IBM MQ Security
The IBM MQ integration supports plain username/password authentication and optional MQ-native TLS configuration.
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
Plain Credentials
SASLPlaintextcan be used to provide MQ credentials
TLS with PEM inputs
1 2 3 4 5 6 7 8 9 10 11 12 | |
Use this mode when you have:
- client certificate PEM file
- client private key PEM file
- a CA PEM file
Use mq_tls_from_pem(...) for this mode. FastStream prepares a temporary PKCS12 keystore in Python and connects using MQ-native TLS settings.
If your deployment has multiple CA certificates, bundle them into a single PEM file before passing it as ca_cert.
If keystore_password is omitted, FastStream generates a strong random password for the process-local temporary keystore.
TLS with a prebuilt MQ key repository
1 2 3 4 5 6 7 8 9 10 11 | |
Use mq_tls_from_keystore(...) if your deployment already provides a PKCS12 keystore.
Notes
- IBM MQ TLS is configured with
tls=..., not with Pythonssl_context security.use_ssl=Truealone is not enough for IBM MQtls=Nonekeeps the current non-TLS behavior