Reputation: 1
Is there a way to encrypt kafka security configuration(ssl config) passwords at broker and client side
How to encrypt Kafka security configuration passwords at broker and client side.
I am currently storing the Kafka security configurations(password related configs) in Plain-text format in the following ways
- at the Kafka server side in Kafka/config/server.properties
ssl.truststore.password=
ssl.keystore.password=
ssl.key.password=
listener.name.sasl.ssl.scram-sha-256.sasl.jaas.config.password=
the values are Plain-text passwords
- at the client side in application.properties
spring.cloud.stream.kafka.binder.jaas.options.password =
spring.cloud.stream.kafka.binder.configuration.ssl.truststore.password =
the values are Plain-text passwords
but I instead of storing these passwords as Plain-text, I want to store them in encrypted form at both the above places. I am looking for some sample examples for the same as I couldn't find any helpful resources for the same.
Upvotes: 0
Views: 855
Answers (1)
Reputation: 191743
For the broker, I'm not sure you can. Rather, you'd limit who can access the server. You can use scripts to generate the file from external services like Vault, but the file itself will still consist of plaintext values.
For the client, Spring properties can use variable interpolation with environment variables, Spring Config Server, Vault etc.
Upvotes: 1
Related Questions
- Is there a way to purge the topic in Kafka?
- Exception while loading Zookeeper JAAS login context and Could not find a 'KafkaServer' or 'sasl_plaintext.KafkaServer' entry in the JAAS
- Setup kafka security cluster with SASL/PLAIN
- Configure Apache KAFKA with external and internal listeners and SASL Authentication for external publish/subscribe
- How to set encrypted password in Mule and kafka connector consumer and producer properties file
- Configure SSL and ACLs for kafka-console-consumer