activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r920020 - in /websites/production/activemq/content: cache/main.pageCache encrypted-passwords.html
Date Thu, 21 Aug 2014 10:20:41 GMT
Author: buildbot
Date: Thu Aug 21 10:20:40 2014
New Revision: 920020

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/encrypted-passwords.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/encrypted-passwords.html
==============================================================================
--- websites/production/activemq/content/encrypted-passwords.html (original)
+++ websites/production/activemq/content/encrypted-passwords.html Thu Aug 21 10:20:40 2014
@@ -81,39 +81,22 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt
your passwords and safely store them in configuration files. To encrypt the password, you
can use the newly added <code>encrypt</code> command like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt
your passwords and safely store them in configuration files. To encrypt the password, you
can use the newly added <code>encrypt</code> command like:</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$
bin/activemq encrypt --password activemq --input mypassword
 ...
 Encrypted text: eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp]]></script>
-</div></div>
-
-<p>Where the password you want to encrypt is passed with the <code>input</code>
argument, while the <code>password</code> argument is a secret used by the encryptor.<br
clear="none">
-In a similar fashion you can test-out your passwords like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>Where the password you want to encrypt is passed with the
<code>input</code> argument, while the <code>password</code> argument
is a secret used by the encryptor. In a similar fashion you can test-out your passwords like:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$
bin/activemq decrypt  --password activemq --input eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
 ...
 Decrypted text: mypassword]]></script>
-</div></div>
-
-<p>The next step is to add the password to the appropriate configuration file, <code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code>
by default.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p><strong>Note:</strong> It is recommended that
you use only alphanumeric characters for the password. Special characters, such as <code>$/^&amp;</code>,
are not supported.</p><p>The next step is to add the password to the appropriate
configuration file, <code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code>
by default.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[activemq.username=system
 activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
 guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
 ...
 jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp)
 ]]></script>
-</div></div>
-
-<p>Note that we used <code>ENC()</code> to wrap our encrypted passwords.
You can mix plain and encrypted passwords in your properties files, so encrypted ones must
be wrapped this way.</p>
-
-<p>Finally, you need to instruct your property loader to encrypt variables when it
loads properties to the memory. Instead of standard property loader we'll use the special
one (see <code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>Note that we used <code>ENC()</code> to wrap
our encrypted passwords. You can mix plain and encrypted passwords in your properties files,
so encrypted ones must be wrapped this way.</p><p>Finally, you need to instruct
your property loader to encrypt variables when it loads properties to the memory. Instead
of standard property loader we'll use the special one (see <code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>)
to achieve this.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;bean
id=&quot;environmentVariablesConfiguration&quot; class=&quot;org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig&quot;&gt;
   &lt;property name=&quot;algorithm&quot; value=&quot;PBEWithMD5AndDES&quot;
/&gt;
   &lt;property name=&quot;passwordEnvName&quot; value=&quot;ACTIVEMQ_ENCRYPTION_PASSWORD&quot;
/&gt;
@@ -127,24 +110,12 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
   &lt;constructor-arg ref=&quot;configurationEncryptor&quot; /&gt; 
   &lt;property name=&quot;location&quot; value=&quot;file:${activemq.base}/conf/credentials-enc.properties&quot;/&gt;

 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>With this configuration ActiveMQ will try to load your encryptor password from the
<code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and then use it
to decrypt passwords from <code>credential-enc.properties</code> file.</p>
-
-<p>Alternative is to use a simple variant and store encryptor password in the xml file,
like this</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>With this configuration ActiveMQ will try to load your encryptor
password from the <code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable
and then use it to decrypt passwords from <code>credential-enc.properties</code>
file.</p><p>Alternative is to use a simple variant and store encryptor password
in the xml file, like this</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;bean
id=&quot;configurationEncryptor&quot; class=&quot;org.jasypt.encryption.pbe.StandardPBEStringEncryptor&quot;&gt;
   &lt;property name=&quot;algorithm&quot; value=&quot;PBEWithMD5AndDES&quot;/&gt;
   &lt;property name=&quot;password&quot; value=&quot;activemq&quot;/&gt;
 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>but with that you'll lose the secrecy of the encryptor's secret. You may also consult
<a shape="rect" class="external-link" href="http://www.jasypt.org/advancedconfiguration.html"
rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more ideas
on how to configure Jasypt.</p>
-
-<p>Finally, we can use properties like we'd normally do</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>but with that you'll lose the secrecy of the encryptor's
secret. You may also consult <a shape="rect" class="external-link" href="http://www.jasypt.org/advancedconfiguration.html"
rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more ideas
on how to configure Jasypt.</p><p>Finally, we can use properties like we'd normally
do</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;simpleAuthenticationPlugin&gt;
   &lt;users&gt;
     &lt;authenticationUser username=&quot;system&quot; password=&quot;${activemq.password}&quot;
@@ -154,11 +125,7 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
     &lt;authenticationUser username=&quot;guest&quot; password=&quot;${guest.password}&quot;
groups=&quot;guests&quot;/&gt;
   &lt;/users&gt;
 &lt;/simpleAuthenticationPlugin&gt;]]></script>
-</div></div>
-
-<p>or</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>or</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[&lt;bean
id=&quot;mysql-ds&quot; class=&quot;org.apache.commons.dbcp.BasicDataSource&quot;
destroy-method=&quot;close&quot;&gt;
   &lt;property name=&quot;driverClassName&quot; value=&quot;com.mysql.jdbc.Driver&quot;/&gt;
   &lt;property name=&quot;url&quot; value=&quot;jdbc:mysql://localhost/activemq?relaxAutoCommit=true&quot;/&gt;
@@ -167,23 +134,13 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
   &lt;property name=&quot;maxActive&quot; value=&quot;200&quot;/&gt;
   &lt;property name=&quot;poolPreparedStatements&quot; value=&quot;true&quot;/&gt;
 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>If you want to run the broker with this configuration, you need to do the following:</p>
-
-<ul><li>Set environment variable: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p>If you want to run the broker with this configuration, you
need to do the following:</p><ul><li><p>Set environment variable:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$
export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq]]></script>
-</div></div></li><li>Start the broker: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div></li><li><p>Start the broker:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$
bin/activemq start xbean:conf/activemq-security.xml]]></script>
-</div></div></li><li>Unset the environment variable: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div></li><li><p>Unset the environment variable:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[$
unset ACTIVEMQ_ENCRYPTION_PASSWORD]]></script>
-</div></div></li></ul>
-
-
-<p>In this way your encryptor secret is never saved on your system and your encrypted
passwords are safely stored in the configuration files.</p></div>
+</div></div></li></ul><p>In this way your encryptor secret
is never saved on your system and your encrypted passwords are safely stored in the configuration
files.</p></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message