You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by bu...@apache.org on 2014/08/21 12:20:41 UTC
svn commit: r920020 - in /websites/production/activemq/content:
cache/main.pageCache encrypted-passwords.html
Author: buildbot
Date: Thu Aug 21 10:20:40 2014
New Revision: 920020
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/encrypted-passwords.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/encrypted-passwords.html
==============================================================================
--- websites/production/activemq/content/encrypted-passwords.html (original)
+++ websites/production/activemq/content/encrypted-passwords.html Thu Aug 21 10:20:40 2014
@@ -81,39 +81,22 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt your passwords and safely store them in configuration files. To encrypt the password, you can use the newly added <code>encrypt</code> command like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt your passwords and safely store them in configuration files. To encrypt the password, you can use the newly added <code>encrypt</code> command like:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$ bin/activemq encrypt --password activemq --input mypassword
...
Encrypted text: eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp]]></script>
-</div></div>
-
-<p>Where the password you want to encrypt is passed with the <code>input</code> argument, while the <code>password</code> argument is a secret used by the encryptor.<br clear="none">
-In a similar fashion you can test-out your passwords like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>Where the password you want to encrypt is passed with the <code>input</code> argument, while the <code>password</code> argument is a secret used by the encryptor. In a similar fashion you can test-out your passwords like:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$ bin/activemq decrypt --password activemq --input eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
...
Decrypted text: mypassword]]></script>
-</div></div>
-
-<p>The next step is to add the password to the appropriate configuration file, <code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p><strong>Note:</strong> It is recommended that you use only alphanumeric characters for the password. Special characters, such as <code>$/^&</code>, are not supported.</p><p>The next step is to add the password to the appropriate configuration file, <code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[activemq.username=system
activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
...
jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp)
]]></script>
-</div></div>
-
-<p>Note that we used <code>ENC()</code> to wrap our encrypted passwords. You can mix plain and encrypted passwords in your properties files, so encrypted ones must be wrapped this way.</p>
-
-<p>Finally, you need to instruct your property loader to encrypt variables when it loads properties to the memory. Instead of standard property loader we'll use the special one (see <code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>Note that we used <code>ENC()</code> to wrap our encrypted passwords. You can mix plain and encrypted passwords in your properties files, so encrypted ones must be wrapped this way.</p><p>Finally, you need to instruct your property loader to encrypt variables when it loads properties to the memory. Instead of standard property loader we'll use the special one (see <code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[<bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithMD5AndDES" />
<property name="passwordEnvName" value="ACTIVEMQ_ENCRYPTION_PASSWORD" />
@@ -127,24 +110,12 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.base}/conf/credentials-enc.properties"/>
</bean>]]></script>
-</div></div>
-
-<p>With this configuration ActiveMQ will try to load your encryptor password from the <code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and then use it to decrypt passwords from <code>credential-enc.properties</code> file.</p>
-
-<p>Alternative is to use a simple variant and store encryptor password in the xml file, like this</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>With this configuration ActiveMQ will try to load your encryptor password from the <code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and then use it to decrypt passwords from <code>credential-enc.properties</code> file.</p><p>Alternative is to use a simple variant and store encryptor password in the xml file, like this</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="algorithm" value="PBEWithMD5AndDES"/>
<property name="password" value="activemq"/>
</bean>]]></script>
-</div></div>
-
-<p>but with that you'll lose the secrecy of the encryptor's secret. You may also consult <a shape="rect" class="external-link" href="http://www.jasypt.org/advancedconfiguration.html" rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more ideas on how to configure Jasypt.</p>
-
-<p>Finally, we can use properties like we'd normally do</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>but with that you'll lose the secrecy of the encryptor's secret. You may also consult <a shape="rect" class="external-link" href="http://www.jasypt.org/advancedconfiguration.html" rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more ideas on how to configure Jasypt.</p><p>Finally, we can use properties like we'd normally do</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="${activemq.password}"
@@ -154,11 +125,7 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
</users>
</simpleAuthenticationPlugin>]]></script>
-</div></div>
-
-<p>or</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>or</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[<bean id="mysql-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost/activemq?relaxAutoCommit=true"/>
@@ -167,23 +134,13 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
<property name="maxActive" value="200"/>
<property name="poolPreparedStatements" value="true"/>
</bean>]]></script>
-</div></div>
-
-<p>If you want to run the broker with this configuration, you need to do the following:</p>
-
-<ul><li>Set environment variable:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>If you want to run the broker with this configuration, you need to do the following:</p><ul><li><p>Set environment variable:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$ export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq]]></script>
-</div></div></li><li>Start the broker:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li><li><p>Start the broker:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$ bin/activemq start xbean:conf/activemq-security.xml]]></script>
-</div></div></li><li>Unset the environment variable:
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div></li><li><p>Unset the environment variable:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$ unset ACTIVEMQ_ENCRYPTION_PASSWORD]]></script>
-</div></div></li></ul>
-
-
-<p>In this way your encryptor secret is never saved on your system and your encrypted passwords are safely stored in the configuration files.</p></div>
+</div></div></li></ul><p>In this way your encryptor secret is never saved on your system and your encrypted passwords are safely stored in the configuration files.</p></div>
</td>
<td valign="top">
<div class="navigation">