Ganesh Murthy created DISPATCH-1440:
---------------------------------------
Summary: Deprecate the passwordFile field in sslProfile and
consolidate all password scenarios to use the password field
Key: DISPATCH-1440
URL: https://issues.apache.org/jira/browse/DISPATCH-1440
Project: Qpid Dispatch
Issue Type: Improvement
Components: Container
Affects Versions: 1.9.0
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
Deprecate the passwordFile field and consolidate all password scenarios to use
the password field. We will use the password options that
[openssl|https://www.openssl.org/docs/man1.1.1/man1/openssl.html] uses (see
Pass Phrase Options sections). Going forward, here are three ways to specify a
password in an sslProfile
{noformat}
sslProfile {
caCertFile: .....
certFile: .....
# Get the password from the environment variable TLS_SERVER_PASSWORD.
Note the env: prefix
password: env:TLS_SERVER_PASSWORD
OR
# Get the password from the absolute file path. Note the file: prefix
password: file:/home/tls/password-file.txt
OR
# Specify the actual password. Note the pass: prefix
password: pass:actual_password
} {noformat}
(We will not be supporting the openssl options fd: and stdin
While you can still specify the actual password in the password field using the
pass: prefix, which casual users might want to do, you are also able to specify
the file path or environment variable for more robust security.
This change will be backward compatible which means, you will still be able to
specify the actual password in the password field without the pass: prefix. The
"literal" prefix will continue to work as well. The passwordFile field will be
deprecated and eventually removed when we to a major version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
