RMQ - Mutual TLS Authentication via AMQP URI for Federation Plugin

[stefanLeo]

We are using the RMQ Federation Plugin and want to use mutual TLS authentication between the RMQ clusters. According to the URI Parameters docu of https://www.rabbitmq.com/uri-query-parameters.html we can set all parameters except the Ssl.CertPassphrase.

Is this really true and is there any specific reason for it? Is there any other way to "dynamically" set this passphrase for a federated exchange - so not via a config file?

BR

[michaelklishin]

Thank you for your time.

Team RabbitMQ uses GitHub issues for specific actionable items engineers can work on. GitHub issues are not used for questions, investigations, root cause analysis, discussions of potential issues, etc (as defined by this team).

We get at least a dozen of questions through various venues every single day, often light on details.
At that rate GitHub issues can very quickly turn into a something impossible to navigate and make sense of even for our team. Because GitHub is a tool our team uses heavily nearly every day, the signal/noise ratio of issues is something we care about a lot.

Please post this to rabbitmq-users.

Thank you.

[michaelklishin]

There are two reasons for it:

• This is not a commonly used feature, at least in this context
• Passing passwords in URIs is generally something that our users want to avoid

An encrypted advanced.config value is the optimal option for passwords. Which is at odds with how federation upstreams are configured, unfortunately.

And to be clear, exchanges do not have passphrases. Private keys used by Federation links (connections) might.