Starlight for RabbitMQ security
Starlight for RabbitMQ supports connections using TLS/mTLS to ensure privacy and security of the communication. It also supports the
EXTERNAL mechanisms used by RabbitMQ.
Internally, it uses the same AuthenticationService as Pulsar and maps these mechanisms to existing Pulsar authentication modes. At the moment there is no support for authorization so an authenticated user has full access to all
Virtual hosts. Starlight for RabbitMQ can connect to brokers that have TLS, authentication, and/or authorization enabled.
To perform its operations, Starlight for RabbitMQ proxy needs to use an
PLAIN mechanism is mapped to the
AuthenticationProviderToken mode of authentication.
The username is ignored and the password is used as the JSON Web Token (JWT).
EXTERNAL mechanism is mapped to the
AuthenticationProviderTls mode of authentication.
This is the equivalent of the
rabbitmq-auth-mechanism-ssl plugin with
ssl_cert_login_from parameter set to