You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a program that watches a RabbitMQ config file containing `default_user` and `default_pass` for changes.
4
+
If the file changes, it updates the password in RabbitMQ.
5
+
6
+
It is meant to be deployed as a sidecar container by https://github.com/rabbitmq/cluster-operator when HashiCorp Vault is enabled.
7
+
8
+
The use case is as-follows:
9
+
1. Default user password changes in Vault server.
10
+
1. Vault agent sidecar places new password into `/etc/rabbitmq/conf.d/11-default_user.conf`.
11
+
1. This sidecar (default-user-credential-updater) updates the password RabbitMQ server side by doing an HTTP PUT against the RabbitMQ Management API. This allows for default user password rotation without the need to restart RabbitMQ server.
12
+
1. This sidecar copies new password to `/var/lib/rabbitmq/.rabbitmqadmin.conf` to be used by `rabbitmqadmin` CLI.
13
+
14
+
See [vault-default-user](https://github.com/rabbitmq/cluster-operator/tree/main/docs/examples/vault-default-user) for an end-to-end example.
0 commit comments