Clarification on config_entry_decoder and private key password in rabbitmq.conf #13226

moerwald · 2025-02-10T11:05:40Z

moerwald
Feb 10, 2025

Describe the bug

In previous versions of RabbitMQ, using the old rabbitmq.conf format, I was able to configure parameters such as:

config_entry_decoder
password under the ssl section

However, after migrating to the new configuration format (rabbitmq.conf with the INI-like structure), I could not find documentation on whether these parameters are still supported or have been deprecated.

Reproduction steps

Expected behavior

The documentation should clarify whether these parameters are still supported in the new format.

If they are deprecated, alternative approaches should be documented.

Additional context

Actual Behavior:

No clear documentation exists regarding these parameters in the new format.

It is unclear if they are automatically migrated or need an alternative setting.

RabbitMQ Version:

RabbitMQ 3.13.6

Erlang Version:

Erlang 26.2.5.2

Related Documentation:

https://www.rabbitmq.com/configure.html

Could you please clarify if config_entry_decoder and ssl.password are supported in the new configuration format, and if so, how they should be set?

Thanks!

Answered by michaelklishin

Feb 10, 2025

@moerwald RabbitMQ 3.13.x is out of community support.

You were never able to configure config_entry_decoder via rabbitmq.conf. It is an advanced.config-only feature, just like it has always been.

TLS guide has a section called private key passwords which has a rabbitmq.conf example.

Finally, the Configuration guide has a section on value escaping and values coming from a set of environment variables in modern rabbitmq.conf.

On top of that, 4.0.x support tagged string and binary configuration values that we have apparently forgotten to document (or I cannot find where we did)
but they allow the encoded values to be used in rabbitmq.conf and not just advanced.config by prefixing them.

4.0.x …

View full answer

michaelklishin · 2025-02-10T19:32:25Z

michaelklishin
Feb 10, 2025
Maintainer

@moerwald RabbitMQ 3.13.x is out of community support.

You were never able to configure config_entry_decoder via rabbitmq.conf. It is an advanced.config-only feature, just like it has always been.

TLS guide has a section called private key passwords which has a rabbitmq.conf example.

Finally, the Configuration guide has a section on value escaping and values coming from a set of environment variables in modern rabbitmq.conf.

On top of that, 4.0.x support tagged string and binary configuration values that we have apparently forgotten to document (or I cannot find where we did)
but they allow the encoded values to be used in rabbitmq.conf and not just advanced.config by prefixing them.

4.0.x supports all of those features. I no longer remember if 3.13.6 does. In any case, "out of community support" means just that, "out of community support".

0 replies

michaelklishin · 2025-02-10T19:39:17Z

michaelklishin
Feb 10, 2025
Maintainer

Also, the "new" configuration format has first shipped in RabbitMQ 3.7.0 in Nov 2017. It's hardly all that "new" any more.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clarification on config_entry_decoder and private key password in rabbitmq.conf #13226

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Clarification on config_entry_decoder and private key password in rabbitmq.conf #13226

moerwald Feb 10, 2025

Describe the bug

Reproduction steps

Expected behavior

Additional context

Replies: 2 comments

michaelklishin Feb 10, 2025 Maintainer

michaelklishin Feb 10, 2025 Maintainer

moerwald
Feb 10, 2025

michaelklishin
Feb 10, 2025
Maintainer

michaelklishin
Feb 10, 2025
Maintainer