You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (Jira)" <ji...@apache.org> on 2019/10/04 14:58:00 UTC
[jira] [Created] (DISPATCH-1440) Deprecate the passwordFile field
in sslProfile and consolidate all password scenarios to use the password
field
Ganesh Murthy created DISPATCH-1440:
---------------------------------------
Summary: Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use the password field
Key: DISPATCH-1440
URL: https://issues.apache.org/jira/browse/DISPATCH-1440
Project: Qpid Dispatch
Issue Type: Improvement
Components: Container
Affects Versions: 1.9.0
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
Deprecate the passwordFile field and consolidate all password scenarios to use the password field. We will use the password options that [openssl|https://www.openssl.org/docs/man1.1.1/man1/openssl.html] uses (see Pass Phrase Options sections). Going forward, here are three ways to specify a password in an sslProfile
{noformat}
sslProfile {
caCertFile: .....
certFile: .....
# Get the password from the environment variable TLS_SERVER_PASSWORD. Note the env: prefix
password: env:TLS_SERVER_PASSWORD
OR
# Get the password from the absolute file path. Note the file: prefix
password: file:/home/tls/password-file.txt
OR
# Specify the actual password. Note the pass: prefix
password: pass:actual_password
} {noformat}
(We will not be supporting the openssl options fd: and stdin
While you can still specify the actual password in the password field using the pass: prefix, which casual users might want to do, you are also able to specify the file path or environment variable for more robust security.
This change will be backward compatible which means, you will still be able to specify the actual password in the password field without the pass: prefix. The "literal" prefix will continue to work as well. The passwordFile field will be deprecated and eventually removed when we to a major version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org