Oracle Datapump dbms_datapump API - How to mask/hide encryption_password parameter

221 Views Asked by Muthu At 07 October 2022 at 03:07

I am trying to run an encrypted datapump export using the following options, please let me know how can we hide / mask the ENCRYPTION_PASSWORD which need to be provided in clear text , we don't use TDE or keystore wallet.

dbms_datapump.set_parameter(handle => h1, name =>'ENCRYPTION', value => 'ALL');
dbms_datapump.set_parameter(handle => h1, name =>'ENCRYPTION_PASSWORD', value => 'xxxxxxxxx');

Is it possible to declare a variable like V_PASSWORD and pull the ENCRYPTION_PASSWORD stored in the database?

Original Q&A

There are 1 best solutions below

Connor McDonald On 09 October 2022 at 23:38

You could store it in a table and access it via the code below

declare
  v_pass varchar2(100);
  ...
begin
  select password
  into   v_pass
  from   my_secure_table
  where  key = 'DATA_PUMP_PASSWORD';

  dbms_datapump.set_parameter(handle => h1, 
    name =>'ENCRYPTION_PASSWORD', 
    value => v_pass);
  
  ...
end;

but ultimately of course, you have really just shifted the key security problem to somewhere else, so you'd want to make sure you have strict controls over that table.

Oracle Datapump dbms_datapump API - How to mask/hide encryption_password parameter

There are 1 best solutions below

Related Questions in PLSQL

Related Questions in DATAPUMP

Trending Questions

Popular # Hahtags

Popular Questions