Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-2629

Ensure sensitive credentials are stored in kubernetes secrets

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • 7.5.0.CR2
    • AMQ 7.3.0.GA, AMQ 7.4.0.CR2
    • container image, operator
    • None
    • AMQ Sprint 3219, AMQ Sprint 3519

    Description

      At the moment the statefulset for the broker stores the credentials for user/password in environment variables AMQ_USER, AMQ_PASSWORD and as well the cluster user/password in AMQ_CLUSTER_USER, AMQ_CLUSTER_PASSWORD combinations. These can easily be read in the clear in the 'Environment' itself or as exposed through the OpenShift web console.

      The model needs to be changed such that these values are stored encrypted in kubernetes secrets as per the keystore and truststores themselves. As well AMQ_KEYSTORE_PASSWORD and AMQ_TRUSTSTORE_PASSWORD should be evaluated for fit.

      This may necessitate a change have the passwords specified in the configuration xml and the masking turned on.

      Attachments

        Issue Links

          causes

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-3712 AMQ 7.7 SSL template: Keystore was tampered with, or password was incorrect

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Task - Represents a small unit of work that is not end-user facing. ENTMQBR-2830 Documentation: Ensure sensitive credentials are stored in kubernetes secrets

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ENTMQBR-2628 Ensure sensitive credentials are not logged in plain text

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              gaohoward Howard Gao
              rhn-support-rkieley Roderick Kieley
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: