Configuring the Encrypted Client Keychain Files
For clients, set the secret provider with the following property:
com.terracotta.express.SecretProvider=
net.sf.ehcache.terracotta.security.ConsoleFetchingSecretProvider
Add entries to the keychain file as described in
Setting up the Server Keychain,
but avoid using the -O flag when using the keychain script.For example:
tools/security/bin/keychain.sh clientKeychainFile tc://client1@172.16.254.1:9510
When you run the keychain script, the following prompt should appear:
Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Open the keychain by entering its master key:
Enter the master key, then answer the prompts for the secret to be associated with the server URI:
Enter the password you wish to associate with this URL:
Password for tc://client1@172.16.254.1:9510 successfully stored
Note that the script does not verify the credentials or the server address.
If the keychain file does not already exist, use the -c flag to create it:
tools/security/bin/keychain.sh -c clientKeychainFile tc://client1@172.16.254.1:9510
If creating the keychain file, you will be prompted for a master password. To automate the entry of the master password, see
Clients Automatically Reading the Keychain Password.
The Terracotta client searches for the keychain file in the following locations:
%(user.home)/.tc/mgmt/keychain %(user.dir)/keychain.tkc The path specified by the system property
com.tc.security.keychain.url