Each instance of the MQTT <-> Cloud Pub/Sub Connector needs to authenticate against two systems:
- MQTT broker
- Cloud Pub/Sub
The MQTT <-> Cloud Pub/Sub Connector supports connecting to MQTT brokers that offer:
- non-authenticated access (i.e. public access)
- password-based authentication
To configure the password-based authentication, you need to provide the necessary configuration properties as described here.
The MQTT <-> Cloud Pub/Sub Connector supports securing a comminication channel using a SSL/TLS certificate. For more information about how to provide a certificate and configure the MQTT <-> Cloud Pub/Sub Connector to use that certificate to secure the connection to the MQTT broker, refer to the Apache Camel Paho MQTT 5 component documentation.
The MQTT <-> Cloud Pub/Sub Connector uses Application Default Credentials to authenticate against Cloud Pub/Sub.
When deploying the connector on Google Kubernetes Engine, we recommend that you use Workload Identity to configure authentication. For an example of this approach, refer to the Provision a test and validation runtime environment on Google Cloud document.
When deploying the connector on Google Compute Engine, you need to configure a service account and attach it to a Google Compute Engine instance. For more information, refer to Google Cloud services that support attaching a service account.