Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-2830

Documentation: Ensure sensitive credentials are stored in kubernetes secrets

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • AMQ 7.5.0.GA
    • AMQ 7.3.0.GA, AMQ 7.4.0.CR2
    • documentation
    • None

      At the moment the statefulset for the broker stores the credentials for user/password in environment variables AMQ_USER, AMQ_PASSWORD and as well the cluster user/password in AMQ_CLUSTER_USER, AMQ_CLUSTER_PASSWORD combinations. These can easily be read in the clear in the 'Environment' itself or as exposed through the OpenShift web console.

      The model needs to be changed such that these values are stored encrypted in kubernetes secrets as per the keystore and truststores themselves. As well AMQ_KEYSTORE_PASSWORD and AMQ_TRUSTSTORE_PASSWORD should be evaluated for fit.

      This may necessitate a change have the passwords specified in the configuration xml and the masking turned on.

              jbyrne@redhat.com John Byrne (Inactive)
              jbyrne@redhat.com John Byrne (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: