Skip to content

SYSTEM Cited by 1 source

Oracle Wallet

Oracle Wallet is Oracle's file-based credential store: a DBA-provisioned directory on disk containing encrypted connection credentials (username, password, and/or certificate) that an Oracle client uses in place of a plain-text username and password. It is the canonical enterprise-compliance alternative to embedding DB credentials directly in application configuration files or environment variables.

Stub page — canonical wiki home introduced by the 2026-04-09 Redpanda Connect Oracle CDC launch. Expand on future Oracle / Oracle Wallet sources.

Two wallet formats

  • cwallet.ssoauto-login wallet. Does not require a password at wallet-open time; the wallet file itself encodes the credential. Verbatim from the Redpanda launch post: "Auto- login wallets (cwallet.sso) do not need a password."
  • ewallet.p12PKCS#12 wallet. Password-protected at wallet-open time. In the Redpanda Connect oracledb_cdc connector, the password is supplied via the wallet_password config field, which the connector treats as secret: "It's treated as a secret field and will be redacted from logs and config dumps." (Source: sources/2026-04-09-redpanda-oracle-cdc-now-available-in-redpanda-connect)

Why regulated environments require it

  • No plain-text passwords on disk. Connection strings of the form oracle://user:password@host:1521/SID fail most security reviews in regulated verticals (finance, healthcare, government contractors).
  • DBA-provisioned credential ownership. Wallet provisioning is a DBA operation, not a developer operation — creates a separation of duties audit trail.
  • SSL is enabled automatically. When the client connects via wallet, SSL is used on the wire by default (no need to separately configure TLS).

Canonical verbatim framing

From the 2026-04-09 Redpanda launch post:

"Running Oracle in a regulated environment? There's a good chance that plain-text credentials in a connection string won't pass the security review. Oracle Wallet is the standard answer: a file-based credential store provisioned by the DBA that the client uses instead of a username and password."

"The kind of thing that makes security reviewers happy, auditors quiet, and nobody paging you at midnight about a credential in a log file."

Consumer canonicalised on the wiki

  • Redpanda Connect Oracle CDCwallet_path + optional wallet_password config fields. Canonical first wiki consumer of Oracle Wallet.

Composition with file-based credential store concept

Canonicalised on the wiki as an instance of concepts/file-based-credential-store — the compliance-grade compliance substrate where:

  • Credentials are stored on disk in a file the client reads.
  • The file is DBA-provisioned (separation of duties).
  • Password (if any) is supplied via a config field the consumer system treats as secret and redacts from logs.

Sibling compliance substrates on the wiki:

Oracle Wallet is specifically the file-based, long-lived credential-store substrate; FIPS modules handle the crypto layer; short-lived-credential auth is the rotating-credential alternative.

Undisclosed (not covered in the 2026-04-09 post)

  • Wallet rotation procedures.
  • Wallet-vs-Kerberos-vs-OCI_ATTR_USERNAME_LDAP comparison.
  • Wallet distribution (manual copy vs config-management vs secrets-manager-hydrated).
  • orapki tooling for creating wallets.
  • Expiry / reprovisioning mechanics.

Seen in

Last updated · 470 distilled / 1,213 read