You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Ganesh Murthy (Jira)" <ji...@apache.org> on 2019/10/04 14:58:00 UTC

[jira] [Created] (DISPATCH-1440) Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use the password field

Ganesh Murthy created DISPATCH-1440:
---------------------------------------

             Summary: Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use  the password field
                 Key: DISPATCH-1440
                 URL: https://issues.apache.org/jira/browse/DISPATCH-1440
             Project: Qpid Dispatch
          Issue Type: Improvement
          Components: Container
    Affects Versions: 1.9.0
            Reporter: Ganesh Murthy
            Assignee: Ganesh Murthy


Deprecate the passwordFile field and consolidate all password scenarios to use  the password field. We will use the password options that [openssl|https://www.openssl.org/docs/man1.1.1/man1/openssl.html] uses (see Pass Phrase Options sections). Going forward, here are three ways to specify a password in an sslProfile
 
{noformat}
sslProfile {
     caCertFile: .....
      certFile: .....
      # Get the password from the environment variable TLS_SERVER_PASSWORD. Note the env: prefix
      password: env:TLS_SERVER_PASSWORD 
         OR
      # Get the password from the absolute file path. Note the file: prefix
      password: file:/home/tls/password-file.txt 
         OR
      # Specify the actual password. Note the pass: prefix
      password: pass:actual_password 
} {noformat}
(We will not be supporting the openssl options fd: and stdin 
 
 
While you can still specify the actual password in the password field using the pass: prefix, which casual users might want to do, you are also able to specify the file path or environment variable for more robust security.

This change will be backward compatible which means, you will still be able to specify the actual password in the password field without the pass: prefix. The "literal" prefix will continue to work as well. The passwordFile field will be deprecated and eventually removed when we to a major version.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org