Understanding App Credentials and Authentication
The ingress for any Kaleido node or service is TLS secured and requires basic access authentication to connect. Basic auth in Kaleido is handled by an environment and membership-specific resource referred to as application credentials. Application credentials are strongly generated username:password combinations and have a one-to-one binding with a membership in the consortia. They are strictly isolated to the environment in which they are created and can only be used to access a node/service owned by the same membership that created the credentials. Refer to the Kaleido Resource Model for more information on their object relationship. Refer to the End-to-End Sample Program with Private Transaction Support to see the programmatic syntax of application credentials against web3 client library APIs.
Kaleido does not store the credential password and instead uses salt hash verification on the back end to authenticate incoming calls to the network. As such, it is the user’s responsibility to secure these credentials or create their own scripts and lifecycle management procedures for sustained connection.