Created
March 5, 2023 14:04
-
-
Save macbash/999fe64e86885d073969ede513631f5e to your computer and use it in GitHub Desktop.
RabbitMQ & Vault Integration for Dynamic Credentials.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Tested in Vault - 1.13.0 and RabbitMQ - 3.X ( Docker -> Image: rabbitmq:3-management ) | |
| ## Setup RabbitMQ using Docker | |
| docker run -d --hostname my-rabbit --name some-rabbit -p 5672:5672 -p 15672:15672 -e RABBITMQ_DEFAULT_USER=user123 -e RABBITMQ_DEFAULT_PASS=password123 rabbitmq:3-management | |
| ## Vault Enable RabbitMQ Engine | |
| vault secrets enable rabbitmq | |
| ## Vault Connection with RabbitMQ | |
| vault write rabbitmq/config/connection \ | |
| connection_uri="http://localhost:15672" \ | |
| username="user123" \ | |
| password="password123" | |
| ## Create Vault Role for RabbitMQ ( here its using tags='management' its based on rabbitmq tags, ref: https://www.rabbitmq.com/management.html#permissions ) | |
| vault write rabbitmq/roles/my-role vhosts='{"vhosts":["/","/my-vhost"]}' permissions='.* .* .*' tags="management" | |
| ## Once all the above commands are success, vault will started producing the dynamic credentials. | |
| Command: vault read rabbitmq/creds/my-role | |
| Output: | |
| Key Value | |
| --- ----- | |
| lease_id rabbitmq/creds/my-role/aoPgxqS7gyP2sAkREQHeLsje | |
| lease_duration 768h | |
| lease_renewable true | |
| password rxkp8HGQBYUhiP2NRhaeGDZE6ohiQepEi4Vq | |
| username token-e4890cdc-f7dc-483a-d7b3-a1ebb6f8ba5d | |
| Note: this is not fine-tuned for production, above steps are of more related to dev-test environments. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment