Configuring Wire Encryption
Also available as:
PDF
loading table of contents...

Configuring Kafka Producer and Kafka Consumer

Examples for configuring Kafka Producer and Kafka consumer. SSL is supported for new Kafka Producers and Consumer processes; the older API is not supported. Configuration settings for SSL are the same for producers and consumers.

If client authentication is not needed in the broker, then the following is a minimal configuration example:

security.protocol = SSL
ssl.truststore.location = /var/private/ssl/kafka.client.truststore.jks
ssl.truststore.password = test1234

If client authentication is required, first create a keystore (described earlier in this chapter). Next, specify the following settings:

ssl.keystore.location = /var/private/ssl/kafka.client.keystore.jks
ssl.keystore.password = test1234
ssl.key.password = test1234

One or more of the following optional settings might also be needed, depending on your requirements and the broker configuration:

Property Description Value(s)
ssl.provider The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.
ssl.cipher.suites Specify one or more cipher suites: named combinations of authentication, encryption, MAC and key exchange algorithms used to negotiate the security settings for a network connection using the TLS or SSL network protocol.
ssl.enabled.protocols List at least one of the protocols configured on the broker side. Note: SSL is deprecated; its use in production is not recommended. TLSv1.2,TLSv1.1,TLSv1
ssl.keystore.type Specify the SSL keystore type. JKS
ssl.truststore.type Specify the SSL truststore type. JKS

The following two examples launch console-producer and console-consumer processes:

kafka-console-producer.sh --broker-list localhost:9093 --topic test --producer.config client-ssl.properties

kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic test --new-consumer --consumer.config client-ssl.properties