Skip to Main Content
  • Questions

  • Best practices for keeping passwords hidden

Breadcrumb

Question and Answer

Thanks for the question.

Asked: February 12, 2019 - 9:20 pm UTC

Last updated: February 12, 2019 - 9:20 pm UTC

Version:

Viewed 1000+ times

You Asked

Can you recommend best practices for keeping passwords hidden in command lines for impdp/expdp, shell scripts etc.?

and we said...

Francois - the best way (if you can do it) is to not use a password at all - use an OPS$ (os authenticated) account to run the script.  If you need to run it remotely, then within the Oracle technology stack we use Secure External Password Store (SEPS) for this purpose. 

https://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf

Outside of our own technology, I've seen many customers using CyberArk's APIs to insert credential information into scripts and applications.


Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Data Pump

All of the database utilities including Data Pump are explained in the Utilities guide.