Configuring the Encrypted Client Keychain Files

Edit online

For clients, set the secret provider with the following property: 

com.terracotta.express.SecretProvider=
net.sf.ehcache.terracotta.security.ConsoleFetchingSecretProvider

Add entries to the keychain file as described in Setting up the Server Keychain, but avoid using the -O flag when using the keychain script.

For example: 

tools/security/bin/keychain.sh clientKeychainFile tc://client1@172.16.254.1:9510

When you run the keychain script, the following prompt should appear: 

Terracotta Management Console - Keychain Client
KeyChain file successfully created in clientKeychainFile
Open the keychain by entering its master key:

Enter the master key, then answer the prompts for the secret to be associated with the server URI: 

Enter the password you wish to associate with this URL: 
Password for tc://client1@172.16.254.1:9510 successfully stored

Note that the script does not verify the credentials or the server address.

If the keychain file does not already exist, use the -c flag to create it: 

tools/security/bin/keychain.sh -c clientKeychainFile tc://client1@172.16.254.1:9510

If creating the keychain file, you will be prompted for a master password. To automate the entry of the master password, see Clients Automatically Reading the Keychain Password.

The Terracotta client searches for the keychain file in the following locations:

  • %(user.home)/.tc/mgmt/keychain

  • %(user.dir)/keychain.tkc

  • The path specified by the system property com.tc.security.keychain.url