I see that you posted this question on Stack Overflow and on #activemq in Apache's Slack as well. Please use one support channel at a time. Posting to multiple is likely to duplicate effort across the community. Thanks!
Justin On Thu, Jul 7, 2022 at 9:59 AM Pattamadai, Sundar < sundar.pattama...@allscripts.com> wrote: > Hello, > > We are new to activemq and have read what's in here > https://activemq.apache.org/encrypted-passwords > > Question: > That page talks about setting an environment variable > (ACTIVEMQ_ENCRYPTION_PASSWORD) to hold the encryption password, start > activemq and then unset that environment variable. But, how will this work > in the case of say a server restart? We can't put that encryption password > into any systemd service file. > > Our security policies do not allow for the encryption passwords to remain > in any configuration or settings files especially since the decrypt > mechanism is also available on the same host via bin/activemq commands. So, > if a bad actor gets into the host, he can get the secret and decrypt to get > the real password. > > Any alternatives? > > Thanks. >
