Options for encrypted configuration values with erlsrv.exe
Tue Jan 19 16:26:08 CET 2021
As far as I know there is no out-of-the box solution for this since,
in general, non-encrypted certs are used for TLS-enabled distributed
Erlang or the password is specified in the ssl_dist_optfile file.
If a solution did exist for retrieving the password to decrypt the
certs how would it work? You would have to have some sort of
credential stored locally.
A better solution would be to add support for the Windows cert store
to the Erlang VM but I know of no plans to do so.
On Mon, Jan 18, 2021 at 12:10 AM Joseph L. Casale
> I am using erlsrv.exe on Windows to run RabbitMQ as a service. The broker is
> configured to only expose tcp services through TLS. As a result the CA, certificate,
> private key and its password are specified in file passed to the ssl_dist_optfile
> In reading the docs, I see the options are to encrypt it with a passphrase and either
> include the passphrase directly or through a file, or via stdin.
> Does Erlang provide a facility to execute a script in order to obtain the password
> or passphrase when starting? Even with physical security, this will be a challenge
> without an additional level of security.
More information about the erlang-questions