Open sky29 opened 12 months ago
Hi @sky29, thanks for writing in!
Could you share a bit more about what you're trying to achieve with Doppler and RabbitMQ?
@nmanoogian
I want to change RabbitMQ default User's password, when I change it in Doppler.
Step by Step Process/Scenario:
I use Doppler to hold secrets (rabbitmq: default_user and default_password)
I am having my own helm chart to deploy rabbitmq in HA mode (with external pvc mounted at: /var/lib/rabbitmq/mnesia : to keep data safe while pod restart). IT is DIY kind of helm chart: https://github.com/rabbitmq/diy-kubernetes-examples
I have configmap that disables guest user (loopback_users.guest = false). I am injecting secrets in rabbitmq statefulset as environment variable (default_user, default_pass) ..... this all are working fine and I am able to login to rabbitmq management UI using doppler secrets.
Now I change the password in Doppler, which reloads rabbitmq deployment, but it doesn't change the password in rabbitmq database. It might be because I am using external PVC, which keeps old passwords. I didn't find any way to implement this step.
This issue is more on RabbitMQ side then Doppler. They seems to have a solution for this using Hashicorp Vault: https://github.com/rabbitmq/default-user-credential-updater but I don't think, it will work with other secret managers like doppler.
Ah, I see! Thanks for walking me through that. Doppler doesn't support this kind of thing out-of-the-box today but there's almost certainly a way to make it work.
I haven't checked out this sidecar before but it looks like it's watching /etc/rabbitmq/conf.d/11-default_user.conf
for changes. If that's the case, you might be able to mount that file using volumeMounts
or write your own service which copies the username/password from Doppler into that volume.
Hello,
RabbitMQ has a repository "default-user-credential-updater" which works against Hashicorp Vault: https://github.com/rabbitmq/default-user-credential-updater
Is there any way we can achieve the same through Dopppler ?
I created an enhancement ticket (or query) on their repository, which describes the problem in detail: https://github.com/rabbitmq/default-user-credential-updater/issues/66
Let me know, If anyone has any suggestion.