Hi Jo, yes it is correct, the broker admin password can be masked using the same way. An alternative to mask password could be to use the kubernetes secrets, see https://artemiscloud.io/documentation/operator/reference.html
Regards, Domenco On Fri, 6 May 2022 at 17:26, Jo De Troy <[email protected]> wrote: > Domenico, > > thanks again. > I guess the masking can also be done for the password the admin user of the > broker, correct? > > Regards, > Jo > > Op vr 6 mei 2022 om 16:57 schreef Domenico Francesco Bruscino < > [email protected]>: > > > Hi Jo, > > > > this is more a question for the ArtemisCloud.io community [1], I think > the > > passwords for the users in ActiveMQArtemisSecurity can be masked using > the > > mask command [2] but I have never tried, i.e. > > > > $ ./broker/bin/artemis mask --hash user > > result: > > > > > 1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562 > > > > spec: > > loginModules: > > propertiesLoginModules: > > - name: prop-module > > users: > > - name: userA > > roles: > > - roleA > > password: > > > > > "ENC(1024:C1475A2DBBCCC50D7EB75448555E408E99A71DA455E117552CD27FA57A0C864C:355874B12FB9ED6F2C9D4283A2072E99866EDAE1F9F0FD58A34AB441720BB4E070918EFE615E0C2276984EE674654BB856AE9257F1FB73A2ECAB6742B1789562)" > > > > [1] https://artemiscloud.io/community/ > > [2] > > > > > https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords > > > > Regards, > > Domenico > > > > On Fri, 6 May 2022 at 14:29, Jo De Troy <[email protected]> wrote: > > > > > Thanks Domenico > > > > > > Is there a possibility to encrypt/obfuscate the passwords for the > users > > in > > > kind: ActiveMQArtemisSecurity ? > > > Or can these be stored in an Openshift secret/Hashicorp Vault/... > > > > > > Best Regards, > > > Jo > > > > > > Op vr 6 mei 2022 om 11:30 schreef Domenico Francesco Bruscino < > > > [email protected]>: > > > > > > > Hi Jo, > > > > > > > > Apache ActiveMQ Artemis contains a flexible role-based security model > > for > > > > applying security to queues, based on their addresses, see the > > > > documentation [1] for further details. > > > > > > > > Suppose you have userA with the roleA that can only consume queueA > and > > > > userB with roleB that can only consume queueB: > > > > > > > > apiVersion: broker.amq.io/v1alpha1 > > > > kind: ActiveMQArtemisSecurity > > > > metadata: > > > > name: ex-prop > > > > spec: > > > > loginModules: > > > > propertiesLoginModules: > > > > - name: 'prop-module' > > > > users: > > > > - name: userA > > > > password: userA > > > > roles: > > > > - roleA > > > > - name: userB > > > > password: userB > > > > roles: > > > > - roleB > > > > securityDomains: > > > > brokerDomain: > > > > name: 'activemq' > > > > loginModules: > > > > - name: 'prop-module' > > > > flag: 'sufficient' > > > > securitySettings: > > > > broker: > > > > - match: 'queue1' > > > > permissions: > > > > - operationType: 'consume' > > > > roles: > > > > - roleA > > > > - match: 'queue2' > > > > permissions: > > > > - operationType: 'consume' > > > > roles: > > > > - roleB > > > > > > > > [1] > > > > > > > > > > > > > > https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses > > > > > > > > Regards, > > > > Domenico > > > > > > > > On Fri, 6 May 2022 at 10:37, Jo De Troy <[email protected]> > wrote: > > > > > > > > > Hello, > > > > > > > > > > I'm pretty new to the ActiveMQ (Artemis) world. > > > > > I was wondering if it's possible to define different users per > queue > > > when > > > > > using e.g. PropertiesLoginModule. > > > > > So userA would be able to only produce on queueA but not on queueB > > > > > Suppose you have a broker with a few 50 different queues you don't > > want > > > > all > > > > > clients to use the same credentials if they only need access to 1 > > > queue. > > > > > > > > > > If it's possible would there be an example I can find somewhere for > > > this > > > > > type of configuration? > > > > > I'm trying to use the ActiveMQ Artemis running on a container > > platform, > > > > so > > > > > the security config would hopefully be created by using the > > > > > ActiveMQArtemisSecurity CRD > > > > > > > > > > Best Regards, > > > > > Jo > > > > > > > > > > > > > > >
