Kafka serves as a block in a log shipping solution, data lake solutions, messaging and queue solutions. As such it is a vital and sensitive part of information security.
Using SSL keys are a good practice, however the key password should be kept confidential and in a safe place. The use of hardcoded password nullifies the idea of securing the key with a password.
server.properties, producer.properties, consumer.properties:
The same applies for
ssl.key. configuration prefixes.
Use an environment variable. In Kafka, configuration properties are prefixed by
KAFKA_ and are converted to
If it is not possible to use environment variables, you may want to use production-only templating solutions such as confd.
Updated 3 months ago