[jira] [Commented] (DISPATCH-1440) Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use the password field

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/DISPATCH-1440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16947852#comment-16947852
 ] 

ASF subversion and git services commented on DISPATCH-1440:
-----------------------------------------------------------

Commit 7bcd40aec8bb059e1ea200c7b126635ba0903139 in qpid-dispatch's branch 
refs/heads/master from Ganesh Murthy
[ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=7bcd40a ]

DISPATCH-1440 - Deprecated passwordFile attribute in sslProfile and modified 
the password field to accept openssl style prefixes. This closes #582.


> Deprecate the passwordFile field in sslProfile and consolidate all password 
> scenarios to use  the password field
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: DISPATCH-1440
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1440
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Container
>    Affects Versions: 1.9.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>            Priority: Major
>
> Deprecate the passwordFile field and consolidate all password scenarios to 
> use  the password field. We will use the password options that 
> [openssl|https://www.openssl.org/docs/man1.1.1/man1/openssl.html] uses (see 
> Pass Phrase Options sections). Going forward, here are three ways to specify 
> a password in an sslProfile
>  
> {noformat}
> sslProfile {
>      caCertFile: .....
>       certFile: .....
>       # Get the password from the environment variable TLS_SERVER_PASSWORD. 
> Note the env: prefix
>       password: env:TLS_SERVER_PASSWORD 
>          OR
>       # Get the password from the absolute file path. Note the file: prefix
>       password: file:/home/tls/password-file.txt 
>          OR
>       # Specify the actual password. Note the pass: prefix
>       password: pass:actual_password 
> } {noformat}
> (We will not be supporting the openssl options fd: and stdin 
>  
>  
> While you can still specify the actual password in the password field using 
> the pass: prefix, which casual users might want to do, you are also able to 
> specify the file path or environment variable for more robust security.
> This change will be backward compatible which means, you will still be able 
> to specify the actual password in the password field without the pass: 
> prefix. The "literal" prefix will continue to work as well. The passwordFile 
> field will be deprecated and eventually removed when we to a major version.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org