I have a MQTT Broker (mosquitto) located at site A and another broker (mosquitto or RabbitMQ) at cloud. In order for data to be forwarded to cloud, I plan to bridged them and TLS-ed for data security.
At site A, software are communicate internally through MQTT and I DO NOT wish sensitive data be send to the cloud. (e.g: topic with "user/password")
Non-sensitive information such as "user/age", "user/gender" is send to cloud for statistical analysis.
How to configure broker at site A to bridged and conditionally only forward certain topic/message to the cloud broker (while maintaining internal messaging)?
There is no negative matching or programmatic matching in mosquitto so you have 2 options:
Totally separate the topic tree for the sensitive data and use a wildcard bridge configuration to send all the non sensitive data to the remote broker
security/password
connection cloud
address cloud.broker.foo
topic user/# out
Add individual topic bridge configurations for each topic you wish to bridge.
connection cloud
address cloud.broker.foo
topic user/age out
topic user/gender out