You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by gt...@apache.org on 2022/12/08 15:04:34 UTC
[activemq-artemis] branch main updated: ARTEMIS-4042 - remove use of codec system property from scripts as env var can now be read directly
This is an automated email from the ASF dual-hosted git repository.
gtully pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new bfb33c7a26 ARTEMIS-4042 - remove use of codec system property from scripts as env var can now be read directly
bfb33c7a26 is described below
commit bfb33c7a26c6b6df0e95f65989aae198fa4119d8
Author: Gary Tully <ga...@gmail.com>
AuthorDate: Tue Dec 6 10:45:34 2022 +0000
ARTEMIS-4042 - remove use of codec system property from scripts as env var can now be read directly
---
.../org/apache/activemq/artemis/cli/commands/bin/artemis | 1 -
.../apache/activemq/artemis/cli/commands/bin/artemis.cmd | 1 -
docs/user-manual/en/masking-passwords.md | 13 ++++---------
tests/e2e-tests/src/main/resources/containerService/artemis | 1 -
.../servers/windowsUpgrade/bin/artemis.cmd | 1 -
5 files changed, 4 insertions(+), 13 deletions(-)
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis
index 0baaf170bc..9143e172d9 100755
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis
@@ -112,7 +112,6 @@ exec "$JAVACMD" \
-Djava.io.tmpdir="$ARTEMIS_INSTANCE/tmp" \
-Ddata.dir="$ARTEMIS_DATA_DIR" \
-Dartemis.instance.etc="$ARTEMIS_INSTANCE_ETC" \
- -Dartemis.default.sensitive.string.codec.key="$ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY" \
$DEBUG_ARGS \
$JAVA_ARGS_APPEND \
org.apache.activemq.artemis.boot.Artemis "$@"
diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis.cmd b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis.cmd
index 2ae3e3ee6f..3cf69bfc74 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis.cmd
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/bin/artemis.cmd
@@ -62,7 +62,6 @@ set JVM_ARGS=%JVM_ARGS% -Dartemis.home=%ARTEMIS_HOME%
set JVM_ARGS=%JVM_ARGS% -Dartemis.instance=%ARTEMIS_INSTANCE%
set JVM_ARGS=%JVM_ARGS% -Ddata.dir=%ARTEMIS_DATA_DIR%
set JVM_ARGS=%JVM_ARGS% -Dartemis.instance.etc=%ARTEMIS_INSTANCE_ETC%
-set JVM_ARGS=%JVM_ARGS% -Dartemis.default.sensitive.string.codec.key=%ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY%
if not "%DEBUG_ARGS%"=="" set JVM_ARGS=%JVM_ARGS% %DEBUG_ARGS%
if not "%$JAVA_ARGS_APPEND%"=="" set JVM_ARGS=%JVM_ARGS% %$JAVA_ARGS_APPEND%
diff --git a/docs/user-manual/en/masking-passwords.md b/docs/user-manual/en/masking-passwords.md
index c76c4d1c51..2f696f88c0 100644
--- a/docs/user-manual/en/masking-passwords.md
+++ b/docs/user-manual/en/masking-passwords.md
@@ -407,16 +407,11 @@ that key to unmask the password(s). Therefore, it is possible to supply your
masking, e.g. `boostrap.xml`, `login.config`, `management.xml`, etc. The
main drawback with this method is that the key will be stored in plain-text
in the configuration file(s).
- 2. Set the environment property `ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY`.
- This will be read by the startup script, set as a Java system property, and
- ultimately read by the default codec. The benefit of using this method is
- that the key is more obscure since it will not exist in any configuration
- file. It can be set immediately *before* the broker starts and then cleared
+ 2. Set the system property -Dartemis.default.sensitive.string.codec.key=myKey.
+ 3. Set the environment property `ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY`.
+ The benefit of using this method is that the key is more obscure since it will
+ not exist in any configuration file. It can be set immediately *before* the broker starts and then cleared
from the environment immediately *after* the broker finishes starting.
- 3. If expansion of the `ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY` environment
- variable to set the system property is a concern, modify the startup scripts
- to remove the system property assignment, the environment variable will then
- be read directly.
### Using a custom codec
diff --git a/tests/e2e-tests/src/main/resources/containerService/artemis b/tests/e2e-tests/src/main/resources/containerService/artemis
index c48fc130e6..1ab5e614d9 100755
--- a/tests/e2e-tests/src/main/resources/containerService/artemis
+++ b/tests/e2e-tests/src/main/resources/containerService/artemis
@@ -112,7 +112,6 @@ exec "$JAVACMD" \
-Djava.io.tmpdir="$ARTEMIS_INSTANCE/tmp" \
-Ddata.dir="$ARTEMIS_DATA_DIR" \
-Dartemis.instance.etc="$ARTEMIS_INSTANCE_ETC" \
- -Dartemis.default.sensitive.string.codec.key="$ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY" \
$DEBUG_ARGS \
$JAVA_ARGS_APPEND \
org.apache.activemq.artemis.boot.Artemis "$@"
diff --git a/tests/smoke-tests/src/main/filtered-resources/servers/windowsUpgrade/bin/artemis.cmd b/tests/smoke-tests/src/main/filtered-resources/servers/windowsUpgrade/bin/artemis.cmd
index 12b620620b..2ab9e37393 100644
--- a/tests/smoke-tests/src/main/filtered-resources/servers/windowsUpgrade/bin/artemis.cmd
+++ b/tests/smoke-tests/src/main/filtered-resources/servers/windowsUpgrade/bin/artemis.cmd
@@ -62,7 +62,6 @@ set JVM_ARGS=%JVM_ARGS% -Dartemis.home=%ARTEMIS_HOME%
set JVM_ARGS=%JVM_ARGS% -Dartemis.instance=%ARTEMIS_INSTANCE%
set JVM_ARGS=%JVM_ARGS% -Ddata.dir=%ARTEMIS_DATA_DIR%
set JVM_ARGS=%JVM_ARGS% -Dartemis.instance.etc=%ARTEMIS_INSTANCE_ETC%
-set JVM_ARGS=%JVM_ARGS% -Dartemis.default.sensitive.string.codec.key=%ARTEMIS_DEFAULT_SENSITIVE_STRING_CODEC_KEY%
if not "%DEBUG_ARGS%"=="" set JVM_ARGS=%JVM_ARGS% %DEBUG_ARGS%
if not "%$JAVA_ARGS_APPEND%"=="" set JVM_ARGS=%JVM_ARGS% %$JAVA_ARGS_APPEND%