OK well what I am thinking about is basically adding a nullable property to the PropertiesLoginModule that will allow the user to provide the classpath to an implementation of the org.apache.activemq.artemis.utils.SensitiveDataCodec, so that essentially the login.config would look like the following.
activemq { com.paypal.credit.apache.artemis.passwordmasking.CryptoMonsterLogin required debug=false org.apache.activemq.jaas.properties.decoder="com.foo.FooDecoder;key=value" org.apache.activemq.jaas.properties.user="artemis-users.properties" org.apache.activemq.jaas.properties.role="artemis-roles.properties"; }; This approach should allow users to configure password marking using the same interface from the previous version. Also I believe we can allow masked and unmasked passwords to live in the same files by simply requiring the masked passwords to be encased with ENC(). An example of how the users.properties file would look is shown below. unmaskedpassword=unmaskedpassword maskedpassword=ENC(fafafsdgaqgegsagegasge) How does this sound? -- View this message in context: http://activemq.2283324.n4.nabble.com/Adding-support-for-password-masking-to-the-Artemis-tp4711531p4711571.html Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.