Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-1440

Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use the password field

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.0
    • Fix Version/s: 1.10.0
    • Component/s: Container
    • Labels:
      None

      Description

      Deprecate the passwordFile field and consolidate all password scenarios to use  the password field. We will use the password options that openssl uses (see Pass Phrase Options sections). Going forward, here are three ways to specify a password in an sslProfile
       

      sslProfile {
           caCertFile: .....
            certFile: .....
            # Get the password from the environment variable TLS_SERVER_PASSWORD. Note the env: prefix
            password: env:TLS_SERVER_PASSWORD 
               OR
            # Get the password from the absolute file path. Note the file: prefix
            password: file:/home/tls/password-file.txt 
               OR
            # Specify the actual password. Note the pass: prefix
            password: pass:actual_password 
      } 

      (We will not be supporting the openssl options fd: and stdin
       
       
      While you can still specify the actual password in the password field using the pass: prefix, which casual users might want to do, you are also able to specify the file path or environment variable for more robust security.

      This change will be backward compatible which means, you will still be able to specify the actual password in the password field without the pass: prefix. The "literal" prefix will continue to work as well. The passwordFile field will be deprecated and eventually removed when we to a major version.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gmurthy Ganesh Murthy
                Reporter:
                gmurthy Ganesh Murthy
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: