Loading...

XML

Word

Printable

Type: Task
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: AMQ 7.8.0.GA
Component/s: documentation
Labels:
- must-have

Story Points:
1
Blocked:
False
Ready:
False
GSS Priority:
Release Note Text:
Undefined
Target Release:

AMQ 7.11.0.GA
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

customer who is looking to encrypt amq credentials
actually amq credentials are base 64 encoded in secrets

But amq broker pod env are plain text and citing this as security concern and looking a way to encrypt

same like amqbroker/etc/user.properties is encrypted

// 2OBDUFjj = ENC(1024:1CB1F77E32E248B12CCB10F8991AD2EB93DD45E021105BA0DD777E5DD6AE1CE3:AAAEB451CDFE163C7FD96AA4A70CF7D35185BF41A8A3A6846283FA998299326035AE20A00CF10E326DF0C114EDE90FDCC21153944746CBABDA7BE161BE0E2C3E)

But when connected to broker pod then printenv command prints the credentials in plain text not in enc like in users.properties file

// sh-4.2$ printenv
AMQ_ANYCAST_PREFIX=
POD_NAMESPACE=
HOSTNAME=ex-aao-ss-0
AMQ_BROKER_OPERATOR_PORT_8383_TCP_PORT=8383
AB_JOLOKIA_AUTH_OPENSHIFT=true
KUBERNETES_PORT=tcp://172.30.0.1:443
KUBERNETES_PORT_443_TCP_PORT=443
TERM=xterm-256color
JBOSS_IMAGE_NAME=amq-broker-7/amq-broker-78-openshift
AMQ_BROKER_OPERATOR_PORT=tcp://172.30.128.248:8383
KUBERNETES_SERVICE_PORT=443
OLDPWD=/home/jboss/amq-broker
AMQ_GLOBAL_MAX_SIZE=100 mb
KUBERNETES_SERVICE_HOST=172.30.0.1
AMQ_ROLE=admin
AMQ_QUEUES=
AMQ_BROKER_OPERATOR_PORT_8383_TCP_PROTO=tcp
JBOSS_IMAGE_VERSION=7.8
AMQ_CLUSTERED=true
AMQ_BROKER_OPERATOR_SERVICE_HOST=172.30.128.248
AMQ_CLUSTER_USER=whxUE67e
JOLOKIA_VERSION=1.6.2
JBOSS_AMQ_VERSION=7.8.0
AMQ_ACCEPTORS=<acceptor name="scaleDown">tcp:\/\/ACCEPTOR_IP:61616?protocols=CORE;tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;useEpoll=true;amqpCredits=1000;amqpMinCredits=300<\/acceptor>
PRODUCT_VERSION=7.8.0
JBOSS_CONTAINER_AMQ_S2I_MODULE=/opt/jboss/container/amq/s2i
AB_JOLOKIA_HTTPS=true
JBOSS_PRODUCT=AMQ
AMQ_MULTICAST_PREFIX=
AMQ_HOME=/opt/amq
AMQ_REQUIRE_LOGIN=false
JAVA_VENDOR=openjdk
AMQ_CLUSTER_PASSWORD=SU6M0sCN
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
AMQ_PASSWORD=mSqv6coX
JBOSS_CONTAINER_S2I_CORE_MODULE=/opt/jboss/container/s2i/core/
AMQ_USER=2OBDUFjj
PWD=/home/jboss/amq-broker/etc
JAVA_HOME=/usr/lib/jvm/java-1.8.0
TRIGGERED_ROLL_COUNT=2
AMQ_EXTRA_ARGS=--no-autotune
JAVA_VERSION=1.8.0
AMQ_CONNECTORS=
JBOSS_CONTAINER_OPENJDK_JDK_MODULE=/opt/jboss/container/openjdk/jdk
AB_JOLOKIA_PASSWORD_RANDOM=true
JBOSS_CONTAINER_JOLOKIA_MODULE=/opt/jboss/container/jolokia
AMQ_NAME=amq-broker
AMQ_TRANSPORTS=
JBOSS_CONTAINER_JAVA_PROXY_MODULE=/opt/jboss/container/java/proxy
HOME=/home/jboss
SHLVL=2
S2I_SOURCE_DEPLOYMENTS_FILTER=*
KUBERNETES_PORT_443_TCP_PROTO=tcp
AMQ_BROKER_OPERATOR_SERVICE_PORT_METRICS=8383
KUBERNETES_SERVICE_PORT_HTTPS=443
AMQ_RESET_CONFIG=false
AMQ_BROKER_OPERATOR_PORT_8383_TCP=tcp://172.30.128.248:8383
JBOSS_CONTAINER_UTIL_LOGGING_MODULE=/opt/jboss/container/util/logging/
AMQ_JOURNAL_TYPE=nio
NSS_SDB_USE_CACHE=no
JBOSS_CONTAINER_JAVA_JVM_MODULE=/opt/jboss/container/java/jvm
AMQ_ADDRESSES=
AMQ_ENABLE_MANAGEMENT_RBAC=false
PING_SVC_NAME=ex-aao-ping-svc
KUBERNETES_PORT_443_TCP_ADDR=172.30.0.1
AMQ_ENABLE_JOLOKIA_AGENT=false
KUBERNETES_PORT_443_TCP=tcp://172.30.0.1:443
AMQ_BROKER_OPERATOR_PORT_8383_TCP_ADDR=172.30.128.248
container=oci
AMQ_BROKER_OPERATOR_SERVICE_PORT=8383
_=/usr/bin/printenv

clones

ENTMQBR-4468 Encrypting amq broker pod credentials from env variables

Closed

Assignee:: John Clifford

Reporter:: John Byrne (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021/02/09 7:32 AM

Updated:: 2023/03/06 2:25 PM

Resolved:: 2023/03/06 2:25 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates