Kafka credentials property reference
A Kafka credential allows services and Cloudera tools to securely connect to Kafka clusters that are external to a particular Cloudera Manager instance. Review the Kafka credentials property reference to better understand what options you have when configuring and setting up a Kafka credential.
Name
- Description
- Specifies the name of the Kafka credential. For SRM, the name you specify here is
equivalent to the cluster alias. As a result, this name is used to refer to the cluster
that the credential defines when configuring SRM properties and when using the
srm-control
tool. Cloudera recommends that you specify unique and easily identifiable names.
Boostrap servers
- Description
- Specifies the addresses of the Kafka brokers. Add a comma-separated list of host and port pairs. The host can be specified as an IP address or an FQDN.
- Example
my-kafka-cluster-host-1.com:9093, my-kafka-cluster-host-2.com:9093
JAAS secret [1-3]
- Description
-
There are three JAAS Secret properties, numbered 1-3. All three properties can be used to specify sensitive JAAS configuration values. Values set in these properties can be referenced with placeholders in the JAAS configuration you add to the JAAS template property.
JAAS template
- Description
- Specifies the JAAS configuration that SRM uses when connecting to this cluster. The
configuration you add to this property can contain placeholders. These placeholders can
be used to hide sensitive information. The property accepts and resolves the following
placeholders:
- ##JAAS_SECRET_1##
Used to refer to the value set in the JAAS Secret 1 property.
- ##JAAS_SECRET_2##
Used to refer to the value set in the JAAS Secret 2 property.
- ##JAAS_SECRET_4##
Used to refer to the value set in the JAAS Secret 3 property.
- ##JAAS_SECRET_1##
- Example
org.apache.kafka.common.security.plain.PlainLoginModule required username="##JAAS_SECRET_1##" password="##JAAS_SECRET_2##";
In this example ##JAAS_SECRET_1## and ##JAAS_SECRET_2## are used to hide sensitive information. The values of the username and password are defined in the JAAS Secret 1 and JAAS Secret 2 properties.
If for example the JAAS Secret 1 and JAAS Secret 2 properties were set to “username” and “password”, the resolved JAAS configuration would be the following:org.apache.kafka.common.security.plain.PlainLoginModule required username="username" password="password";
Kerberos Service Name
- Description
- Specifies the name of the Kafka kerberos principal. Only required if the
SASL Mechanism property is set to
GSSAPI
.
Key Password
- Description
- Specifies the password used to access the keys stored in the keystore configured in the Keystore Path property.
Keystore Password
- Description
- Specifies the password used to access the keystore configured in the Keystore Path property.
Keystore Path
- Description
- Specifies the path to the keystore containing the authorized client’s certificates or keys
Keystore Type
- Description
- Specifies the type of the keystore configured in the Keystore Path property
SASL Mechanism
- Description
- Specifies the SASL mechanism used for authentication by the Kafka cluster that the client is connecting to.
- Accepted values
-
GSSAPI
PLAIN
SCRAM-SHA-256
SCRAM-SHA-512
OAUTHBEARER
Security Protocol
- Description
-
Specifies the security protocol used by the Kafka cluster that the client is connecting to.
- Accepted values
-
PLAINTEXT
SSL
SASL_PLAINTEXT
SASL_SSL
Truststore Password
- Description
- Specifies the password used to access the truststore specified in the Truststore Path property
Truststore Path
- Description
-
Specifies the path to the truststore containing the certificates or keys belonging to the Kafka cluster that the client is connecting to.
Truststore Type
- Description
- Specifies the type of the truststore configured in the Truststore Path property.