Creating and Configuring Wallets with OraPKI (Without Needing the Full Oracle Client)

Valter Zanchetti FilhoValter Zanchetti Filho
2 min read

I’ve often needed to deal with wallets in the database without having SSH access. So, to use mkstore or orapki locally, I had two main options: either download a database version and install it on a VM or local machine, or download and install the full Oracle client—which I didn’t need for anything else. I wanted a more practical and accessible approach, where I could place orapki on my Google Drive and use it from my work PC, home PC, and laptop.

After some web research, I found these two articles that explain how to use the .jar files from SQLcl to run orapki without having to install the full client:

https://ogobrecht.com/posts/2020-07-29-how-to-use-mkstore-and-orapki-with-oracle-instant-client/

https://andriydmytrenko.wordpress.com/2013/07/01/using-the-secure-external-password-store-with-instant-client/

Vamos seguir esses passos.

  1. Download SQLcl, the lightest Oracle tool I found that includes the required .jar files.

  2. Extract it into any folder you prefer.

  3. Create a file named orapki.bat with the following content:

@echo off
rem inspiration: https://andriydmytrenko.wordpress.com/2013/07/01/using-the-secure-external-password-store-with-instant-client/

setlocal

rem get the command line arguments
set args=
:loop
  if !%1==! goto :done
  set args=%args% %1
  shift
  goto :loop
:done

rem set classpath for orapki - align this to your local SQLcl installation
set sqlcl="G:\Meu Drive\Aplicativos\SQLcl\25.1.0.101.2353\lib"
set classpath=%sqlcl%\oraclepki.jar
set classpath=%classpath%;%sqlcl%\osdt_core.jar
set classpath=%classpath%;%sqlcl%\osdt_cert.jar

rem simulate orapki command
java -classpath %classpath% oracle.security.pki.textui.OraclePKITextUI %args%

endlocal

Replace the line set sqlcl="G:\Meu Drive\Aplicativos\SQLcl\25.1.0.101.2353\lib" with your actual SQLcl path.

Done! You can now use orapki without installing the full Oracle client.

Note: If you're on macOS or Linux, you can create these scripts instead:

mkstore:

#!/bin/bash
# set classpath for mkstore - align this to your local SQLcl installation
SQLCL=$(dirname $(which sql))/../lib
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate mkstore command
java -classpath ${CLASSPATH} oracle.security.pki.OracleSecretStoreTextUI  "$@"

orapki:

#!/bin/bash
# set classpath for orapki - align this to your local SQLcl installation
SQLCL=$(dirname $(which sql))/../lib
CLASSPATH=${SQLCL}/oraclepki.jar:${SQLCL}/osdt_core.jar:${SQLCL}/osdt_cert.jar
# simulate orapki command
java -cl
0
Subscribe to my newsletter

Read articles from Valter Zanchetti Filho directly inside your inbox. Subscribe to the newsletter, and don't miss out.

orapkiOracle Database

Written by

Valter Zanchetti Filho
Valter Zanchetti Filho