Oracle Wallet is used to store configuration information for secure connections to Oracle databases.

Liquibase Enterprise supports secure connections (SSL) to Oracle databases through Oracle Wallet. This page describes the process:

Have the correct version of the Oracle JDBC driver installed. The driver supplied with Liquibase Enterprise versions 5.7.5665 (or higher) was updated to support Oracle Wallet.
Set up required configuration files and environment variables.

Note

Liquibase Enterprise uses Oracle Wallet for certificates only. You specify a user and password for the connection separately when creating the connection to the database in each DbDef.

See Oracle Wallet documentation maintained by Oracle Corporation.

Prerequisite: Oracle Wallet Installed and Configured

These instructions assume that you have done the following:

Installed Oracle Wallet with your Oracle database and understand its use
Created certificates and placed them in the Oracle Wallet on the server and the client
Know the file location of the Oracle Wallet folder on the client

1. Create a Directory for Oracle Wallet Files

Create a directory on the host where you run Liquibase Enterprise to use for the wallet file and Oracle configuration files.

The example places it in the oracle_wallet directory under the <project> directory in the default location for Liquibase Enterprise projects. If Oracle is installed on the host, another common location might be $ORACLE_HOME/network/admin.

Linux

/datical/oracle_wallet

Windows

C:\datical\oracle_wallet

2. Add Configuration Files to the Oracle Wallet Directory

File	Desription
`ojdbc.properties`	Oracle database driver configuration file.
`cwallet.sso`	Oracle wallet file. Copy this file from the Oracle database server. Here is some more information about How To: Generate the cwallet.sso file and Load SSL Certificates from Liquibase Enterprise Knowledge base.
`sqlnet.ora`	Profile configuration file for the Oracle database client. Copy this file from the Oracle database server.
`tnsnames.ora`	Configuration file that maps net service names to connect descriptors. Copy this file from the Oracle database server.

2a. Add Wallet Location to ojdbc.properties

Add the following line to the ojdbc.properties file. The driver uses this property to access the other files.

Linux

oracle.net.wallet_location=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/datical/oracle_wallet)))

Windows

oracle.net.wallet_location=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=C:\\datical\\oracle_wallet)))

2b. Add Service Name to tnsnames.ora

Add the following section to tnsnames.ora. Substitute values for these tokens:

<oracledb-hostname> - the host name of the machine (or VM or AWS instance) where Oracle is running
<oracledb-port> - the port configured to use SSL by the listener on the database server. Default is 2484.
<oracledb-servicename> - the host name of the machine (or VM or AWS instance) where the Oracle database server is running. If using a SID to connect, specify it instead.

In the following example, the section is named ORA_AWS. You may name it as you wish. Use this name for the TNS Alias setting in Liquibase Enterprise projects.

ORA_AWS = 
(DESCRIPTION = 
   (ADDRESS = 
      (PROTOCOL = TCPS)
      (HOST = <oracledb-hostname>)
      (PORT = <oracledb-port>)
   )
   (CONNECT_DATA = 
      (SERVER = DEDICATED)
      (SERVICE_NAME = <oracledb-servicename>)
   )
)

3. Set TNS_ADMIN to Point to the Configuration Files Directory

On the host where Liquibase Enterprise is running, set the TNS_ADMIN environment variable to the directory containing the configuration files.

set TNS_ADMIN = /datical/oracle_wallet/

4. Set Up Liquibase Enterprise Projects to Use Oracle Wallet

When you create a DbDef in a project and choose Oracle as the database type, you set the following property:

Connection Type - Choose TNSNAMES/LDAP
TNS Alias - Specifies the service name in tnsnames.ora that contains configuration information for the connection.

See also Oracle Database Step Settings in Configuring Step Settings (DbDefs).

5. Test the Configuration