.org/oracle-dba-training/ 

Want to explore more tech topics?
Check out our detailed blog posts here:
👉 https://learnomate.org/blogs/

And hey, I’d love to stay connected with you personally!
🔗 Let’s connect on LinkedIn: Ankush Thavali

Happy learning!

Ankush😎

GitHub–Databricks Integration Demonstration

Let's Talk

Find your desired career path with us!

Let's Talk

Find your desired career path with us!