Skip to main content
Skip table of contents

Wallet location configuration

Oracle requires that the keystore location be specified to the database so that it can be accessed when reading from or writing to the database files. This location can be specified in 2 ways:

  1. The ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora.

  2. The wallet_root initialization parameter is available starting in Oracle 18c, while ENCRYPTION_WALLET_LOCATION is available in Oracle 12.2.

Starting with Oracle Database 23c, the parameter ENCRYPTION_WALLET_LOCATION is desupported per Oracle documentation.

Delphix supports both configurations for the appropriate releases (i.e. ENCRYPTION_WALLET_LOCATION only in 12.2, and both ENCRYPTION_WALLET_LOCATION and wallet_root in Oracle 18c+). When using ENCRYPTION_WALLET_LOCATION, Delphix recommends referencing an environment variable, for example:

Encryption wallet location for software-based keystore

CODE 
ENCRYPTION_WALLET_LOCATION=
 (SOURCE=
  (METHOD=FILE)
   (METHOD_DATA=
    (DIRECTORY=/u03/app/ora12201/admin/$ORACLE_UNQNAME/wallet/)))

As there is only one sqlnet.ora file found under $ORACLE_HOME, it will be used for all databases that use that home. Specifying an environment variable such as $ORACLE_UNQNAME allows a different location for each database in the same $ORACLE_HOME. Any environment variable referenced in sqlnet.ora must always be set in the environment for the Oracle user. Delphix explicitly sets only $ORACLE_HOME, $ORACLE_SID, and $ORACLE_UNQNAME in the connections which are established by the Delphix engine, so it is recommended that only these variables be referenced in sqlnet.ora. For a 12.2 TDE vPDB provision, Delphix creates a unique sqlnet.ora file for the use of the auxiliary database during the provision. For provisions to vCDB targets, Delphix will set the wallet_root parameter to a user-provided path for versions 18c or higher and will use the path in sqlnet.ora for version 12.2.

Encryption wallet location for OKV

  • Using sqlnet.ora

    CODE 
    ENCRYPTION_WALLET_LOCATION=
(SOURCE=
 (METHOD=OKV)
  (METHOD_DATA=
   (DIRECTORY=/u03/app/wallet/)))

  • Using WALLET_ROOT initialization parameter for Oracle 18c+

The WALLET_ROOT directory must be the parent directory of OKV_HOME.

The directory that will be defined as WALLET_ROOT must have the following sub-directories (in lowercase) for the database to auto-discover the correct keystore configuration:

  • /okv: The Oracle Key Vault client software is installed into this directory.

  • /tde: The TDE wallet (or the auto-open wallet for Oracle Key Vault) goes into this subdirectory.

For provisions to vCDB targets, Delphix Continuous Data Engine will set the WALLET_ROOT parameter to a parent directory of the user-specified OKV Home path for versions 18c or higher.

Encryption wallet location for HSM

  • Using sqlnet.ora

    CODE 
    ENCRYPTION_WALLET_LOCATION=
(SOURCE=
 (METHOD=HSM)
  (METHOD_DATA=
   (DIRECTORY=/u03/app/wallet/)))

  • Using the “WALLET_ROOT” initialization parameter for databases with Oracle 18c+

For provisions to the vCDB target, Delphix Continuous Data Engine will set the WALLET_ROOT parameter to a user-specified path for Oracle 18c or higher.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close