-
Task
-
Resolution: Won't Do
-
Major
-
None
-
AMQ 7.8.0.GA
-
1
-
False
-
False
-
-
Undefined
-
customer who is looking to encrypt amq credentials
actually amq credentials are base 64 encoded in secrets
But amq broker pod env are plain text and citing this as security concern and looking a way to encrypt
same like amqbroker/etc/user.properties is encrypted
// 2OBDUFjj = ENC(1024:1CB1F77E32E248B12CCB10F8991AD2EB93DD45E021105BA0DD777E5DD6AE1CE3:AAAEB451CDFE163C7FD96AA4A70CF7D35185BF41A8A3A6846283FA998299326035AE20A00CF10E326DF0C114EDE90FDCC21153944746CBABDA7BE161BE0E2C3E)
But when connected to broker pod then printenv command prints the credentials in plain text not in enc like in users.properties file
// sh-4.2$ printenv AMQ_ANYCAST_PREFIX= POD_NAMESPACE= HOSTNAME=ex-aao-ss-0 AMQ_BROKER_OPERATOR_PORT_8383_TCP_PORT=8383 AB_JOLOKIA_AUTH_OPENSHIFT=true KUBERNETES_PORT=tcp://172.30.0.1:443 KUBERNETES_PORT_443_TCP_PORT=443 TERM=xterm-256color JBOSS_IMAGE_NAME=amq-broker-7/amq-broker-78-openshift AMQ_BROKER_OPERATOR_PORT=tcp://172.30.128.248:8383 KUBERNETES_SERVICE_PORT=443 OLDPWD=/home/jboss/amq-broker AMQ_GLOBAL_MAX_SIZE=100 mb KUBERNETES_SERVICE_HOST=172.30.0.1 AMQ_ROLE=admin AMQ_QUEUES= AMQ_BROKER_OPERATOR_PORT_8383_TCP_PROTO=tcp JBOSS_IMAGE_VERSION=7.8 AMQ_CLUSTERED=true AMQ_BROKER_OPERATOR_SERVICE_HOST=172.30.128.248 AMQ_CLUSTER_USER=whxUE67e JOLOKIA_VERSION=1.6.2 JBOSS_AMQ_VERSION=7.8.0 AMQ_ACCEPTORS=<acceptor name="scaleDown">tcp:\/\/ACCEPTOR_IP:61616?protocols=CORE;tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true;amqpCredits=1000;amqpMinCredits=300<\/acceptor> PRODUCT_VERSION=7.8.0 JBOSS_CONTAINER_AMQ_S2I_MODULE=/opt/jboss/container/amq/s2i AB_JOLOKIA_HTTPS=true JBOSS_PRODUCT=AMQ AMQ_MULTICAST_PREFIX= AMQ_HOME=/opt/amq AMQ_REQUIRE_LOGIN=false JAVA_VENDOR=openjdk AMQ_CLUSTER_PASSWORD=SU6M0sCN PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin AMQ_PASSWORD=mSqv6coX JBOSS_CONTAINER_S2I_CORE_MODULE=/opt/jboss/container/s2i/core/ AMQ_USER=2OBDUFjj PWD=/home/jboss/amq-broker/etc JAVA_HOME=/usr/lib/jvm/java-1.8.0 TRIGGERED_ROLL_COUNT=2 AMQ_EXTRA_ARGS=--no-autotune JAVA_VERSION=1.8.0 AMQ_CONNECTORS= JBOSS_CONTAINER_OPENJDK_JDK_MODULE=/opt/jboss/container/openjdk/jdk AB_JOLOKIA_PASSWORD_RANDOM=true JBOSS_CONTAINER_JOLOKIA_MODULE=/opt/jboss/container/jolokia AMQ_NAME=amq-broker AMQ_TRANSPORTS= JBOSS_CONTAINER_JAVA_PROXY_MODULE=/opt/jboss/container/java/proxy HOME=/home/jboss SHLVL=2 S2I_SOURCE_DEPLOYMENTS_FILTER=* KUBERNETES_PORT_443_TCP_PROTO=tcp AMQ_BROKER_OPERATOR_SERVICE_PORT_METRICS=8383 KUBERNETES_SERVICE_PORT_HTTPS=443 AMQ_RESET_CONFIG=false AMQ_BROKER_OPERATOR_PORT_8383_TCP=tcp://172.30.128.248:8383 JBOSS_CONTAINER_UTIL_LOGGING_MODULE=/opt/jboss/container/util/logging/ AMQ_JOURNAL_TYPE=nio NSS_SDB_USE_CACHE=no JBOSS_CONTAINER_JAVA_JVM_MODULE=/opt/jboss/container/java/jvm AMQ_ADDRESSES= AMQ_ENABLE_MANAGEMENT_RBAC=false PING_SVC_NAME=ex-aao-ping-svc KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1 AMQ_ENABLE_JOLOKIA_AGENT=false KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443 AMQ_BROKER_OPERATOR_PORT_8383_TCP_ADDR=172.30.128.248 container=oci AMQ_BROKER_OPERATOR_SERVICE_PORT=8383 _=/usr/bin/printenv
- clones
-
ENTMQBR-4468 Encrypting amq broker pod credentials from env variables
- Closed