bhardesty commented on a change in pull request #582: DISPATCH-1440 - Deprecated passwordFile attribute in sslProfile and m… URL: https://github.com/apache/qpid-dispatch/pull/582#discussion_r332134469
########## File path: docs/books/user-guide/configuration-security.adoc ########## @@ -133,7 +133,7 @@ For example: privateKeyFile: /qdrouterd/ssl_certs/router-key-pwd.pem ---- -`passwordFile` or `password`:: If the private key is password-protected, you must provide the password by either specifying the absolute path to a file containing the password that unlocks the certificate key, or entering the password directly in the configuration file. +`passwordFile` or `password`:: If the private key is password-protected, you must provide the password by either specifying the absolute path to a file containing the password that unlocks the certificate key, or entering the password directly in the configuration file. Entering the password directly in the configuration file is unsafe. passwordFile has been deprecated. Use password. Review comment: I know it's not obvious, but this file is an old version that is no longer published as part of the user guide. Instead of one, generic procedure for configuring an sslProfile, it's now included within the procedures for each scenario in which you would use an sslProfile (each of which would probably require a different sslProfile to be configured): Connecting routers together (i.e. inter-router): https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#securing-connections-between-routers-router Enabling encryption/authentication for incoming "normal" connections: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#enabling-ssl-tls-encryption-router Connecting securely to an external container with mutual TLS: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#connecting-using-mutual-ssl-tls-authentication-router Connecting securely to an external container with one-way TLS: https://qpid.apache.org/releases/qpid-dispatch-1.9.0/user-guide/index.html#connecting-using-one-way-ssl-tls-authentication-router For each of these instances of sslProfile, if appropriate to the scenario at hand, I would add the "password" attribute. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
