Enabling RBAC for MQTT Broker

This article explains how to enable Role-Based Access Control (RBAC) for the MQTT broker.

  less than a minute  

  1. Go to the Releases tab in Lens.
  2. Select the release and click Upgrade. This will open the values file.
  3. Find the mqtt_broker section.
  4. Locate the rbacEnabled parameter and change its value from false to true.
  5. Click Upgrade.

Now all MQTT connections require password authentication with the following defaults:

  • Username: node-red
  • Password: INSECURE_INSECURE_INSECURE

To change these defaults:

  1. Open a Pod shell in Lens.

    Untitled

  2. Go to the installation directory of the RBAC extension: cd extensions/hivemq-file-rbac-extension/

  3. Generate a password hash with this command: java -jar hivemq-file-rbac-extension-4.5.3.jar -p <password> (replace <password> with your desired password, which should not contain whitespaces).

  4. Copy the generated hash.

  5. Open the united-manufacturing-hub-hivemqce-extension configmap.

    Untitled

  6. Replace the password hash with the one generated in step 3.

  7. Save the changes.

Don’t forget to update Node-Red connectors and any other service that uses MQTT to use the new authentication settings.

Last modified February 17, 2023: update (#208) (ea731fc)