Re: securing sasl/scram username and password in kafka connect

Re: securing sasl/scram username and password in kafka connect

; then follow chris' instructions > > > From: Chris Egerton > Sent: Monday, March 7, 2022 4:48 PM > To: users@kafka.apache.org > Subject: Re: securing sasl/scram username and password in kafka connect > > It looks like the file config provider isn't actual

Re: securing sasl/scram username and password in kafka connect

chris' instructions From: Chris Egerton Sent: Monday, March 7, 2022 4:48 PM To: users@kafka.apache.org Subject: Re: securing sasl/scram username and password in kafka connect It looks like the file config provider isn't actually set up on the Connect worker. Wha

Re: securing sasl/scram username and password in kafka connect

Chris, here's the content of the files ## distributor file: bootstrap.servers=broker:9096 group.id=dbz-dev key.converter=org.apache.kafka.connect.json.JsonConverter value.converter=org.apache.kafka.connect.json.JsonConverter key.converter.schemas.enable=false

Re: securing sasl/scram username and password in kafka connect

It looks like the file config provider isn't actually set up on the Connect worker. What does your Connect worker config look like (usually a file called something like connect-distributed.properties)? Feel free to change any sensitive values to a string like "", but please don't remove them

Re: securing sasl/scram username and password in kafka connect

Thanks for the response Chris. I went thru the setup again and it appeared I might have had a typo somewhere last friday. Currently, I'm running into a file permission issue. the file has the following permissions: -rw-r--r-- 1 adm admn 88 Mar 7 21:23 connector_credentials.properties I have

Re: securing sasl/scram username and password in kafka connect

Hi Men, That config snippet has a small syntax error: all double quotes should be escaped. Assuming you tried something like this: "database.history.producer.sasl.jaas.config": "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"${file:/path/file.pro:user\"}

Re: securing sasl/scram username and password in kafka connect

Hi Chris, I was getting an unauthorized/authentication error message when I was trying it out last Friday. I tried looking for the exact message in the connect.log.* files but was not very successful. In my connector file, I have { "name":"blah", "config": { ... ...

Re: securing sasl/scram username and password in kafka connect

Hi Men, The config provider mechanism should work for every property in a connector config, and every property in a worker config except for the plugin.path property (see KAFKA-9845 [1]). You can also use it for only part of a single property, or even multiple parts, like in this example

securing sasl/scram username and password in kafka connect

Hi all, recently, I found out about config.providers=file config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider This works great to remove our embedded database password into an external file. However, it does not work when I tried to do the same thing with