Artemis broker displays the completed connection string along with database credentials
Environment
- Red Hat AMQ
- 7.8.2
Issue
- Is there a way to prevent the display of the JDBC password in the log?
Resolution
- By default, the password field is masked and not displayed in plaintext in the log.
- To further enhance security, you can utilize the "mask" command to encrypt the password and replace the plain text with an encrypted password.
<jdbc-password>ENC(_encrypted_password_)</jdbc-password>
-
To encrypt a password, you can follow these general steps:
-
Inside {AMQ-HOME}/broker-name/bin here you will find the mask command. You can use the below command to mask the password."
./artemis mask <password>
Diagnostic Steps
- AMQ Startup log
Red Hat AMQ 7.8.2.GA
2023-05-15 15:06:45,056 INFO [org.apache.activemq.artemis.integration.bootstrap] AMQ101000: Starting ActiveMQ Artemis Server
2023-05-15 15:06:45,120 INFO [org.apache.activemq.artemis.journal] AMQ141010: Initialising JDBC data source org.apache.commons.dbcp2.BasicDataSource with properties {(password=****), maxTotal=-1, driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver, poolPreparedStatements=true, url=jdbc:sqlserver://localhost:1433;databaseName=TestDB, username=sa}
2023-05-15 15:06:46,013 INFO [org.apache.activemq.artemis.core.server] AMQ221000: live Message Broker is starting with configuration Broker Configuration (clustered=false,jdbcDriverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver,jdbcConnectionUrl=jdbc:sqlserver://localhost:1433;databaseName=TestDB,messageTableName=MESSAGES,bindingsTableName=BINDINGS,largeMessageTableName=LARGE_MESSAGES,pageStoreTableName=PAGE_STORE,)
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments