Hi Mohanavalli, the passwords in the acceptor needs to be decoded and the one-way algorithm of the default sensitive string codec doesn't support decoding, see https://github.com/apache/activemq-artemis/blob/2.42.0/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.java#L248 .
You can use a custom codec that implements the decode method, see https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords.html#using-a-custom-codec Regards, Domenico On Tue, 15 Jul 2025 at 09:45, Mohanavalli A <mohanavall...@it.eurofinseu.com.invalid> wrote: > Hi All, > > As the two-way algorithm in the default sensitive string codec for > password masking has been deprecated since Artemis 2.38.0, can the broker > be configured to use the one-way algorithm with default codec. If yes, how > to enable this in broker.xml? > > I added below configuration in broker.xml and used the one-way hashed > password in the acceptor, but it still considers it as 2-way algorithm and > throws java.lang.IllegalArgumentException: Password must be encrypted. > > ``` > > <password-codec>org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;algorithm=one-way</password-codec> > ``` > > Thanks, > Mohanavalli A >
