Skip to content

Make it possible to specify encrypted values in rabbitmq conf #11989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 13, 2024
Merged

Make it possible to specify encrypted values in rabbitmq conf #11989

merged 6 commits into from
Aug 13, 2024

Conversation

michaelklishin
Copy link
Collaborator

This is an extension of an existent advanced.config feature:

default_user = bunnies-444
default_pass = encrypted:F/bjQkteQENB4rMUXFKdgsJEpYMXYLzBY/AmcYG83Tg8AOUwYP7Oa0Q33ooNEpK9
definitions.tls.cacertfile = /tmp/tls-gen/basic/result/ca_certificate.pem
definitions.tls.certfile   = /tmp/tls-gen/basic/result/client_sunnyside_certificate.pem
definitions.tls.keyfile    = /tmp/tls-gen/basic/result/client_sunnyside_key.pem
definitions.tls.password   = encrypted:0GhvdGjqQ/EAPqr27/PtLj04ikzC7p4IBmM6X7Vqk4fDJGrCnXf5VV4MTAOyPQV5

@michaelklishin
Initial encrypted value support for rabbitmq.conf
1c7e590 
This makes possible to specify an encrypted
value in rabbitmq.conf using a prefix.

For example, to specify a default user password
as an encrypted value:

``` ini
default_user = bunnies-444
default_pass = encrypted:F/bjQkteQENB4rMUXFKdgsJEpYMXYLzBY/AmcYG83Tg8AOUwYP7Oa0Q33ooNEpK9
```

``` erl
[
  {rabbit, [
      {config_entry_decoder, [
             {passphrase, <<"bunnies">>}
       ]}
    ]}
].
```
@michaelklishin
Secret encoding: refine CLI tools
c2fdd73 
'ctl encode' is unfortunately name and targets
advanced.config commands.

This introduce a command that targets 'rabbitmq.conf'
values and has a more specific name.

Eventually 'ctl encode' will be aliased and deprecated,
although we still do not have an aliasing mechanism
and it won't be in scope for 4.0.
@michaelklishin
More CLI commands for tagged values
e1490c6
@michaelklishin
Validation tests for the new command
9dc8994
@michaelklishin
Configuration value encryption CLI commands: unconditionally print st…
bd1e953 
…ack traces
@michaelklishin michaelklishin added this to the 4.0.0 milestone Aug 13, 2024
@michaelklishin michaelklishin merged commit dad09e6 into main Aug 13, 2024
199 checks passed
@michaelklishin michaelklishin deleted the mk-encrypted-values-in-rabbitmq-conf branch August 13, 2024 22:48
@michaelklishin michaelklishin mentioned this pull request Aug 14, 2024
Merged
michaelklishin added a commit that referenced this pull request Aug 14, 2024
@michaelklishin
Merge pull request #11992 from rabbitmq/mergify/bp/v4.0.x/pr-11989
90b8f8a 
Make it possible to specify encrypted values in rabbitmq conf (backport #11989)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.0.0
Development

Successfully merging this pull request may close these issues.
1 participant
@michaelklishin