Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mTLS SSL support #172

Closed
rockdarko opened this issue May 5, 2024 · 1 comment
Closed

Add mTLS SSL support #172

rockdarko opened this issue May 5, 2024 · 1 comment

Comments

@rockdarko
Copy link

rockdarko commented May 5, 2024
edited
Loading

Currently only the SASL authentication method seems to be supported when using SSL. It would be great to have the option to use mTLS as well - where the brokers and consumers/producers need to supply a certificate signed by a trusted CA. When using JAVA binaries to interact with kafka, this is made using JKS keystores/truststores that ultimately include the broker/consumer/producer private key, a trusted CA certificate and a signed certificate by that very trusted CA.

Kafka mTLS documentation: https://docs.confluent.io/platform/current/kafka/configure-mds/mutual-tls-auth-rbac.html
@StephenSorriaux
Copy link
Owner

StephenSorriaux commented May 8, 2024
edited
Loading

Hello,

I believe this already available using the several ssl_* configurations (see https://github.com/StephenSorriaux/ansible-kafka-admin/blob/master/module_utils/kafka_lib_commons.py#L46)

security_protocol must be set to SSL in that case.

You can refer to https://github.com/StephenSorriaux/ansible-kafka-admin?tab=readme-ov-file#using-ssl as to see how to pass the path to the cert/key/ca files or their content.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StephenSorriaux @rockdarko