Hiding password in shell Scripts requires oracle connection.

Hiding password in shell Scripts requires oracle connection.


1. User identified externally

SQL> show parameter prefix

NAME TYPE VALUE
------------------------------------ ----------- -----
os_authent_prefix string OPS$
SQL>

SQL> create user ops$sandeep identified externally;
User created.
SQL>

User sandeep will be able to connect as
sqlplus /

You can use the OS user to connect to Database.

2. Use Oracle wallet.

Oracle gives us the option of using a secure external password store where the Oracle login credentials are stored in a client-side Oracle wallet. This allows scripts to contain connections using the "/@db_alias" syntax.

Create a wallet and wallet entry for database connection.
Identify the wallet location
set the wallet location as TNS_ADMIN
export TNS_ADMIN=
create the sqlnet.ora file
Create the tnsnames.ora file with the wallet entries

learn about mkstore to create wallet.


3. print password | sqlplus apps

4. Put the passwords in some OS file with 700 permissions. You can have you scripts read the password from script.
cat passfile.sh
MYLOGIN=username/password

cat myshell.sh
#!/usr/bin/ksh
ksh passfile.sh
sqlplus << EOF
$MYLOGIN
select sysdate from dual;
exit
EOF



Oracle Wallet is my favourite one out of these.