{"id":1165,"date":"2026-06-30T14:14:52","date_gmt":"2026-06-30T12:14:52","guid":{"rendered":"https:\/\/anjo.pt\/keyword-oracle\/?p=1165"},"modified":"2026-06-30T14:14:52","modified_gmt":"2026-06-30T12:14:52","slug":"database-specific-password-wallet-with-26ai-client-the-new-seps_wallet_location-parameter","status":"publish","type":"post","link":"https:\/\/anjo.pt\/keyword-oracle\/2026\/06\/30\/database-specific-password-wallet-with-26ai-client-the-new-seps_wallet_location-parameter\/","title":{"rendered":"Database specific password wallet with 26ai client: the new SEPS_WALLET_LOCATION parameter"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">One inconvenient I had in the past with the usage of password wallets for Oracle users was their maintenance. With the years, there was just a lot of old entries. At the end you would do a script that would test all credentials and delete the ones which did not work or there was no more network alias equivalent.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In OCI, to connect to Autonomous Databases, there is since few years a possibility to have a wallet parameter defined at the network connection or tnsnames, using &#8220;(SECURITY=(wallet_location=\/home\/oracle\/wallets\/databases)))&#8221; &#8211; sometimes also seen using &#8220;my_wallet_directory&#8221;. But this only works for TLS connections and using certificates.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">At my client I wanted to have a wallet per database, so that at the time of  decommissioning, we just delete the whole wallet.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">After looking around, I finally found out that using a 26ai client there are new parameters for the connection string and one of them is SEPS_WALLET_LOCATION, which allows to specify the location of the wallet for a specific entry.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This way I can do:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># My DB is ANJO_DB\n$ echo $ORACLE_SID\nANJO_DB\n\n# Create wallet\norapki wallet create -wallet $ORACLE_BASE\/admin\/$ORACLE_SID\/wallet -pwd &lt;wallet_pwd> -auto_login_local\n\n# Add credential\norapki secretstore create_credential -wallet $ORACLE_BASE\/admin\/$ORACLE_SID\/wallet -pwd &lt;wallet_pwd> -connect_string $ORACLE_SID -username sys -password &lt;sys_pwd>\n\n# Add the wallet location in tnsnames\n$ grep $ORACLE_SID $TNS_ADMIN\/tnsnames.ora\nANJO_DB = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=anjovm1)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ANJO_DB.WSL.HOME))(security=(SEPS_WALLET_LOCATION=\/u00\/app\/oracle\/admin\/ANJO_DB\/wallet)))\n\n# Check with tnsping\ntnsping ANJO_DB\n\nTNS Ping Utility for Linux: Version 23.26.2.0.0 - Production on 30-JUN-2026 14:10:10\n\nCopyright (c) 1997, 2026, Oracle.  All rights reserved.\n\nUsed parameter files:\n\/u00\/app\/oracle\/network\/admin\/sqlnet.ora\n\nUsed TNSNAMES adapter to resolve the alias\nAttempting to contact (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=anjovm1)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ANJO_DB.WSL.HOME))(security=(SEPS_WALLET_LOCATION=\/u00\/app\/oracle\/admin\/ANJO_DB\/wallet)))\nOK (10 msec)\n\n# Connect\n$ sqlplus \/@ANJO_DB\nSQL*Plus: Release 23.26.2.0.0 - Production on Tue Jun 30 14:11:40 2026\nVersion 23.26.2.0.0\n\nCopyright (c) 1982, 2026, Oracle.  All rights reserved.\n\nLast Successful login time: Tue Jun 30 2026 13:52:44 +02:00\n\nConnected to:\nOracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production\nVersion 19.30.0.0.0\n\nSQL>\n\n<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">The documentation about this and other new elements of the tnsnames.ora file in Oracle 26ai are at <a href=\"https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/26\/netrf\/local-naming-parameters-in-tns-ora-file.html\">https:\/\/docs.oracle.com\/en\/database\/oracle\/oracle-database\/26\/netrf\/local-naming-parameters-in-tns-ora-file.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One inconvenient I had in the past with the usage of password wallets for Oracle users was their maintenance. With the years, there was just a lot of old entries. At the end you would do a script that would test all credentials and delete the ones which did not work or there was no [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[90,9],"tags":[],"class_list":["post-1165","post","type-post","status-publish","format-standard","category-oracle-ai-26ai","category-security","czr-hentry"],"_links":{"self":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/comments?post=1165"}],"version-history":[{"count":1,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1165\/revisions"}],"predecessor-version":[{"id":1166,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1165\/revisions\/1166"}],"wp:attachment":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/media?parent=1165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/categories?post=1165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/tags?post=1165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}