[jira] [Resolved] (DISPATCH-1440) Deprecate the passwordFile field in sslProfile and consolidate all password scenarios to use the password field

Wed, 09 Oct 2019 10:06:58 -0700 


     [ 
https://issues.apache.org/jira/browse/DISPATCH-1440?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ganesh Murthy resolved DISPATCH-1440.
-------------------------------------
    Fix Version/s: 1.10.0
       Resolution: Fixed

> Deprecate the passwordFile field in sslProfile and consolidate all password 
> scenarios to use  the password field
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: DISPATCH-1440
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1440
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Container
>    Affects Versions: 1.9.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>            Priority: Major
>             Fix For: 1.10.0
>
>
> Deprecate the passwordFile field and consolidate all password scenarios to 
> use  the password field. We will use the password options that 
> [openssl|https://www.openssl.org/docs/man1.1.1/man1/openssl.html] uses (see 
> Pass Phrase Options sections). Going forward, here are three ways to specify 
> a password in an sslProfile
>  
> {noformat}
> sslProfile {
>      caCertFile: .....
>       certFile: .....
>       # Get the password from the environment variable TLS_SERVER_PASSWORD. 
> Note the env: prefix
>       password: env:TLS_SERVER_PASSWORD 
>          OR
>       # Get the password from the absolute file path. Note the file: prefix
>       password: file:/home/tls/password-file.txt 
>          OR
>       # Specify the actual password. Note the pass: prefix
>       password: pass:actual_password 
> } {noformat}
> (We will not be supporting the openssl options fd: and stdin 
>  
>  
> While you can still specify the actual password in the password field using 
> the pass: prefix, which casual users might want to do, you are also able to 
> specify the file path or environment variable for more robust security.
> This change will be backward compatible which means, you will still be able 
> to specify the actual password in the password field without the pass: 
> prefix. The "literal" prefix will continue to work as well. The passwordFile 
> field will be deprecated and eventually removed when we to a major version.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to