Does Kafka support secure communication?
-
21-12-2019 - |
Question
I have been reading a lot of Apache Kafka documentation, but am unable to find if Kafka supports secured communication between Producers-Brokers, Brokers-Consumers, and especially for inter-data center communication for broker replication.
Solution
Update: As of 0.9.0.0 the SSL implementation is added to Kafka. The SSL configuration should be added explicitly on the broker side.
It is even possible to enable SSL for inter-broker communication by adding following property to the broker's property file.
security.inter.broker.protocol=SSL
Regarding the producer and consumers the SSL is only supported for the new API.
For details regarding generation of key, certificate and configuration please check deploying SSL for Kafka
Previous Releases
Before 0.9.0.0
Kafka does not
support SSL/authentication and as far as my understanding goes they do not have it in their near team road map. One way could be to use encryption at your end and send the encrypted data through producers.
However they have this discussion regarding implementing security in future.
Similar discussion can be found here
UPDATE
Thanks to @ppearcy for his findings
Likely things changed since this was posted, but currently security is on the roadmap: https://cwiki.apache.org/confluence/display/KAFKA/Security
OTHER TIPS
There have been patches to support client authentication and secure in transit message delivery but note this has not made it to any production release yet. There are interesting discussions and future work that includes client authentication, authorization as well as encryption of data at rest https://www.mail-archive.com/dev@kafka.apache.org/msg11664.html