Enabling RBAC for MQTT Broker
This article explains how to enable Role-Based Access Control (RBAC) for the MQTT broker.
less than a minute
- Go to the Releases tab in Lens.
- Select the release and click Upgrade. This will open the values file.
- Find the
mqtt_broker
section. - Locate the
rbacEnabled
parameter and change its value fromfalse
totrue
. - Click Upgrade.
Now all MQTT connections require password authentication with the following defaults:
- Username:
node-red
- Password:
INSECURE_INSECURE_INSECURE
To change these defaults:
Open a Pod shell in Lens.
Go to the installation directory of the RBAC extension:
cd extensions/hivemq-file-rbac-extension/
Generate a password hash with this command:
java -jar hivemq-file-rbac-extension-4.5.3.jar -p <password>
(replace<password>
with your desired password, which should not contain whitespaces).Copy the generated hash.
Open the
united-manufacturing-hub-hivemqce-extension
configmap.Replace the password hash with the one generated in step 3.
Save the changes.
Don’t forget to update Node-Red connectors and any other service that uses MQTT to use the new authentication settings.
Last modified February 17, 2023: update (#208) (ea731fc)