From 7c44f33a090f95b2cf394686049f67fc22fa39dd Mon Sep 17 00:00:00 2001
From: Robert Patrick <robert.patrick@oracle.com>
Date: Tue, 21 Mar 2023 12:57:31 -0500
Subject: [PATCH 1/2] adding -opss_wallet documentation

---
 .../content/userguide/database/connect-db.md  | 24 +++++++++++++++++++
 .../3.0/content/userguide/tools/create.md     |  1 +
 2 files changed, 25 insertions(+)

diff --git a/documentation/3.0/content/userguide/database/connect-db.md b/documentation/3.0/content/userguide/database/connect-db.md
index 2fb030af3..28e8c087c 100644
--- a/documentation/3.0/content/userguide/database/connect-db.md
+++ b/documentation/3.0/content/userguide/database/connect-db.md
@@ -31,6 +31,30 @@ WDT will use the information you provided in the command line or in the `RCUDbin
 For some advanced use cases, such as using an Oracle Active GridLink data source or Multi Data Sources, you can provide a sparse model of the data sources in a separate model file
 during domain creation.  See [Advance use cases](#advanced-jrf-database-use-cases).
 
+### Creating a new domain to connect to an existing RCU schema
+
+If you ever find a situation where your JRF domain home directory is corrupted or lost, it is possible to create a new
+domain home directory using the existing RCU schemas provided that you have previously exported the domain's encryption
+key into an Oracle wallet.  To export the encryption key into a wallet, use the OPSS WLST offline [exportEncryptionKey](https://docs.oracle.com/en/middleware/fusion-middleware/platform-security/12.2.1.4/idmcr/security_wlst.html#GUID-3EF2815D-45B9-46EE-A4D7-34A6841195DB)
+function.
+
+When you want to recreate the JRF domain home, you have two options:
+
+1. Use the Create Domain tool's `-opss_wallet <path-to-wallet-file>` argument and one of the following arguments to pass
+  the wallet passphrase:
+
+   - `-opss_wallet_passphrase_env <environment-variable-name>` - Simply pass the name of the environment variable to read
+     to get the wallet passphrase.
+   - `-opss_wallet_passphrase_file <path-to-file>` - Simply pass the file name for the file containing the wallet passphrase.
+
+2. Add the OPSS wallet to the archive file in the prescribed location (i.e., `wlsdeploy/opsswallet/`) using the Archive
+   Helper tool's `add opssWallet` command and then provide the passphrase in the `domainInfo` section's `OPSSSecrets` field.
+
+    ```yaml
+    domainInfo:
+        OPSSSecrets: MySecureOPSSWalletPassphrase
+    ```
+
 ### Access a database using a wallet
 
 When accessing a database, such as ATP or SSL, using a wallet, you need to obtain the wallet from your DBA and information about the database:
diff --git a/documentation/3.0/content/userguide/tools/create.md b/documentation/3.0/content/userguide/tools/create.md
index d79a9f894..b899bca9d 100644
--- a/documentation/3.0/content/userguide/tools/create.md
+++ b/documentation/3.0/content/userguide/tools/create.md
@@ -70,6 +70,7 @@ topology:
 | `-java_home` | The Java home to use for the new domain. If not specified, it defaults to the value of the `JAVA_HOME` environment variable. |    |
 | `-model_file` | The location of the model file.  This can also be specified as a comma-separated list of model locations, where each successive model layers on top of the previous ones. |    |
 | `-oracle_home` | Home directory of the Oracle WebLogic installation. Required if the `ORACLE_HOME` environment variable is not set.|    |
+| `-opss_wallet` | The location of the Oracle wallet containing the domain's encryption key required to reconnect to an existing set of RCU schemas. |    |
 | `-opss_wallet_passphrase_env` | An alternative to entering the OPSS wallet passphrase at a prompt. The value is an environment variable name that WDT will use to retrieve the passphrase. |    |
 | `-opss_wallet_passphrase_file` | An alternative to entering the OPSS wallet passphrase at a prompt. The value is the name of a file with a string value which WDT will read to retrieve the passphrase.
 | `-passphrase_env` | An alternative to entering the encryption passphrase at a prompt. The value is an environment variable name that WDT will use to retrieve the passphrase. |    |

From 7e92925e912f4284d360e68f2ab5d4c2490f6a8c Mon Sep 17 00:00:00 2001
From: Robert Patrick <robert.patrick@oracle.com>
Date: Tue, 21 Mar 2023 13:25:44 -0500
Subject: [PATCH 2/2] adding help output for -opss_wallet to the shell scripts

---
 installer/src/main/bin/createDomain.cmd | 5 +++++
 installer/src/main/bin/createDomain.sh  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/installer/src/main/bin/createDomain.cmd b/installer/src/main/bin/createDomain.cmd
index cf9df5665..3a0f28486 100644
--- a/installer/src/main/bin/createDomain.cmd
+++ b/installer/src/main/bin/createDomain.cmd
@@ -81,6 +81,7 @@ ECHO              [-archive_file ^<archive_file^>]
 ECHO              [-variable_file ^<variable_file^>]
 ECHO              [-passphrase_env ^<passphrase_env^>]
 ECHO              [-passphrase_file ^<passphrase_file^>]
+ECHO              [-opss_wallet] ^<opss_wallet_file^>]
 ECHO              [-opss_wallet_passphrase_env ^<opss_wallet_passphrase_env^>]
 ECHO              [-opss_wallet_passphrase_file ^<opss_wallet_passphrase_file^>]
 ECHO              [-wlst_path ^<wlst_path^>]
@@ -141,6 +142,10 @@ ECHO                           at a prompt. The value is the name of a file with
 ECHO                           string value which WDT will read to retrieve the
 ECHO                           passphrase.
 ECHO.
+ECHO         opss_wallet_file - The path to the Oracle wallet containing the domain
+ECHO                            encryption key to use to reconnect the new domain to
+ECHO                            the existing RCU schemas.
+ECHO.
 ECHO         opss_wallet_passphrase_env  - An alternative to entering the OPSS
 ECHO                           wallet passphrase at a prompt. The value is an
 ECHO                           ENVIRONMENT VARIABLE name that WDT will use to
diff --git a/installer/src/main/bin/createDomain.sh b/installer/src/main/bin/createDomain.sh
index f56d3586e..445cfa86e 100644
--- a/installer/src/main/bin/createDomain.sh
+++ b/installer/src/main/bin/createDomain.sh
@@ -40,6 +40,7 @@ usage() {
   echo "          [-java_home <java_home>]"
   echo "          [-archive_file <archive_file>]"
   echo "          [-variable_file <variable_file>]"
+  echo "          [-opss_wallet <opss_wallet_file>]"
   echo "          [-opss_wallet_passphrase_env <opss_wallet_passphrase_env>]"
   echo "          [-opss_wallet_passphrase_file <opss_wallet_passphrase_file>]"
   echo "          [-passphrase_env <passphrase_env>]"
@@ -102,6 +103,10 @@ usage() {
   echo "                          string value which WDT will read to retrieve the"
   echo "                          passphrase."
   echo ""
+  echo "        opss_wallet_file - The path to the Oracle wallet containing the domain"
+  echo "                           encryption key to use to reconnect the new domain to"
+  echo "                           the existing RCU schemas."
+  echg ""
   echo "        opss_wallet_passphrase_env - An alternative to entering the OPSS"
   echo "                          wallet passphrase at a prompt. The value is an"
   echo "                          ENVIRONMENT VARIABLE name that WDT will use to"