Domenico, thanks again. I guess the masking can also be done for the password the admin user of the broker, correct?
Regards, Jo Op vr 6 mei 2022 om 16:57 schreef Domenico Francesco Bruscino < [email protected]>: > Hi Jo, > > this is more a question for the ArtemisCloud.io community [1], I think the > passwords for the users in ActiveMQArtemisSecurity can be masked using the > mask command [2] but I have never tried, i.e. > > $ ./broker/bin/artemis mask --hash user > result: > > 1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562 > > spec: > loginModules: > propertiesLoginModules: > - name: prop-module > users: > - name: userA > roles: > - roleA > password: > > "ENC(1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562)" > > [1] https://artemiscloud.io/community/ > [2] > > https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords > > Regards, > Domenico > > On Fri, 6 May 2022 at 14:29, Jo De Troy <[email protected]> wrote: > > > Thanks Domenico > > > > Is there a possibility to encrypt/obfuscate the passwords for the users > in > > kind: ActiveMQArtemisSecurity ? > > Or can these be stored in an Openshift secret/Hashicorp Vault/... > > > > Best Regards, > > Jo > > > > Op vr 6 mei 2022 om 11:30 schreef Domenico Francesco Bruscino < > > [email protected]>: > > > > > Hi Jo, > > > > > > Apache ActiveMQ Artemis contains a flexible role-based security model > for > > > applying security to queues, based on their addresses, see the > > > documentation [1] for further details. > > > > > > Suppose you have userA with the roleA that can only consume queueA and > > > userB with roleB that can only consume queueB: > > > > > > apiVersion: broker.amq.io/v1alpha1 > > > kind: ActiveMQArtemisSecurity > > > metadata: > > > name: ex-prop > > > spec: > > > loginModules: > > > propertiesLoginModules: > > > - name: 'prop-module' > > > users: > > > - name: userA > > > password: userA > > > roles: > > > - roleA > > > - name: userB > > > password: userB > > > roles: > > > - roleB > > > securityDomains: > > > brokerDomain: > > > name: 'activemq' > > > loginModules: > > > - name: 'prop-module' > > > flag: 'sufficient' > > > securitySettings: > > > broker: > > > - match: 'queue1' > > > permissions: > > > - operationType: 'consume' > > > roles: > > > - roleA > > > - match: 'queue2' > > > permissions: > > > - operationType: 'consume' > > > roles: > > > - roleB > > > > > > [1] > > > > > > > > > https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses > > > > > > Regards, > > > Domenico > > > > > > On Fri, 6 May 2022 at 10:37, Jo De Troy <[email protected]> wrote: > > > > > > > Hello, > > > > > > > > I'm pretty new to the ActiveMQ (Artemis) world. > > > > I was wondering if it's possible to define different users per queue > > when > > > > using e.g. PropertiesLoginModule. > > > > So userA would be able to only produce on queueA but not on queueB > > > > Suppose you have a broker with a few 50 different queues you don't > want > > > all > > > > clients to use the same credentials if they only need access to 1 > > queue. > > > > > > > > If it's possible would there be an example I can find somewhere for > > this > > > > type of configuration? > > > > I'm trying to use the ActiveMQ Artemis running on a container > platform, > > > so > > > > the security config would hopefully be created by using the > > > > ActiveMQArtemisSecurity CRD > > > > > > > > Best Regards, > > > > Jo > > > > > > > > > >
