Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-2830

Documentation: Ensure sensitive credentials are stored in kubernetes secrets

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Done
    • AMQ 7.3.0.GA, AMQ 7.4.0.CR2
    • AMQ 7.5.0.GA
    • documentation
    • None

    Description

      At the moment the statefulset for the broker stores the credentials for user/password in environment variables AMQ_USER, AMQ_PASSWORD and as well the cluster user/password in AMQ_CLUSTER_USER, AMQ_CLUSTER_PASSWORD combinations. These can easily be read in the clear in the 'Environment' itself or as exposed through the OpenShift web console.

      The model needs to be changed such that these values are stored encrypted in kubernetes secrets as per the keystore and truststores themselves. As well AMQ_KEYSTORE_PASSWORD and AMQ_TRUSTSTORE_PASSWORD should be evaluated for fit.

      This may necessitate a change have the passwords specified in the configuration xml and the masking turned on.

      Attachments

        Issue Links

          Activity

            People

              jbyrne@redhat.com John Byrne
              jbyrne@redhat.com John Byrne
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: