oracle-databasebatch-filesqlpluswindows-scriptingoracle11gr2

How Can I Script Oracle Wallet Changes?

I use the Oracle wallet to store passwords for the databases I connect to. Our password policy requires us to change our passwords frequently enough that I would like to script the changes. I have a batch file that can change the database passwords themselves, but I would like to script the changes to the wallet as well. The problem is that a wallet password must be entered after calling mkstore and the password can't be passed as a parameter. Is there a way to script credential changes in the wallet?

Solution

  • Here is a Powershell script I came up with. Requirements:

    1. PowerShell is installed.
    2. Scripting is enabled (Set-ExecutionPolicy RemoteSigned run as administrator).
    3. The script is in c:\oracle\WalletCreator.
    4. Wasp.dll from Windows Automation Snapin for PowerShell is located in the script folder.

    The wallet will be created in c:\oracle\Wallets. Here is the script.

    Import-Module c:\oracle\WalletCreator\WASP.dll

$WalletCreated = 0

cls
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "   Warning: This script will delete your current wallet.   " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed

do {
    #Get credentials
    Write-Host " " 
    Write-Host " New Wallet Entry                                          " -foregroundcolor White -backgroundcolor DarkGreen
    Write-Host "    To exit press return without entering anything.        " -foregroundcolor White -backgroundcolor DarkGreen
    $DB = Read-Host "Connection Name"
    if ($DB -eq "") {
       Return
    }
    $Username = Read-Host "       Username"
    if ($Username -eq "") {
       Return
    }
    $Password = Read-Host -AsSecureString "       Password" 

    #Convert from SecureString to String.
    $BasicString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
    $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BasicString)
    if ($Password -eq "") {
       Return
    }

    if ($WalletCreated -eq 0) {
        #Create folder in case it doesn't exist.
        md c:\oracle\Wallets -Force | Out-Null

        #Delete any wallet in the folder now.
        del c:\oracle\Wallets\*.* | Out-Null

        #Get GUID for wallet password.
        $WalletPassword = [guid]::NewGuid().toString()
        $WalletPassword = $WalletPassword + "`r"

        #Create Wallet.
        Start-Process -FilePath mkstore -ArgumentList "-wrl c:\oracle\Wallets\ -create"
        Start-Sleep -Milliseconds 500
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
        Start-Sleep -Milliseconds 300
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword

        $WalletCreated = 1
        Start-Sleep -Milliseconds 1000
    }

    #Create Credential.
    $CC = "-wrl c:\oracle\Wallets\ -createCredential " + $DB + " " 
    $CC = $CC + $Username + " " + $Password
    Start-Process -FilePath mkstore -ArgumentList $CC
    Start-Sleep -Milliseconds 300
    Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
    Start-Sleep -Milliseconds 1000
} 
until ($DB -eq "")