Configuring application access to RabbitMQ without compromising credentials in the source code is a challenging problem to solve. Following security best practices, each set of RabbitMQ credentials represents a single application Identity. Managing application identities at scale as applications and platforms grow becomes an operational burden.

In this demo-driven talk, I will show how you can use HashiCorp Vault to offset the operational overhead of Identity and Access Management. In a few lines of code, I will demonstrate how to configure applications to securely access RabbitMQ using short lived, on-demand credentials. I will also illustrate how the principle of least privileged access can be applied to applications using Vault with RabbitMQ’s Role Based Access Control.

By the end of this talk, you will learn how to configure Vault using Terraform to broker application identity on behalf of RabbitMQ and refactor a simple Go application to implement this authentication workflow.