Enabling SSL/TLS Encryption
When the Kafka cluster uses the Kafka SSL security protocol, enable the Kafka stage to use SSL/TLS encryption.
Before you enable Kafka stages to use SSL/TLS, make sure that you have performed all necessary prerequisite tasks. Then, perform the following steps to enable the Kafka stages to use SSL/TLS to connect to Kafka.
-
On the General tab of the stage, set the
Stage Library property to the appropriate Kafka
version.
If configuring a Kafka Consumer origin for a Kafka YARN cluster pipeline, set the property to Kafka version 0.10.0.0 or later.
-
On the Kafka tab of the stage, configure each Kafka
broker URI to use the SSL/TLS port.
The default SSL/TLS port number is 9093.
-
On the Security tab, configure the following
properties:
Security Property Description Security Option Set to SSL/TLS Encryption (Security Protocol=SSL). Truststore Type Type of truststore to use. Use one of the following types: - Java Keystore File (JKS)
- PKCS #12 (p12 file)
Default is Java Keystore File (JKS).
Truststore File Path to the truststore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory: ${runtime:resourcesDirPath()}/keystore.jksTruststore Password Password to the truststore file. Tip: To secure sensitive information such as passwords, you can use runtime resources or credential stores.credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.Enabled Protocols Comma-separated list of protocols used to connect to the Kafka brokers. Ensure that at least one of these protocols is enabled in the Kafka brokers. Note: Older protocols are not as secure as TLSv1.2.Note:
In Data Collector Edge pipelines, when you configure a Kafka Producer destination, enter an absolute path
for the truststore file that uses the PEM format.