Using a Credential Store

You can define Kerberos keytabs in a credential store, then call the appropriate keytab from a Kafka stage.

Defining Kerberos keytabs in a credential store allows you to store multiple keytabs for use by Kafka stages. It also provides flexibility in how you use the keytabs. For example, you might create two separate keytabs, one for Kafka origins and one for Kafka destinations. Or, you might provide separate keytabs for every Kafka stage that you define.

Using a credential store makes it easy to update keytabs without having to edit the stages that use them. This can simplify tasks such as recycling keytabs or migrating pipelines to production.

Make sure that Data Collector is configured to use a supported credential store. For a list of supported credential stores and instructions on enabling each credential store, see Credential StoresCredential Stores in the Data Collector documentation.

For an additional layer of security, you can require group access to credential store secretsrequire group access to credential store secrets. For more information, see Group Access to Secrets in the Data Collector documentation.