Broker connection without SSL exposes credentials and task data

warning

securityUpdated Dec 17, 2025(via Exa)

Sources

The Ultimate Guide to Real-Time Celery Task Monitoring: Stop Flying Blind in 2024 - BrightCodingwww.blog.brightcoding.dev

Technologies:

Celerysubject

RabbitMQRabbitMQ metrics correlate with this issue and help confirm diagnosis

How to detect:

CELERY_BROKER_URL uses unencrypted amqp:// protocol instead of amqps://, transmitting broker credentials and task payloads in cleartext over the network.

Recommended action:

Use amqps:// protocol for RabbitMQ connections in production. Configure broker SSL/TLS certificates. Verify firewall rules restrict broker access to VPC/VPN only. Rotate broker credentials regularly and never use default passwords.