Kafka Streams natively integrates with the Kafka’s security features and supports all of the client-side security features in Kafka. Streams leverages the Java Producer and Consumer API.
To secure your Stream processing applications, configure the security settings in the corresponding Kafka producer and consumer clients, and then specify the corresponding configuration settings in your Kafka Streams application.
Kafka supports cluster encryption and authentication, including a mix of authenticated and unauthenticated, and encrypted and non-encrypted clients. Using security is optional.
Here a few relevant client-side security features:
You can enable the encryption of the client-server communication between your applications and the Kafka brokers. For example, you can configure your applications to always use encryption when reading and writing data to and from Kafka. This is critical when reading and writing data across security domains such as internal network, public internet, and partner networks.Client authenticationYou can enable client authentication for connections from your application to Kafka brokers. For example, you can define that only specific applications are allowed to connect to your Kafka cluster.Client authorizationYou can enable client authorization of read and write operations by your applications. For example, you can define that only specific applications are allowed to read from a Kafka topic. You can also restrict write access to Kafka topics to prevent data pollution or fraudulent activities.
- Introduction to Kafka Security Unlimited
- Securing Data Streams in Kafka Unlimited
- How Kafka Security Works Unlimited
- Data Security and Encryption Unlimited
- Creating a Secure Connection to Your Kafka Cluster Unlimited
- Kafka Authentication Basics Unlimited
- Kafka Principal Unlimited
- Configuring Authentication: Listeners and Security Protocols Unlimited
- Authorization Unlimited
- ACLs Unlimited
- Creating ACLs Unlimited
- How Kafka Applies ACLs Unlimited
- Customizing Access Control Unlimited
- Considerations Unlimited
- Hands On: Setting Up Encryption Unlimited
- Securing ZooKeeper Unlimited
- SSL Unlimited
- SASL Unlimited
- SSL vs. SASL Unlimited
- Network Segmentation Unlimited
- Security Recommendations Unlimited
- Education Unlimited
- Start with Security in Mind Unlimited
- Checklist Unlimited