diff options
| author | Karl Nilsson <kjnilsson@gmail.com> | 2016-10-17 13:58:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-17 13:58:56 +0100 |
| commit | 3906b1bfd21c83ba33ef5de491a993f8d4d9fc03 (patch) | |
| tree | a7c0451145297405a8406d342cb5016516923007 | |
| parent | 9ee645a281c3006850e111b898fd9cf6b6214bd1 (diff) | |
| parent | 360bc947ec1c7ed17ed2fb4291f245cea2dfeea5 (diff) | |
| download | rabbitmq-server-git-3906b1bfd21c83ba33ef5de491a993f8d4d9fc03.tar.gz | |
Merge pull request #999 from rabbitmq/rabbitmq-website-282
Document configuration encryption
| -rw-r--r-- | docs/rabbitmq.config.example | 21 | ||||
| -rw-r--r-- | docs/rabbitmqctl.1.xml | 73 |
2 files changed, 94 insertions, 0 deletions
diff --git a/docs/rabbitmq.config.example b/docs/rabbitmq.config.example index 4d376d953a..f425726721 100644 --- a/docs/rabbitmq.config.example +++ b/docs/rabbitmq.config.example @@ -132,6 +132,27 @@ %% %% {password_hashing_module, rabbit_password_hashing_sha256}, + %% Configuration entry encryption. + %% See http://www.rabbitmq.com/configure.html#configuration-encryption + %% + %% To specify the passphrase in the configuration file: + %% + %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} + %% + %% To specify the passphrase in an external file: + %% + %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} + %% + %% To make the broker request the passphrase when it starts: + %% + %% {config_entry_decoder, [{passphrase, prompt}]} + %% + %% To change encryption settings: + %% + %% {config_entry_decoder, [{cipher, aes_cbc256}, + %% {hash, sha512}, + %% {iterations, 1000}]} + %% %% Default User / VHost %% ==================== diff --git a/docs/rabbitmqctl.1.xml b/docs/rabbitmqctl.1.xml index d9a9991ea3..217d2d93ca 100644 --- a/docs/rabbitmqctl.1.xml +++ b/docs/rabbitmqctl.1.xml @@ -2083,6 +2083,79 @@ </variablelist> </listitem> </varlistentry> + <varlistentry> + <!-- one-line formatting matters for rabbit_ctl_usage.erl code generation --> + <term><cmdsynopsis><command>encode</command> <arg choice="opt">--decode</arg> <arg choice="opt"><replaceable>value</replaceable></arg> <arg choice="opt"><replaceable>passphrase</replaceable></arg> <arg choice="opt">--list-ciphers</arg> <arg choice="opt">--list-hashes</arg> <arg choice="opt">--cipher <replaceable>cipher</replaceable></arg> <arg choice="opt">--hash <replaceable>hash</replaceable></arg> <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg></cmdsynopsis> + </term> + <listitem> + <variablelist> + <varlistentry> + <term><cmdsynopsis><arg choice="opt">--decode</arg></cmdsynopsis></term> + <listitem> + <para> + Flag to decrypt the input value. + </para> + <para role="example-prefix">For example:</para> + <screen role="example">rabbitmqctl encode --decode '{encrypted,'<<"...">>}' mypassphrase</screen> + </listitem> + </varlistentry> + <varlistentry> + <term> + <cmdsynopsis> + <arg choice="opt"><replaceable>value</replaceable></arg> + <arg choice="opt"><replaceable>passphrase</replaceable></arg> + </cmdsynopsis> + </term> + <listitem> + <para> + Value to encrypt/decrypt and passphrase. + </para> + <para role="example-prefix">For example:</para> + <screen role="example">rabbitmqctl encode '<<"guest">>' mypassphrase</screen> + <screen role="example">rabbitmqctl encode --decode '{encrypted,'<<"...">>}' mypassphrase</screen> + </listitem> + </varlistentry> + <varlistentry> + <term><cmdsynopsis><arg choice="opt">--list-ciphers</arg></cmdsynopsis></term> + <listitem> + <para> + Flag to list the supported ciphers. + </para> + <para role="example-prefix">For example:</para> + <screen role="example">rabbitmqctl encode --list-ciphers</screen> + </listitem> + </varlistentry> + <varlistentry> + <term><cmdsynopsis><arg choice="opt">--list-hashes</arg></cmdsynopsis></term> + <listitem> + <para> + Flag to list the supported hash algorithms. + </para> + <para role="example-prefix">For example:</para> + <screen role="example">rabbitmqctl encode --list-hashes</screen> + </listitem> + </varlistentry> + <varlistentry> + <term> + <cmdsynopsis> + <arg choice="opt">--cipher <replaceable>cipher</replaceable></arg> + <arg choice="opt">--hash <replaceable>hash</replaceable></arg> + <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg> + </cmdsynopsis> + </term> + <listitem> + <para> + Options to specify the encryption settings. They can be used independently. + </para> + <para role="example-prefix">For example:</para> + <screen role="example"> +rabbitmqctl encode --cipher blowfish_cfb64 --hash sha256 --iterations 10000 \ + '<<"guest">>' mypassphrase</screen> + </listitem> + </varlistentry> + </variablelist> + </listitem> + </varlistentry> </variablelist> </refsect2> </refsect1> |