Having a system consisting of two linked Oracle DBs, we currently have the password for the dblink stored in a table, in order to be able to change it (session issues) and to re-created the dblink in some weird cases.
Having a password in a table, however, is not a particularly good move from the security perspective. So are there any alternatives to this? Does Oracle allow safely storing the password in a keystore or vault or something? Can you create a dblink without actually retrieving the password?
Best Answer
Your real problem is not about storing the password in a table securely, but the need for repeatedly changing and recreating the dblink.
Yes, you can store a password in a wallet, and no, you will not be able to retrieve the actual password from the wallet.
To store a password securely in a table, you can encrypt it (e.g. with DBMS_CRYPTO) and store the encrypted value. The encryption key should be stored outside the database.
FYI: Oracle stores dblink passwords in a table, in an encrypted form. The encryption key is a constant (kind of) and decryption takes no time.
12c: https://mahmoudhatem.wordpress.com/2016/12/08/reverse-engineering-db-link-password-decryption-in-plsql/
11g: https://www.krenger.ch/blog/find-password-for-database-link/