Heka supports signed messages so that it can be possible to send messages containing control commands into a running Heka server, and that server can know that the control message came from a trusted source. This is the method used by the `heka-sbmgr` command to inject sandboxes into a running Heka instance, provided that instance has been correctly configured to support this feature.
What do you want to use signed messages for? I haven't yet heard of a use case outside of the "control message" one that wouldn't be better handled by a different strategy, such as TLS with client certs. Anyway, the message signing is implemented in the stream framing (see http://hekad.readthedocs.org/en/dev/message/index.html#stream-framing). You can generate signed messages in Go code, by creating a MessageSigningConfig struct (https://github.com/mozilla-services/heka/blob/dev/message/message.go#L52) and passing that to the client package's NewProtobufEncoder function (https://github.com/mozilla-services/heka/blob/dev/client/encoders.go#L42). Any calls to EncodeMessageStream will then give you your message in a correctly signed frame. Unfortunately there's no support for doing this from within Heka right now. Any output can support using the Heka message framing during the encoding process (see `use_framing` option described here http://hekad.readthedocs.org/en/dev/config/outputs/index.html), but this always passes `nil` in as the signing config (https://github.com/mozilla-services/heka/blob/dev/pipeline/plugin_runners.go#L1616). It would technically be possible to add support for providing signing information in the TOML config so that encoded messages are signed, but, again, when you're dealing with an entire stream, there are more efficient (and more widely used) mechanisms for achieving security, so that's not at all high on our priority list. Anyway, hope this helps, -r On 07/30/2015 10:08 AM, Timur Batyrshin wrote:
Hi, Is there way for heka to emit signed messages? I’ve seen some references for that in client libraries but didn’t find anything in Heka docs. Thanks, Timur _______________________________________________ Heka mailing list [email protected] https://mail.mozilla.org/listinfo/heka
_______________________________________________ Heka mailing list [email protected] https://mail.mozilla.org/listinfo/heka
