Creating a keystore
In a shell on the database server
mkdir /opt/oracle/wallet
Then in an SQL prompt:
administer key management create keystore '/opt/oracle/wallet' identified by theWalletsSecret;
This command created the file ewallet.p12 in the wallet directory:
ls -l /opt/oracle/wallet
total 4
-rw------- 1 oracle oinstall 2555 Feb 17 09:17 ewallet.p12
TODO
administer key management set keystore open identified by …;
administer key management set key identified by … with backup;
The following command creates /opt/oracle/wallet/cwallet.sso:
administer key management create auto_login keystore from keystore '/opt/oracle/wallet' identified by theWalletsSecret;
administer key management create local auto_login keystore from keystore '/opt/oracle/wallet' identified by theWalletsSecret;
Change the keystore's password:
administer key management alter keystore password identified by theWalletsSecret set theWalletsNewSecret with backup using 'pwd_change';
Back up the keystore:
administer key management backup keystore using 'wallet-backup-of-2024-02-17' identified by theWalletsSecret;
As per MOS Note 2253348.1, a security officer should be given the SYSKM privilege rather than the SYSDBA - so that the security officer cannot execute alter system commands such as alter system set encryption key ….