Kafka supports TLS/SSL encrypted communication with both brokers and clients. Client
configuration is done by setting the relevant security-related properties for the client.
The following steps demonstrate configuration for the console consumer or producer. If you
are configuring a custom developed client, see Java client security examples
or .Net client security examples for code examples.
- Generate or acquire a truststore containing the certificate of the Certificate
Authority that issued the broker certificates.
- Note down the location and password for the truststore. You will need to provide these
during configuration.
- Create a
.properties
file.In this example the file is
named client.properties
.
- Add the mandatory properties to the file.
The following configuration
example contains all mandatory
properties:
security.protocol=SSL
ssl.truststore.location= [***PATH TO CLIENT TRUSTSTORE***]
ssl.truststore.password=[***PASSWORD***]
- (Optional) Add additional security properties to the file.
Depending on your requirements and broker configuration, additional configuration
properties might also be needed. The following are some of the most commonly used
optional properties:
ssl.provider
ssl.cipher.suites
ssl.enabled.protocols
ssl.truststore.type
ssl.keystore.type
- Run the client.
- Console Producer
-
kafka-console-producer --bootstrap-server [***HOST1:PORT1***] --topic [***TOPIC***] --producer.config client.properties
- Console Consumer
-
kafka-console-consumer --bootstrap-server [***HOST1:PORT1***] --topic [***TOPIC***] --consumer.config client.properties
Kafka clients are configured for TLS/SSL encryption.