Replies: 2 comments
-
|
Hello @jpalomaki , thank you for asking. PEM format needs chain, key and store certificates which would mean introducing new spring config properties into klaw. And now both cluster-api and core api are part of one git repo as maven modules. Thanks. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi @muralibasani, created issue here: #181 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello 👋
Kafka SSL can make use of PEM-formatted client keys/certificates. We also get PEMs from the Aiven Kafka console. How much work would it be to support PEMs for configuring Kafka SSL connectivity (instead of having to first convert to the Java-specific JKS format)?
Doing this could also help us externalize the Kafka SSL config (especially useful when running in-container), since the PEM strings could easily be encoded in Spring config properties.
As an example, we have tested this kind of JSON-encoded config with Spring Cloud AWS (with Spring Kafka), retrieving the JSON from AWS secrets manager:
{ "spring.kafka.ssl.key-store-key":"-----BEGIN PRIVATE KEY-----<client private key>-----END PRIVATE KEY-----", "spring.kafka.ssl.key-store-certificate-chain":"-----BEGIN CERTIFICATE-----<client certificate>-----END CERTIFICATE-----", "spring.kafka.ssl.trust-store-certificates":"-----BEGIN CERTIFICATE-----<CA certificate>-----END CERTIFICATE-----", "spring.kafka.security.protocol":"SSL", "spring.kafka.ssl.key-store-type":"PEM", "spring.kafka.ssl.trust-store-type":"PEM" }EDIT: looks like I created this discussion in the main klaw repo, while this mostly concerns the cluster api component. Let me know if you want to move this discussion there.
Regards,
Jukka
Beta Was this translation helpful? Give feedback.
All reactions