Skip to content

Instantly share code, notes, and snippets.

@dtanner

dtanner/kafka-cert-options.md

Last active September 15, 2023 16:33
Show Gist options
  • Save dtanner/802fd544507883718df8dc08fbd91b41 to your computer and use it in GitHub Desktop.
Save dtanner/802fd544507883718df8dc08fbd91b41 to your computer and use it in GitHub Desktop.
Download ZIP
kafka certificate options
Raw
kafka-cert-options.md

Does this remind anyone else of the Emo Philips Northern Conservative Baptist Great Lakes Region Council of 1912 joke?

Format Base64 Encoded Java Client Compatible Kcat Compatible Benthos Compatible YAML Config Compatible
JKS File
PKCS12 File
PKCS8 PEM String
PKCS8 PEM Unencrypted File
PKCS1 Encrypted PEM File
PKCS8 Encrypted PEM File (MD5 DES-CBC)
PKCS8 Encrypted PEM File (any secure modern algo)

Sample Java Kafka client properties using a PKCS #8 password-protected key

PEM

"security.protocol" = "SSL"
"ssl.keystore.type" = "PEM"
"ssl.keystore.location" = "/my-kafka-cert.pem"
"ssl.endpoint.identification.algorithm" = ""
"ssl.key.password" = "$THE_PASSWORD"

Sample kcat config file using a PKCS #8 password-protected key

security.protocol=ssl
ssl.certificate.location=/my-kafka-cert.com.pem
ssl.ca.location=/my-kafka-cert.pem
ssl.key.location=/rmy-kafka-cert.pem
ssl.key.password=$THE_PASSWORD

kcat -P -b thebroker:9093 -t thetopic -F /reference-dev.kcat.conf -T -K::: -l /tmp/messages

where /tmp/messages is:

foo-bar:::{"a": true}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment