Configuring Kafka Data Encryption During Transmission
Scenario
Data between the Kafka client and the broker is transmitted in plain text. The Kafka client may be deployed in an untrusted network, exposing the transmitting data to leakage and tampering risks.
Procedure
The channel between components is not encrypted by default. You can set the following parameters to enable security channel encryption.
Page access for setting parameters: On FusionInsight Manager, click Cluster, click the name of the desired cluster, and choose Services > Kafka. On the displayed page, click Configuration and click All Configurations. Enter a parameter name in the search box.
After the configuration, restart the corresponding service for the settings to take effect.
Table 1 describes the parameters related to transmission encryption on the Kafka server.
Parameter |
Description |
Default Value |
---|---|---|
ssl.mode.enable |
Indicates whether to enable the Secure Sockets Layer (SSL) protocol. If this parameter is set to true, services relevant to the SSL protocol are started during the broker startup. |
false |
security.inter.broker.protocol |
Indicates communication protocol between brokers. The communication protocol can be PLAINTEXT, SSL, SASL_PLAINTEXT, or SASL_SSL. |
SASL_PLAINTEXT |
The SSL protocol can be configured for the server or client to encrypt transmission and communication only after ssl.mode.enable is set to true and broker enables the SSL and SASL_SSL protocols.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.