Creating a Keychain Entry

The Terracotta client should have a keychain file with an entry for every Terracotta server in the cluster. The format for the entry uses the "tc" scheme:

tc://<client-username>@<host>:<tsa-port>

An entry for the server in the example configuration should look like:

tc://client1@172.16.254.1:9510

Use the keychain script in the Terracotta kit to add the entry:

tools/security/bin/keychain.sh -O clientKeychainFile 
tc://client1@172.16.254.1:9510

By default, the keychain file stores passwords using an obfuscation scheme, requiring the use of -O (hyphen capital letter O) with the keychain script for any operation on the file. To switch a more secure encryption-based scheme, see Using Encrypted Keychains.

If the keychain file does not already exist, use the -c flag to create it:

tools/security/bin/keychain.sh -O -c clientKeychainFile 
tc://client1@172.16.254.1:9510

You will be prompted to enter a client password to associate with the URI.

This entry in the client's keychain file serves as the key for the client's password and is provided to the server along with the client username ("client1" in the example). These credentials must match those in the server's .ini file or LDAP or Active Directory credentials.

The Terracotta client searches for the keychain file in the following locations:

• %(user.home)/.tc/mgmt/keychain

• %(user.dir)/keychain.tkc

• The path specified by the system property com.tc.security.keychain.url

Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Enter the password you wish to associate with this URL: 
Password for tc://client1@172.16.254.1:9510 successfully stored