The following is required for server-to-client REST-agent authorization. Every node in the cluster must have the following entry in its keychain, all locked with the identical secret:

In addition, server-server REST-agent communication must also be authorized using a keychain entry with the following format:

Note that the value of <user> is specified in each server configuration's <security>/<auth>/<user> and is not related to the user running as process owner.

For example, to create an entry for server2 in server1's keychain, use:

Each server must have an entry for itself and an entry for each other server in the TSA.