The terminal waits.
You type a command.
The link between GPG and SQL*Plus forms in seconds, encrypting what matters before it leaves your machine.
GPG (GNU Privacy Guard) is the proven way to secure data in transit and at rest. SQL*Plus is Oracle’s battle-tested CLI for managing databases. Used together, they let you run secure queries without exposing credentials or sensitive output. Engineers integrate GPG with SQL*Plus to encrypt scripts, store secrets safely, and protect exports before they hit disk or move across the network.
Start with GPG installed and keys generated. Protect your .sql files by encrypting them:
gpg --encrypt --recipient your.key@example.com script.sql
Only the intended private key can decrypt:
gpg --decrypt script.sql.gpg > script.sql
To feed an encrypted script into SQL*Plus, decrypt on the fly:
gpg --decrypt script.sql.gpg | sqlplus user@db
This ensures that plaintext scripts never persist on disk beyond execution. Combine it with NOLOG to avoid sensitive data leaking into logs. For automated jobs, pair GPG decryption with environment variables for credentials instead of embedding passwords in scripts.
Encrypted exports work in reverse. Pipe SQL*Plus output directly into GPG:
sqlplus user@db @export.sql | gpg --encrypt --recipient your.key@example.com > export.txt.gpg
Now your dump file is safe even if intercepted. This pattern is common in CI/CD pipelines, secure backups, and cross-team data transfers.
Performance overhead is minimal. Security gain is massive. GPG and SQL*Plus together prevent unauthorized access where it is most likely: in transit, on disk, and in source control.
Stop running plaintext queries. Secure your Oracle workflows at the CLI level with GPG and SQL*Plus. See it live in minutes at hoop.dev.