Jean-Baptiste Onofré created AMQ-9752:
-----------------------------------------
Summary: Be able to read SSL keystore password from a file or env
variable
Key: AMQ-9752
URL: https://issues.apache.org/jira/browse/AMQ-9752
Project: ActiveMQ Classic
Issue Type: Improvement
Components: Security/JAAS
Reporter: Jean-Baptiste Onofré
Assignee: Jean-Baptiste Onofré
Fix For: 6.2.0, 6.1.8
Today, a classic way to setup SSL is to add the SSL context in the activemq.xml
like this:
{code:java}
<sslContext>
<sslContext keyStore="org/apache/activemq/security/broker1.ks"
keyStorePassword="password"
trustStore="org/apache/activemq/security/activemq-revoke.jks"
trustStorePassword="password"
crlPath="org/apache/activemq/security/activemq-revoke.crl"/>
</sslContext> {code}
The keyStorePassword and trustStorePassword have to be in clear (or we have to
use Jasypt encryption).
Jasypt encryption needs extra setup in the activemq.xml.
I'm proposing to simplify to deal with password in activemq.xml by having
"external" password placeholder, like keyStorePassword="file://foo" or
keyStorePassword="env:bar".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
