qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Harvey <p...@philharveyonline.com>
Subject Re: How to encrypt ssl keystore password in config.xml
Date Tue, 11 Dec 2012 07:00:10 GMT
Hi David,

You can't exactly encrypt it, but you can avoid hard coding it. You can
refer to system properties in config.xml using the form ${mypassword}.

Expose system properties to the broker before starting it like so:

export QPID_OPTS='-Dmypassword=password1'

I think the broker automatically picks up the value of system property
javax.net.ssl.keyStorePassword but iirc this depends on the broker version
and whether you're setting it for messaging connections or for management.
I will check. By the way what is your brother version?

A word of warning: anyone who can connect JConsole to the broker can
inspect system properties (possibly excluding
javax.net.ssl.keyStorePassword, but I'm not sure), so you should consider
ways of controlling access. The online broker documentation describes how
to apply authentication and authorisation to JMX access.

Hope that helps,
Phil
On Dec 8, 2012 12:21 AM, <David.Hu@ubs.com> wrote:

> **
>
> Hi, Guys,
>
> Is there a way to encrypt keystore password in ssl configuration in
> config.xml?
>
> David
>
> *David Hu*
> UBS, Group Technology Platform Service
> 1-201-318-7435
> ChatID: huda
>
>
> Visit our website at http://www.ubs.com
>
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mails are not encrypted and cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses.  The sender
> therefore does not accept liability for any errors or omissions in the
> contents of this message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities
> or related financial instruments.
>
>
> UBS reserves the right to retain all messages. Messages are protected
> and accessed only in legally justified cases.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message