BigMemory 4.4.0 | Product Documentation | BigMemory Max Security Guide | Using Encrypted Keychains | Configuring the Encrypted Client Keychain Files
 
Configuring the Encrypted Client Keychain Files
For clients, set the secret provider with the following property:
com.terracotta.express.SecretProvider=
net.sf.ehcache.terracotta.security.ConsoleFetchingSecretProvider
Add entries to the keychain file as described in Setting up the Server Keychain, but avoid using the -O flag when using the keychain script.
For example:
tools/security/bin/keychain.sh clientKeychainFile tc://client1@172.16.254.1:9510
When you run the keychain script, the following prompt should appear:
Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Open the keychain by entering its master key:
Enter the master key, then answer the prompts for the secret to be associated with the server URI:
Enter the password you wish to associate with this URL:
Password for tc://client1@172.16.254.1:9510 successfully stored
Note that the script does not verify the credentials or the server address.
If the keychain file does not already exist, use the -c flag to create it:
tools/security/bin/keychain.sh -c clientKeychainFile tc://client1@172.16.254.1:9510
If creating the keychain file, you will be prompted for a master password. To automate the entry of the master password, see Clients Automatically Reading the Keychain Password.
The Terracotta client searches for the keychain file in the following locations:
*%(user.home)/.tc/mgmt/keychain
*%(user.dir)/keychain.tkc
*The path specified by the system property com.tc.security.keychain.url