DevOps, Programming

Apache Kafka secure setup

At one of my projects, I was trying to set Kerberos authentication (SASL_SSL). It seems that it’s the hardest possible approach to set up. Moreover I was working on localhost in an enterprise network which did not simplify work.

So after few weeks of fighting I ended up with knowledge that:

  • Documentation is quite precise
  • Kerberos/SASL_SSL manuals are not very precise and require deep knowledge on certificates
  • To generate keys on Windows 10 you need WSL
  • To get proper keys you need CA of your organization with private keys, so you won’t do it on your own

Assuming above, I ended up with conclusion that Kerberos/SASL_SSL is the safest approach however setup complexity is so hard that it is much easier and a bit less safer to use SSL with username/password. A side effect is ensuring secure storage of username and password (including password policy and account expiry).

Leave a Reply

Your email address will not be published.