Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question] How to get SASL_SSL with SCRAM on Kafka Connect

See original GitHub issue

I’ve followed the documentation on how to setup from SCRAM but the security protocol get’s set to SASL_PLAINTEXT

security.protocol = SASL_PLAINTEXT

Is there anyway to get it to be SASL_SSL?

For some context I’m trying to integrate with MSK using SASL SCRAM. https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html

security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="username" password="password";

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (3 by maintainers)

Top GitHub Comments

5reactions

scholzjcommented, Oct 1, 2020

To add from tomorrow … this example is using SASL_SSL: https://github.com/strimzi/strimzi-kafka-operator/blob/02edfdd9b0b78c1e5ffbc4c052da24c8c1bbf3f4/examples/security/scram-sha-512-auth/connect.yaml#L102

But MSK normally uses signed certificates so you do not need to provide the trusted certificate and can do just something like this:

  tls:
    trustedCertificates: []
  authentication:
    type: scram-sha-512
    username: my-connect
    passwordSecret:
      secretName: my-connect
      password: password

2reactions

scholzjcommented, Sep 30, 2020

Yeah. You just configure TLS in .spec.tls and SASL auth in .spec.auth … and when they are both set, it enables SASL_SSL. Not at my desk right now, but I can provide docs links and examples tomorrow.

On Thu 1. 10. 2020 at 1:13, Paulo Casaes notifications@github.com wrote:

I’ve followed the documentation on how to setup from SCRAM but the security protocol get’s set to SASL_PLAINTEXT

security.protocol = SASL_PLAINTEXT

Is there anyway to get it to be SASL_SSL?

For some context I’m trying to integrate with MSK using SASL SCRAM.

https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html

security.protocol=SASL_SSL

sasl.mechanism=SCRAM-SHA-512

sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=“username” password=“password”;

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/strimzi/strimzi-kafka-operator/issues/3730, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLFOR2OS4WIQ35NRSWRDYLSIO3THANCNFSM4R7V664A .