Help Center > > User Guide> FusionInsight Manager Operation Guide (Applicable to 3.x)> Security Management> Security Hardening> Configuring Kafka Data Encryption During Transmission

Configuring Kafka Data Encryption During Transmission

Updated at: Aug 17, 2021 GMT+08:00

Scenario

Data between the Kafka client and the broker is transmitted in plain text. The Kafka client may be deployed in an untrusted network, exposing the transmitting data to leakage and tampering risks.

Procedure

The channel between components is not encrypted by default. You can set the following parameters to enable security channel encryption.

Navigation path for setting parameters: On FusionInsight Manager, choose Cluster > Name of the desired cluster > Service > Kafka > Configuration. On the displayed page, click the All Configurations tab. Enter a parameter name in the search box.

After the configuration, restart the corresponding service for the settings to take effect.

Table 1 describes the parameters related to transmission encryption on the Kafka server.

Table 1 Parameters relevant to Kafka data encryption during transmission

Parameter

Description

Default Value

ssl.mode.enable

Indicates whether to enable the Secure Sockets Layer (SSL) protocol. If this parameter is set to true, services relevant to the SSL protocol are started during the broker startup.

false

security.inter.broker.protocol

Indicates communication protocol between brokers. The communication protocol can be PLAINTEXT, SSL, SASL_PLAINTEXT, or SASL_SSL.

SASL_PLAINTEXT

The SSL protocol can be configured for the server or client to encrypt transmission and communication only after ssl.mode.enable is set to true and broker enables the SSL and SASL_SSL protocols.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel