2 files changed, 104 insertions, 0 deletions

diff --git a/docs/rabbitmq.config.example b/docs/rabbitmq.config.example
index 4d376d953a..f425726721 100644
--- a/docs/rabbitmq.config.example
+++ b/docs/rabbitmq.config.example
@@ -132,6 +132,27 @@
    %%
    %% {password_hashing_module, rabbit_password_hashing_sha256},
 
+   %% Configuration entry encryption.
+   %% See http://www.rabbitmq.com/configure.html#configuration-encryption
+   %%
+   %% To specify the passphrase in the configuration file:
+   %%
+   %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]}
+   %%
+   %% To specify the passphrase in an external file:
+   %%
+   %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]}
+   %%
+   %% To make the broker request the passphrase when it starts:
+   %%
+   %% {config_entry_decoder, [{passphrase, prompt}]}
+   %%
+   %% To change encryption settings:
+   %%
+   %% {config_entry_decoder, [{cipher,     aes_cbc256},
+   %%                         {hash,       sha512},
+   %%                         {iterations, 1000}]}
+
    %%
    %% Default User / VHost
    %% ====================
diff --git a/docs/rabbitmqctl.1.xml b/docs/rabbitmqctl.1.xml
index d9a9991ea3..f360554e73 100644
--- a/docs/rabbitmqctl.1.xml
+++ b/docs/rabbitmqctl.1.xml
@@ -2083,6 +2083,89 @@
             </variablelist>
           </listitem>
         </varlistentry>
+        <varlistentry>
+          <term>
+            <cmdsynopsis>
+              <command>encode</command>
+              <arg choice="opt">--decode</arg>
+              <arg choice="opt"><replaceable>value</replaceable></arg>
+              <arg choice="opt"><replaceable>passphrase</replaceable></arg>
+              <arg choice="opt">--list-ciphers</arg>
+              <arg choice="opt">--list-hashes</arg>
+              <arg choice="opt">--cipher <replaceable>cipher</replaceable></arg>
+              <arg choice="opt">--hash <replaceable>hash</replaceable></arg>
+              <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg>
+            </cmdsynopsis>
+          </term>
+          <listitem>
+            <variablelist>
+              <varlistentry>
+                <term><cmdsynopsis><arg choice="opt">--decode</arg></cmdsynopsis></term>
+                <listitem>
+                  <para>
+                  Flag to decrypt the input value.
+                  </para>
+                  <para role="example-prefix">For example:</para>
+                  <screen role="example">rabbitmqctl encode --decode '{encrypted,'&lt;&lt;"..."&gt;&gt;}' mypassphrase</screen>
+                </listitem>
+              </varlistentry>
+              <varlistentry>
+                <term>
+                  <cmdsynopsis>
+                    <arg choice="opt"><replaceable>value</replaceable></arg>
+                    <arg choice="opt"><replaceable>passphrase</replaceable></arg>
+                  </cmdsynopsis>
+                </term>
+                <listitem>
+                  <para>
+                    Value to encrypt/decrypt and passphrase.
+                  </para>
+                  <para role="example-prefix">For example:</para>
+                  <screen role="example">rabbitmqctl encode '&lt;&lt;"guest"&gt;&gt;' mypassphrase</screen>
+                  <screen role="example">rabbitmqctl encode --decode '{encrypted,'&lt;&lt;"..."&gt;&gt;}' mypassphrase</screen>
+                </listitem>
+              </varlistentry>
+              <varlistentry>
+                <term><cmdsynopsis><arg choice="opt">--list-ciphers</arg></cmdsynopsis></term>
+                <listitem>
+                  <para>
+                    Flag to list the supported ciphers.
+                  </para>
+                  <para role="example-prefix">For example:</para>
+                  <screen role="example">rabbitmqctl encode --list-ciphers</screen>
+                </listitem>
+              </varlistentry>
+              <varlistentry>
+                <term><cmdsynopsis><arg choice="opt">--list-hashes</arg></cmdsynopsis></term>
+                <listitem>
+                  <para>
+                    Flag to list the supported hash algorithms.
+                  </para>
+                  <para role="example-prefix">For example:</para>
+                  <screen role="example">rabbitmqctl encode --list-hashes</screen>
+                </listitem>
+              </varlistentry>
+              <varlistentry>
+                <term>
+                  <cmdsynopsis>
+                    <arg choice="opt">--cipher <replaceable>cipher</replaceable></arg>
+                    <arg choice="opt">--hash <replaceable>hash</replaceable></arg>
+                    <arg choice="opt">--iterations <replaceable>iterations</replaceable></arg>
+                  </cmdsynopsis>
+                </term>
+                <listitem>
+                  <para>
+                    Options to specify the encryption settings. They can be used independently.
+                  </para>
+                  <para role="example-prefix">For example:</para>
+                  <screen role="example">
+rabbitmqctl encode --cipher blowfish_cfb64 --hash sha256 --iterations 10000 \
+                   '&lt;&lt;"guest"&gt;&gt;' mypassphrase</screen>
+                </listitem>
+              </varlistentry>
+            </variablelist>
+          </listitem>
+        </varlistentry>
       </variablelist>
     </refsect2>
   </refsect1>