This is a program that watches a RabbitMQ config file containing default_user
and default_pass
for changes.
If the file changes, it updates the password in RabbitMQ.
It is meant to be deployed as a sidecar container by when HashiCorp Vault is enabled.
The use case is as-follows:
- Default user password changes in Vault server.
- Vault agent sidecar places new password into
. - This sidecar (default-user-credential-updater) updates the password RabbitMQ server side by doing an HTTP PUT against the RabbitMQ Management API. This allows for default user password rotation without the need to restart RabbitMQ server.
- This sidecar copies new password to
to be used byrabbitmqadmin
See vault-default-user for an end-to-end example.