.NET client security examples
Review the .NET client security examples to learn what configuration properties you have to set when connecting to secured or unsecured clusters.
The following code snippets give you a few simple examples on what configuration properties you need to set for your Kafka clients when connecting them to either secured or unsecured Kafka clusters. Use the following examples as a starting point and make changes as necessary.
Unsecure
var producerConfig = new ProducerConfig
{
BootstrapServers = "***BROKER HOST***:***PORT***"
};
SSL
var producerConfig = new ProducerConfig
{
BootstrapServers = "***BROKER HOST***:***PORT***",
SecurityProtocol = SecurityProtocol.Ssl,
SslCaLocation = "***PATH TO BROKER CA CERTIFICATE***",
SslKeystoreLocation = "***KEYSTORE LOCATION***", // client’s keystore, pkcs12 format
SslKeystorePassword = "***KEYSTORE PASSWORD***” // client’s keystore password
};
PLAIN (LDAP, PAM, and others)
var producerConfig = new ProducerConfig
{
BootstrapServers = "***BROKER HOST***:***PORT***",
SecurityProtocol = SecurityProtocol.SaslSsl,
SaslMechanism = SaslMechanism.Plain,
SslCaLocation = "***PATH TO BROKER CA CERTIFICATE***",
SaslUsername = "***USERNAME***",
SaslPassword = "***PASSWORD***"
};
Kerberos
var producerConfig = new ProducerConfig
{
BootstrapServers = "***BROKER HOST***:***PORT***",
SecurityProtocol = SecurityProtocol.Sasl,
SaslMechanism = SaslMechanism.Gssapi,
SaslKerberosServiceName = "kafka"
};
Schema Registry
Review the .NET client security examples to learn what configuration properties you have to set when connecting to secured or unsecured clusters.
The following code snippets give you a few simple examples on what configuration
properties you need to set for your Schema Registry clients when connecting them to either
secured or unsecured Schema Registry. Use the following examples as a starting point and
make changes as necessary.
- Unsecure
-
var schemaRegistryConfig = new SchemaRegistryConfig { Url = "http://***SCHEMA REGISTRY HOST***:***PORT***/api/v1" };
- SSL/Mutual TLS
-
var schemaRegistryConfig = new SchemaRegistryConfig { Url = "https://***SCHEMA REGISTRY HOST***:***PORT***/api/v1", SslCaLocation = "***PATH TO SCHEMA REGISTRY CA CERTIFICATE***", SslKeystoreLocation = "***KEYSTORE LOCATION***", SslKeystorePassword = "***KEYSTORE PASSWORD***" };
- PLAIN/Knox authentication
-
var schemaRegistryConfig = new SchemaRegistryConfig { Url = "https://***SCHEMA REGISTRY HOST***:***PORT***/api/v1", SslCaLocation = "***PATH TO SCHEMA REGISTRY CA CERTIFICATE***", BasicAuthCredentialsSource = AuthCredentialsSource.UserInfo, BasicAuthUserInfo = "***USERNAME***:***PASSWORD***" };