Database specific password wallet with 26ai client: the new SEPS_WALLET_LOCATION parameter
One inconvenient I had in the past with the usage of password wallets for Oracle users was their maintenance. With the years, there was just a lot of old entries. At the end you would do a script that would test all credentials and delete the ones which did not work or there was no more network alias equivalent.
In OCI, to connect to Autonomous Databases, there is since few years a possibility to have a wallet parameter defined at the network connection or tnsnames, using “(SECURITY=(wallet_location=/home/oracle/wallets/databases)))” – sometimes also seen using “my_wallet_directory”. But this only works for TLS connections and using certificates.
At my client I wanted to have a wallet per database, so that at the time of decommissioning, we just delete the whole wallet.
After looking around, I finally found out that using a 26ai client there are new parameters for the connection string and one of them is SEPS_WALLET_LOCATION, which allows to specify the location of the wallet for a specific entry.
This way I can do:
# My DB is ANJO_DB
$ echo $ORACLE_SID
ANJO_DB
# Create wallet
orapki wallet create -wallet $ORACLE_BASE/admin/$ORACLE_SID/wallet -pwd <wallet_pwd> -auto_login_local
# Add credential
orapki secretstore create_credential -wallet $ORACLE_BASE/admin/$ORACLE_SID/wallet -pwd <wallet_pwd> -connect_string $ORACLE_SID -username sys -password <sys_pwd>
# Add the wallet location in tnsnames
$ grep $ORACLE_SID $TNS_ADMIN/tnsnames.ora
ANJO_DB = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=anjovm1)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ANJO_DB.WSL.HOME))(security=(SEPS_WALLET_LOCATION=/u00/app/oracle/admin/ANJO_DB/wallet)))
# Check with tnsping
tnsping ANJO_DB
TNS Ping Utility for Linux: Version 23.26.2.0.0 - Production on 30-JUN-2026 14:10:10
Copyright (c) 1997, 2026, Oracle. All rights reserved.
Used parameter files:
/u00/app/oracle/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=anjovm1)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ANJO_DB.WSL.HOME))(security=(SEPS_WALLET_LOCATION=/u00/app/oracle/admin/ANJO_DB/wallet)))
OK (10 msec)
# Connect
$ sqlplus /@ANJO_DB
SQL*Plus: Release 23.26.2.0.0 - Production on Tue Jun 30 14:11:40 2026
Version 23.26.2.0.0
Copyright (c) 1982, 2026, Oracle. All rights reserved.
Last Successful login time: Tue Jun 30 2026 13:52:44 +02:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.30.0.0.0
SQL>
The documentation about this and other new elements of the tnsnames.ora file in Oracle 26ai are at https://docs.oracle.com/en/database/oracle/oracle-database/26/netrf/local-naming-parameters-in-tns-ora-file.html

