I am planning to use vert.x event bus across cluster as well as across web client. Can you please clarify if the event bus is secure to exchange confidential data? If I am not wrong event bus uses JSON or simple vertx compatible data types, the documentation does not clearly mention if this can be encrypted while passing through event bus. Appreciate examples if any.
2 Answers
7
votes
I believe this has now been addressed. If you read the blog about the recent 3.3.0 release - http://vertx.io/blog/vert-x-3-3-0-is-released/ - the following is mentioned:
"With this version, you can configure the TCP aspects of the event bus for, for instance, use SSL."
And then if you look here - https://github.com/eclipse/vert.x/blob/master/src/main/java/examples/EventBusExamples.java - you can find the following code in example13:
VertxOptions options = new VertxOptions()
.setEventBusOptions(new EventBusOptions()
.setSsl(true)
So, while the transport may not be secured by default for the bus, it should now be possible to enable SSL to do so if needed.
3
votes
The Vert.x event bus does not currently support SSL between servers. This is a feature that has been popular to request for some businesses, but hasn't yet been implemented AFAIK in Vert.x 2 or 3.
However, with regard to encryption for clients, if you're referring to the event bus bridge then that can indeed be encrypted. The event bus bridge simply wraps a web socket to communicate between client and server, so you have control over the configuration of that aspect of the event bus. Simply set up SSL on the HttpServer before you create the event bus bridge. Just be careful with the address permissions you allow when constructing the bridge.
UPDATE
Vert.x now supports SSL. See rdruss's answer.
