Go to Chainguard.dev
Send feedback Contact
Chainguard Images Reference

Image Overview: rabbitmq-fips

Overview: rabbitmq-fips Chainguard Image
Reference Chainguard Images Product

Using rabbitmq in FIPS mode

To use this image in FIPS mode, the rabbitmq server application needs to load an extra configuration file containing the following (in the old Rabbitmq config format):

[
    {crypto, [
        {fips_mode, true}
    ]}
].

The file is located in /etc/erlang/releases/26/sys.config in this image.

The file can be loaded by setting an environment variable that points to the file:

RABBITMQ_ADVANCED_CONFIG_FILE=/etc/erlang/releases/26/sys.config

Verifying rabbitmq is in FIPS mode

To verify if rabbitmq is running with FIPS enabled, use the following command:

/usr/lib/rabbitmq/bin/rabbitmqctl environment |grep fips

If FIPS is enabled, the result will look like the following:

 {crypto,[{fips_mode,true},{rand_cache_size,896}]},

The rabbitmqctl command also outputs JSON, which can be parsed like this:

/usr/lib/rabbitmq/bin/rabbitmqctl environment --formatter json |jq '.crypto .fips_mode'

The result will be true if FIPS is enabled, or false if it is not.

Last updated: 2024-02-29 16:25