[KAFKA-348] Support SSL Configuration in connector properties Created: 18/Jan/23  Updated: 28/Oct/23  Resolved: 02/Mar/23

Status: Closed
Project: Kafka Connector
Component/s: Configuration, Sink, Source
Affects Version/s: None
Fix Version/s: 1.10.0

Type: New Feature Priority: Major - P3
Reporter: Ed Berezitsky Assignee: Ross Lawley
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by KAFKA-346 Add client truststore/keystore config... Closed
Related
related to KAFKA-358 Test SSL configuration on evergreen Backlog
is related to KAFKA-346 Add client truststore/keystore config... Closed
Quarter: FY24Q1
Documentation Changes Summary:

Added the following new configurations so users can set the ssl properties for the connector specifically in the connection options:

connection.ssl.trustStore=<your path to truststore> 
connection.ssl.trustStorePassword=<your truststore password> 
connection.ssl.keyStore=<your path to keystore> 
connection.ssl.keyStorePassword=<your keystore password>"

Has the benefit of not relying on system properties which impact the whole jvm.


 Description   

Currently, truststore and keystore are supported using system properties using 

export KAFKA_OPTS="\
-Djavax.net.ssl.trustStore=<your path to truststore> \
-Djavax.net.ssl.trustStorePassword=<your truststore password> \
-Djavax.net.ssl.keyStore=<your path to keystore> \
-Djavax.net.ssl.keyStorePassword=<your keystore password>"

and described in documentation.

In many deployments it is not possible to control java execution environment, and would be more convenient to use connector properties to handle those params, for examples:

connection.ssl.trustStore=<your path to truststore> 
connection.ssl.trustStorePassword=<your truststore password> 
connection.ssl.keyStore=<your path to keystore> 
connection.ssl.keyStorePassword=<your keystore password>"

 



 Comments   
Comment by Ross Lawley [ 02/Mar/23 ]

Thanks bdesert@gmail.com for the PR.

Comment by Githook User [ 02/Mar/23 ]

Author:

{'name': 'Ed B', 'email': 'bdesert@gmail.com', 'username': 'bdesert'}

Message: SSLContext Configuration

Adds the following configuration:

connection.ssl.truststore=<your path to truststore>
connection.ssl.truststorePassword=<your truststore password>
connection.ssl.keystore=<your path to keystore>
connection.ssl.keystorePassword=<your keystore password>

KAFKA-348
Branch: master
https://github.com/mongodb/mongo-kafka/commit/6b74d269d412807e1598299757fa3675e47c7a62

Comment by Esha Bhargava [ 20/Jan/23 ]

bdesert@gmail.com Thank you for reporting this issue. We'll look into it and get back to you soon.

Generated at Thu Feb 08 09:06:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.