Kafka credentials property reference

A Kafka credential allows services and Cloudera tools to securely connect to Kafka clusters that are external to a particular Cloudera Manager instance. Review the Kafka credentials property reference to better understand what options you have when configuring and setting up a Kafka credential.

Name

Description
Specifies the name of the Kafka credential. For SRM, the name you specify here is equivalent to the cluster alias. As a result, this name is used to refer to the cluster that the credential defines when configuring SRM properties and when using the srm-control tool. Cloudera recommends that you specify unique and easily identifiable names.

Boostrap servers

Description
Specifies the addresses of the Kafka brokers. Add a comma-separated list of host and port pairs. The host can be specified as an IP address or an FQDN.
Example
my-kafka-cluster-host-1.com:9093, my-kafka-cluster-host-2.com:9093

JAAS secret [1-3]

Description

There are three JAAS Secret properties, numbered 1-3. All three properties can be used to specify sensitive JAAS configuration values. Values set in these properties can be referenced with placeholders in the JAAS configuration you add to the JAAS template property.

JAAS template

Description
Specifies the JAAS configuration that SRM uses when connecting to this cluster. The configuration you add to this property can contain placeholders. These placeholders can be used to hide sensitive information. The property accepts and resolves the following placeholders:
  • ##JAAS_SECRET_1##

    Used to refer to the value set in the JAAS Secret 1 property.

  • ##JAAS_SECRET_2##

    Used to refer to the value set in the JAAS Secret 2 property.

  • ##JAAS_SECRET_4##

    Used to refer to the value set in the JAAS Secret 3 property.

Example
org.apache.kafka.common.security.plain.PlainLoginModule required username="##JAAS_SECRET_1##" password="##JAAS_SECRET_2##";

In this example ##JAAS_SECRET_1## and ##JAAS_SECRET_2## are used to hide sensitive information. The values of the username and password are defined in the JAAS Secret 1 and JAAS Secret 2 properties.

If for example the JAAS Secret 1 and JAAS Secret 2 properties were set to “username” and “password”, the resolved JAAS configuration would be the following:
org.apache.kafka.common.security.plain.PlainLoginModule required username="username" password="password";

Kerberos Service Name

Description
Specifies the name of the Kafka kerberos principal. Only required if the SASL Mechanism property is set to GSSAPI.

Key Password

Description
Specifies the password used to access the keys stored in the keystore configured in the Keystore Path property.

Keystore Password

Description
Specifies the password used to access the keystore configured in the Keystore Path property.

Keystore Path

Description
Specifies the path to the keystore containing the authorized client’s certificates or keys

Keystore Type

Description
Specifies the type of the keystore configured in the Keystore Path property

SASL Mechanism

Description
Specifies the SASL mechanism used for authentication by the Kafka cluster that the client is connecting to.
Accepted values
  • GSSAPI
  • PLAIN
  • SCRAM-SHA-256
  • SCRAM-SHA-512
  • OAUTHBEARER

Security Protocol

Description

Specifies the security protocol used by the Kafka cluster that the client is connecting to.

Accepted values
  • PLAINTEXT
  • SSL
  • SASL_PLAINTEXT
  • SASL_SSL

Truststore Password

Description
Specifies the password used to access the truststore specified in the Truststore Path property

Truststore Path

Description

Specifies the path to the truststore containing the certificates or keys belonging to the Kafka cluster that the client is connecting to.

Truststore Type

Description
Specifies the type of the truststore configured in the Truststore Path property.