How Can I Script Oracle Wallet Changes?
I use the Oracle wallet to store passwords for the databases I connect to. Our password policy requires us to change our passwords frequently enough that I would like to script the changes. I have a batch file that can change the database passwords themselves, but I would like to script the changes to the wallet as well. The problem is that a wallet password must be entered after calling mkstore and the password can't be passed as a parameter. Is there a way to script credential change开发者_开发知识库s in the wallet?
Get the passwd for the store thru echo, so you can script it.
echo "$passwd" |
echo "WalletPasswd" | mkstore -wrl . -listCredential
This will list the output,likewise commands for all mkstore, orapki will work
Here is a Powershell script I came up with. Requirements:
- PowerShell is installed.
- Scripting is enabled (
Set-ExecutionPolicy RemoteSigned
run as administrator). - The script is in c:\oracle\WalletCreator.
- Wasp.dll from Windows Automation Snapin for PowerShell is located in the script folder.
The wallet will be created in c:\oracle\Wallets. Here is the script.
Import-Module c:\oracle\WalletCreator\WASP.dll
$WalletCreated = 0
cls
Write-Host " " -foregroundcolor White -backgroundcolor DarkRed
Write-Host " Warning: This script will delete your current wallet. " -foregroundcolor White -backgroundcolor DarkRed
Write-Host " " -foregroundcolor White -backgroundcolor DarkRed
do {
#Get credentials
Write-Host " "
Write-Host " New Wallet Entry " -foregroundcolor White -backgroundcolor DarkGreen
Write-Host " To exit press return without entering anything. " -foregroundcolor White -backgroundcolor DarkGreen
$DB = Read-Host "Connection Name"
if ($DB -eq "") {
Return
}
$Username = Read-Host " Username"
if ($Username -eq "") {
Return
}
$Password = Read-Host -AsSecureString " Password"
#Convert from SecureString to String.
$BasicString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
$Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BasicString)
if ($Password -eq "") {
Return
}
if ($WalletCreated -eq 0) {
#Create folder in case it doesn't exist.
md c:\oracle\Wallets -Force | Out-Null
#Delete any wallet in the folder now.
del c:\oracle\Wallets\*.* | Out-Null
#Get GUID for wallet password.
$WalletPassword = [guid]::NewGuid().toString()
$WalletPassword = $WalletPassword + "`r"
#Create Wallet.
Start-Process -FilePath mkstore -ArgumentList "-wrl c:\oracle\Wallets\ -create"
Start-Sleep -Milliseconds 500
Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
Start-Sleep -Milliseconds 300
Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
$WalletCreated = 1
Start-Sleep -Milliseconds 1000
}
#Create Credential.
$CC = "-wrl c:\oracle\Wallets\ -createCredential " + $DB + " "
$CC = $CC + $Username + " " + $Password
Start-Process -FilePath mkstore -ArgumentList $CC
Start-Sleep -Milliseconds 300
Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
Start-Sleep -Milliseconds 1000
}
until ($DB -eq "")
With 11g at least:
orapki wallet change_pwd -wallet {wallet directory} \
-oldpwd {old password} -newpwd {new password}
I have not tested whether the passwords get obfuscated in the process line visible from a ps -fe|grep.
AutoHotKey Solution:
; CreateWallet.ahk
#NoEnv
SetWorkingDir %A_ScriptDir%
CoordMode, Mouse, Window
SendMode Input
#SingleInstance Force
SetTitleMatchMode 2
#WinActivateForce
SetControlDelay 1
SetWinDelay 0
SetKeyDelay -1
SetMouseDelay -1
SetBatchLines -1
Macro1:
Random, WalletPassword, 10000000000, 9999999999999999999999999
WalletPassword := WalletPassword "ExtraCharacters"
InputBox, Username, Username, Please enter your database username, , , , , , , , lriffel
InputBox, DatabasePassword, Database Password, Please enter the database password., HIDE
Run, c:\windows\system32\cmd.exe, c:\
Sleep, 500
Send, md c{:}\oracle\Wallet{enter}
Sleep, 200
Send, cd c{:}\oracle\Wallet{enter}
Sleep, 200
Send, del -s c{:}\oracle\Wallet\*.*{enter}
Sleep, 200
Send, Y{enter}
Sleep, 200
Send, mkstore -wrl c:\oracle\Wallet\ -create{enter}
Sleep, 200
Send, %WalletPassword%{enter}
Sleep, 200
Send, %WalletPassword%{enter}
Sleep, 200
Loop, Read, F:\Programs\CreateWallet\dbs.txt
{
WinHide, ahk_class ConsoleWindowClass
Sleep, 333
Send, mkstore -wrl c:\oracle\Wallet\ -createCredential %A_LoopReadLine% %Username% %DatabasePassword%{enter}
Send, %WalletPassword%{enter}
Sleep, 200
Send, cls{enter}
Sleep, 200
WinShow, ahk_class ConsoleWindowClass
Sleep, 550
}
Send, exit{enter}
MsgBox, 64, Wallet Created, Wallet Created
Return
; This script was created using Pulover's Macro Creator
; www.macrocreator.com
Windows piping from a file works. I put the wallet password on 2 separate lines so it works for creating the wallet as well as -createCredential:
set PW=\MySecureFolder\MyWalletPasswordOn2Lines.txt
mkstore -wrl . -create < %PW%
The script could, of course, prompt and create the file initially, and delete the file when done. Put it in an admin-only folder, in case the script terminates abnormally.
精彩评论