# Secure Credentials Vault

Secure Credentials Vault (SCV) lets you encrypt credentials the Horizon system uses. SCV uses a Java KeyStore (JKS) to store credentials in JKS format. SCV is enabled by default on Horizon.

A custom SCV password can be defined with the `org.opennms.features.scv.jceks.key` system property in the `${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties` file. The SCV keystore file is stored at `${OPENNMS_HOME}/etc/scv.jce`.

 The SCV password cannot be changed once it has credentials stored. The keystore file must be deleted and credentials re-added if you want to change the password from the default after the file has been created.

## Storing credentials in SCV

SCV entries are identified by an alias. For each alias, you can store `username`, `password`, and a set of key-value pair attributes. To access or add credentials, navigate to   Secure Credentials Vault.

## Accessing SCV entries

Access SCV entries from metadata with context `scv`.

${scv:juniper-vm:username} This metadata expression can access the username from the `juniper-vm` alias.${scv:juniper-vm:password}

This metadata expression can access the password from the `juniper-vm` alias.

${scv:juniper-vm:user1} This metadata expression can access the `user1` property from the `juniper-vm` alias.${scv:corp-directory:domain}

This metadata expression can access the `domain` property from the `corp-directory` alias.

## Karaf commands

You can update and access SCV entries from the Karaf shell.

``ssh -p 8101 admin@localhost``

Once in the shell, you can set credentials from the `scv-set` command as follows:

Set SCV entries
``````admin@opennms()> scv-set --help
DESCRIPTION
opennms:scv-set

Sets and securely store the credentials for the given alias.

SYNTAX

ARGUMENTS
alias
Alias used to retrieve the credentials.
(required)
(required)
(required)``````

You can also access SCV entries from the `scv-get` command as follows:

Get SCV entries
``````admin@opennms()> scv-get --help
DESCRIPTION
opennms:scv-get

Retrieves the username and attributes for the given alias.

SYNTAX
opennms:scv-get alias

ARGUMENTS
alias
Alias used to retrieve the credentials.
(required)``````