output/components/classic/documentation/encrypted-passwords.html - activemq-website - Git at Google

 <!DOCTYPE html>
 <html lang="en">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <meta http-equiv="X-UA-Compatible" content="ie=edge">
     <title>ActiveMQ</title>
     <link rel="icon" type="image/png" href="/assets/img/favicon.png">

     <link rel="stylesheet" href="/css/main.css">
     <script defer src="/js/fontawesome-all.min.js" integrity="sha384-rOA1PnstxnOBLzCLMcre8ybwbTmemjzdNlILg8O7z1lUkLXozs4DHonlDtnE7fpc"></script>
     <script src="/js/jquery.slim.min.js" integrity="sha384-5AkRS45j4ukf+JbWAfHL8P4onPA9p0KwwP7pUdjSQA3ss9edbJUJc/XcYAiheSSz"></script>
     <script src="/js/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q"></script>
     <script src="/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl"></script>
 </head>

 <body>
 <nav class="navbar navbar-expand-lg navbar-light fixed-top">
     <div class="container">
         <!-- <a class="navbar-brand mr-auto" href="#"><img style="height: 50px" src="assets/img/apache-feather.png" /></a> -->
         <a class="navbar-brand mr-auto" href="/"><img src="/assets/img/activemq_logo_black_small.png" style="height: 50px"/></a>
         <button class="navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false" aria-label="Toggle navigation">
             <span class="navbar-toggler-icon"></span>
         </button>

         <div class="ml-auto collapse navbar-collapse" id="navbarContent">
             <ul class="navbar-nav ml-auto">
                 <li class="nav-item">
                     <a class="nav-link active" href="/news">News</a>
                 </li>
                 <li class="nav-item dropdown">
                     <a class="nav-link" id="navbarDropdownComponents" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Components<span class="caret"></span></a>
                     <ul class="dropdown-menu dropdown-menu-center" aria-labelledby="navbarDropdownComponents">
                         <div class="row">
                             <div class="col-12">
                                 <ul class="multi-column-dropdown">
                                     <li class="nav-item"><a class="dropdown-item" href="/components/classic">ActiveMQ Classic</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/components/artemis/">ActiveMQ Artemis</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/components/nms">NMS Clients</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/components/cms">CMS Client</a></li>
                                 </ul>
                             </div>
                         </div>
                     </ul>
                 </li>
                 <li class="nav-item dropdown">
                     <a class="nav-link" id="navbarDropdownCommunity" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community<span class="caret"></span></a>
                     <ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownCommunity">
                         <div class="row">
                             <div class="col-12">
                                 <ul class="multi-column-dropdown">
                                     <li class="nav-item"><a class="dropdown-item" href="/contact">Contact Us</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/contributing">Contribute</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/issues">Report Issues</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/support">Get Support</a></li>
                                 </ul>
                             </div>
                           </div>
                     </ul>
                 </li>
                 <li class="nav-item dropdown">
                     <a class="nav-link" id="navbarDropdownTeam" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><img src="/assets/img/feather.png" style="height:20px">Apache<span class="caret"></span></a>
                     <ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownTeam">
                         <div class="row">
                             <div class="col-sm-12">
                                 <ul class="multi-column-dropdown">
                                     <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org">The Apache Software Foundation</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="/security-advisories">Security</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/events/current-event">Events</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://people.apache.org/phonebook.html?pmc=activemq">PMC & Committers</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://whimsy.apache.org/board/minutes/ActiveMQ.html">Board Reports</a></li>
                                     <li class="nav-item"><a class="dropdown-item" href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li>
                                 </ul>
                             </div>
                         </div>
                     </ul>
                 </li>
             </ul>
         </div>
     </div>
 </nav>

 <div class="content">
   <div class="page-title-classic">
     <div class="container">
       <h1>Encrypted passwords</h1>
     </div>
   </div>
   <div class="container" >
     <div class="row" style="margin-top: 30px">
       <div class="col-12 classic">
         <p><a href="features">Features</a> &gt; <a href="security">Security</a> &gt; <a href="encrypted-passwords">Encrypted passwords</a></p>

 <p>As of ActiveMQ Classic 5.4.1 you can encrypt your passwords and safely store them in configuration files. To encrypt the password, you can use the newly added <code class="language-plaintext highlighter-rouge">encrypt</code> command like:</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq encrypt --password activemq --input mypassword
 ...
 Encrypted text: eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
 </code></pre></div></div>
 <p>Where the password you want to encrypt is passed with the <code class="language-plaintext highlighter-rouge">input</code> argument, while the <code class="language-plaintext highlighter-rouge">password</code> argument is a secret used by the encryptor. In a similar fashion you can test-out your passwords like:</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq decrypt  --password activemq --input eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
 ...
 Decrypted text: mypassword
 </code></pre></div></div>
 <p><strong>Note:</strong> It is recommended that you use only alphanumeric characters for the password. Special characters, such as <code class="language-plaintext highlighter-rouge">$/^&amp;</code>, are not supported.</p>

 <p>As of the 5.16.0 release, support has been added to specify an algorithm
 parameter to the “encrypt” and “decrypt” commands. By default, the algorithm
 that is used is “PBEWithMD5AndDES”. To use a more modern encryption algorithm
 you can specify:</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq encrypt --password activemq --input mypassword --algorithm PBEWITHHMACSHA256ANDAES_256
 ...
 Encrypted text: h/cWj/ZZelMt3Y7NSzUG2vHYSnfWK561qjNg9Ywyr9yT72ru7pR4IEUnHLIdLSOb
 </code></pre></div></div>

 <p>The next step is to add the password to the appropriate configuration file, <code class="language-plaintext highlighter-rouge">$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>activemq.username=system
 activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
 guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
 ...
 jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp)
 </code></pre></div></div>
 <p>Note that we used <code class="language-plaintext highlighter-rouge">ENC()</code> to wrap our encrypted passwords. You can mix plain and encrypted passwords in your properties files, so encrypted ones must be wrapped this way.</p>

 <p>Finally, you need to instruct your property loader to encrypt variables when it loads properties to the memory. Instead of standard property loader we’ll use the special one (see <code class="language-plaintext highlighter-rouge">\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"&gt;
   &lt;property name="algorithm" value="PBEWithMD5AndDES" /&gt;
   &lt;property name="passwordEnvName" value="ACTIVEMQ\_ENCRYPTION\_PASSWORD" /&gt;
 &lt;/bean&gt;

 &lt;bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"&gt;
   &lt;property name="config" ref="environmentVariablesConfiguration" /&gt;
 &lt;/bean&gt;

 &lt;bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer"&gt;
   &lt;constructor-arg ref="configurationEncryptor" /&gt;
   &lt;property name="location" value="file:${activemq.base}/conf/credentials-enc.properties"/&gt;
 &lt;/bean&gt;
 </code></pre></div></div>
 <p>With this configuration ActiveMQ Classic will try to load your encryptor password from the <code class="language-plaintext highlighter-rouge">ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and then use it to decrypt passwords from <code class="language-plaintext highlighter-rouge">credential-enc.properties</code> file.</p>

 <p>Alternative is to use a simple variant and store encryptor password in the xml file, like this</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"&gt;
   &lt;property name="algorithm" value="PBEWithMD5AndDES"/&gt;
   &lt;property name="password" value="activemq"/&gt;
 &lt;/bean&gt;
 </code></pre></div></div>
 <p>but with that you’ll lose the secrecy of the encryptor’s secret. You may also consult <a href="http://www.jasypt.org/advancedCommunity/FAQ/configuration">http://www.jasypt.org/advancedCommunity/FAQ/configuration.md</a> for more ideas on how to configure Jasypt.</p>

 <p>Finally, we can use properties like we’d normally do</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;simpleAuthenticationPlugin&gt;
   &lt;users&gt;
     &lt;authenticationUser username="system" password="${activemq.password}"
       groups="users,admins"/&gt;
     &lt;authenticationUser username="user" password="${guest.password}"
       groups="users"/&gt;
     &lt;authenticationUser username="guest" password="${guest.password}" groups="guests"/&gt;
   &lt;/users&gt;
 &lt;/simpleAuthenticationPlugin&gt;
 </code></pre></div></div>
 <p>or</p>
 <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&lt;bean id="mysql-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"&gt;
   &lt;property name="driverClassName" value="com.mysql.jdbc.Driver"/&gt;
   &lt;property name="url" value="jdbc:mysql://localhost/activemq?relaxAutoCommit=true"/&gt;
   &lt;property name="username" value="activemq"/&gt;
   &lt;property name="password" value="${jdbc.password}"/&gt;
   &lt;property name="maxActive" value="200"/&gt;
   &lt;property name="poolPreparedStatements" value="true"/&gt;
 &lt;/bean&gt;
 </code></pre></div></div>
 <p>If you want to run the broker with this configuration, you need to do the following:</p>

 <ul>
   <li>Set environment variable:
     <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ export ACTIVEMQ\_ENCRYPTION\_PASSWORD=activemq
 </code></pre></div>    </div>
   </li>
   <li>Start the broker:
     <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq start xbean:conf/activemq-security.xml
 </code></pre></div>    </div>
   </li>
   <li>Unset the environment variable:
     <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ unset ACTIVEMQ\_ENCRYPTION\_PASSWORD
 </code></pre></div>    </div>
   </li>
 </ul>

 <p>In this way your encryptor secret is never saved on your system and your encrypted passwords are safely stored in the configuration files.</p>

       </div>
     </div>
   </div>
 </div>
 <div class="row sitemap">
   <div class="col-sm-12">
     <div class="container">
       <div class="row">
         <div class="col-sm-12">
           <div class="row">
             <div class="col-sm-3">
               <div >
                 <img class="float-left" style="max-height: 100px" src="/assets/img/activemq_logo_white_vertical_small.png"/>
               </div>
             </div>
             <div style="text-align: center; margin-bottom: 0px; margin-top: 30px; font-size: 65%" class="col-sm-6">
               <p><a href="https://www.apache.org/foundation/marks/list/">Apache, ActiveMQ, Apache ActiveMQ</a>, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright &copy; 2024, The Apache Software Foundation. Licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>.</p>
             </div>
             <div class="col-sm-3">
               <div >
                 <a href="https://www.apache.org"><img class="float-right" style="margin-top: 10px; max-height: 80px" src="/assets/img/apache-logo-small.png"/></a>
               </div>
             </div>
           </div>
         </div>
       </div>
     </div>
   </div>
 </div>

 </body>
 </html>
	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta http-equiv="X-UA-Compatible" content="ie=edge">
	<title>ActiveMQ</title>
	<link rel="icon" type="image/png" href="/assets/img/favicon.png">

	<link rel="stylesheet" href="/css/main.css">
	<script defer src="/js/fontawesome-all.min.js" integrity="sha384-rOA1PnstxnOBLzCLMcre8ybwbTmemjzdNlILg8O7z1lUkLXozs4DHonlDtnE7fpc"></script>
	<script src="/js/jquery.slim.min.js" integrity="sha384-5AkRS45j4ukf+JbWAfHL8P4onPA9p0KwwP7pUdjSQA3ss9edbJUJc/XcYAiheSSz"></script>
	<script src="/js/popper.min.js" integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q"></script>
	<script src="/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl"></script>
	</head>

	<body>
	<nav class="navbar navbar-expand-lg navbar-light fixed-top">
	<div class="container">
	<!-- <a class="navbar-brand mr-auto" href="#"><img style="height: 50px" src="assets/img/apache-feather.png" /></a> -->
	<a class="navbar-brand mr-auto" href="/"><img src="/assets/img/activemq_logo_black_small.png" style="height: 50px"/></a>
	<button class="navbar-toggler ml-auto" type="button" data-toggle="collapse" data-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false" aria-label="Toggle navigation">
	<span class="navbar-toggler-icon"></span>
	</button>

	<div class="ml-auto collapse navbar-collapse" id="navbarContent">
	<ul class="navbar-nav ml-auto">
	<li class="nav-item">
	<a class="nav-link active" href="/news">News</a>
	</li>
	<li class="nav-item dropdown">
	<a class="nav-link" id="navbarDropdownComponents" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Components<span class="caret"></span></a>
	<ul class="dropdown-menu dropdown-menu-center" aria-labelledby="navbarDropdownComponents">
	<div class="row">
	<div class="col-12">
	<ul class="multi-column-dropdown">
	<li class="nav-item"><a class="dropdown-item" href="/components/classic">ActiveMQ Classic</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/components/artemis/">ActiveMQ Artemis</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/components/nms">NMS Clients</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/components/cms">CMS Client</a></li>
	</ul>
	</div>
	</div>
	</ul>
	</li>
	<li class="nav-item dropdown">
	<a class="nav-link" id="navbarDropdownCommunity" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Community<span class="caret"></span></a>
	<ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownCommunity">
	<div class="row">
	<div class="col-12">
	<ul class="multi-column-dropdown">
	<li class="nav-item"><a class="dropdown-item" href="/contact">Contact Us</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/contributing">Contribute</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/issues">Report Issues</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/support">Get Support</a></li>
	</ul>
	</div>
	</div>
	</ul>
	</li>
	<li class="nav-item dropdown">
	<a class="nav-link" id="navbarDropdownTeam" data-target="#" href="" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"><img src="/assets/img/feather.png" style="height:20px">Apache<span class="caret"></span></a>
	<ul class="dropdown-menu dropdown-menu-center multi-column columns-1" aria-labelledby="navbarDropdownTeam">
	<div class="row">
	<div class="col-sm-12">
	<ul class="multi-column-dropdown">
	<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org">The Apache Software Foundation</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
	<li class="nav-item"><a class="dropdown-item" href="/security-advisories">Security</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://www.apache.org/events/current-event">Events</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://people.apache.org/phonebook.html?pmc=activemq">PMC & Committers</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://whimsy.apache.org/board/minutes/ActiveMQ.html">Board Reports</a></li>
	<li class="nav-item"><a class="dropdown-item" href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy Policy</a></li>
	</ul>
	</div>
	</div>
	</ul>
	</li>
	</ul>
	</div>
	</div>
	</nav>

	<div class="content">
	<div class="page-title-classic">
	<div class="container">
	<h1>Encrypted passwords</h1>
	</div>
	</div>
	<div class="container" >
	<div class="row" style="margin-top: 30px">
	<div class="col-12 classic">
	<p><a href="features">Features</a> > <a href="security">Security</a> > <a href="encrypted-passwords">Encrypted passwords</a></p>

	<p>As of ActiveMQ Classic 5.4.1 you can encrypt your passwords and safely store them in configuration files. To encrypt the password, you can use the newly added <code class="language-plaintext highlighter-rouge">encrypt</code> command like:</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq encrypt --password activemq --input mypassword
	...
	Encrypted text: eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
	</code></pre></div></div>
	<p>Where the password you want to encrypt is passed with the <code class="language-plaintext highlighter-rouge">input</code> argument, while the <code class="language-plaintext highlighter-rouge">password</code> argument is a secret used by the encryptor. In a similar fashion you can test-out your passwords like:</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq decrypt --password activemq --input eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
	...
	Decrypted text: mypassword
	</code></pre></div></div>
	<p><strong>Note:</strong> It is recommended that you use only alphanumeric characters for the password. Special characters, such as <code class="language-plaintext highlighter-rouge">$/^&</code>, are not supported.</p>

	<p>As of the 5.16.0 release, support has been added to specify an algorithm
	parameter to the “encrypt” and “decrypt” commands. By default, the algorithm
	that is used is “PBEWithMD5AndDES”. To use a more modern encryption algorithm
	you can specify:</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq encrypt --password activemq --input mypassword --algorithm PBEWITHHMACSHA256ANDAES_256
	...
	Encrypted text: h/cWj/ZZelMt3Y7NSzUG2vHYSnfWK561qjNg9Ywyr9yT72ru7pR4IEUnHLIdLSOb
	</code></pre></div></div>

	<p>The next step is to add the password to the appropriate configuration file, <code class="language-plaintext highlighter-rouge">$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>activemq.username=system
	activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
	guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
	...
	jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp)
	</code></pre></div></div>
	<p>Note that we used <code class="language-plaintext highlighter-rouge">ENC()</code> to wrap our encrypted passwords. You can mix plain and encrypted passwords in your properties files, so encrypted ones must be wrapped this way.</p>

	<p>Finally, you need to instruct your property loader to encrypt variables when it loads properties to the memory. Instead of standard property loader we’ll use the special one (see <code class="language-plaintext highlighter-rouge">\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
	<property name="algorithm" value="PBEWithMD5AndDES" />
	<property name="passwordEnvName" value="ACTIVEMQ\_ENCRYPTION\_PASSWORD" />
	</bean>

	<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
	<property name="config" ref="environmentVariablesConfiguration" />
	</bean>

	<bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
	<constructor-arg ref="configurationEncryptor" />
	<property name="location" value="file:${activemq.base}/conf/credentials-enc.properties"/>
	</bean>
	</code></pre></div></div>
	<p>With this configuration ActiveMQ Classic will try to load your encryptor password from the <code class="language-plaintext highlighter-rouge">ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and then use it to decrypt passwords from <code class="language-plaintext highlighter-rouge">credential-enc.properties</code> file.</p>

	<p>Alternative is to use a simple variant and store encryptor password in the xml file, like this</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
	<property name="algorithm" value="PBEWithMD5AndDES"/>
	<property name="password" value="activemq"/>
	</bean>
	</code></pre></div></div>
	<p>but with that you’ll lose the secrecy of the encryptor’s secret. You may also consult <a href="http://www.jasypt.org/advancedCommunity/FAQ/configuration">http://www.jasypt.org/advancedCommunity/FAQ/configuration.md</a> for more ideas on how to configure Jasypt.</p>

	<p>Finally, we can use properties like we’d normally do</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><simpleAuthenticationPlugin>
	<users>
	<authenticationUser username="system" password="${activemq.password}"
	groups="users,admins"/>
	<authenticationUser username="user" password="${guest.password}"
	groups="users"/>
	<authenticationUser username="guest" password="${guest.password}" groups="guests"/>
	</users>
	</simpleAuthenticationPlugin>
	</code></pre></div></div>
	<p>or</p>
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><bean id="mysql-ds" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
	<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
	<property name="url" value="jdbc:mysql://localhost/activemq?relaxAutoCommit=true"/>
	<property name="username" value="activemq"/>
	<property name="password" value="${jdbc.password}"/>
	<property name="maxActive" value="200"/>
	<property name="poolPreparedStatements" value="true"/>
	</bean>
	</code></pre></div></div>
	<p>If you want to run the broker with this configuration, you need to do the following:</p>

	<ul>
	<li>Set environment variable:
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ export ACTIVEMQ\_ENCRYPTION\_PASSWORD=activemq
	</code></pre></div> </div>
	</li>
	<li>Start the broker:
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ bin/activemq start xbean:conf/activemq-security.xml
	</code></pre></div> </div>
	</li>
	<li>Unset the environment variable:
	<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ unset ACTIVEMQ\_ENCRYPTION\_PASSWORD
	</code></pre></div> </div>
	</li>
	</ul>

	<p>In this way your encryptor secret is never saved on your system and your encrypted passwords are safely stored in the configuration files.</p>

	</div>
	</div>
	</div>
	</div>
	<div class="row sitemap">
	<div class="col-sm-12">
	<div class="container">
	<div class="row">
	<div class="col-sm-12">
	<div class="row">
	<div class="col-sm-3">
	<div >
	<img class="float-left" style="max-height: 100px" src="/assets/img/activemq_logo_white_vertical_small.png"/>
	</div>
	</div>
	<div style="text-align: center; margin-bottom: 0px; margin-top: 30px; font-size: 65%" class="col-sm-6">
	<p><a href="https://www.apache.org/foundation/marks/list/">Apache, ActiveMQ, Apache ActiveMQ</a>, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2024, The Apache Software Foundation. Licensed under <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>.</p>
	</div>
	<div class="col-sm-3">
	<div >
	<a href="https://www.apache.org"><img class="float-right" style="margin-top: 10px; max-height: 80px" src="/assets/img/apache-logo-small.png"/></a>
	</div>
	</div>
	</div>
	</div>
	</div>
	</div>
	</div>
	</div>

	</body>
	</html>