RabbitMQ

Overview#

The RabbitMQ connector proxies AMQP 0-9-1 messages through QuantaSeal. Credentials are sealed in QuantaVault and the AMQP URL is validated against SSRF allowlists before each connection.

Prerequisites#

• 1A RabbitMQ broker (self-hosted or CloudAMQP / Amazon MQ)
• 2AMQP connection URL (amqp:// or amqps://)
• 3A QuantaSeal API key

Configuration#

Follow these steps to connect RabbitMQ to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1. 1

   Obtain your RabbitMQ AMQP URL (e.g. amqps://user:pass@broker.example.com:5671/vhost).

2. 2

   Seal: POST /api/v2/vault/seal with credential_type: database_dsn and values: {dsn: 'amqps://...'}.

3. 3

   Create integration with system_type: rabbitmq, config: {exchange, routing_key, queue}.

Authentication Types#

Seal the full AMQP URL (amqps://user:pass@host:5671/vhost) as database_dsn credential type in QuantaVault.

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_RABBIT001","operation":"publish","payload":{"exchange":"orders","routing_key":"order.placed","body":{"order_id":9001}}}'

Troubleshooting#