►
From YouTube: Describing Kafka security in AsyncAPI - Dale Lane, IBM
Description
AsyncAPI Conference 2021 - Day 2
17th November 2021
This session will quickly show you how to describe the security configuration of your Kafka cluster in an AsyncAPI document. And if you've been given an AsyncAPI document, this session will show you how to use that to configure a Kafka client or application to connect to the cluster, using the details in the AsyncAPI spec.
A
When
I
say
security,
there
are
two
aspects:
I'm
including
in
this
encryption.
Are
you
using
ssl
tls
for
your
connections
to
kafka
and
authentication?
Do
you
need
credentials
for
your
connections
to
kafka
and
I'm
going
to
cover
this
in
both
directions?
Firstly,
writing
an
async
api
document.
What
I
mean
is,
how
do
you
go
from
a
configured
kafka
cluster
to
writing
an
async
api
document
that
describes
it
and
secondly,
using
an
async
api
document?
A
A
A
A
A
So
that's
how
you
write
an
async
api
document
that
describes
your
kafka
security.
Next,
let's
look
at
this.
The
other
way
around.
How
do
you
use
an
async
api
document
to
configure
a
kafka
client
application,
I'm
going
to
go
through
a
few
examples
and
for
each
one
I'll
show
you
a
couple
of
different
ways
of
configuring:
a
kafka
client
app,
firstly,
values
in
a
properties
file
and
that's
the
most
common
way
of
configuring,
a
kafka
app
and,
secondly,
I'll
show
you
how
to
do
it
programmatically
using
java.
A
As
an
example,
so
let's
start
with
the
simplest
document
protocol
kafka.
So
remember
that
means
no
encryption
and
no
security
scheme.
So
remember
that
means
no
authentication
either
so
you'd
configure
out
for
this
using
security
protocol
set
to
plain
text
and
in
java
it
could
look
like
this.
You
would
put
your
security
protocol
config
set
to
plain
text
in
the
properties,
object
that
you'll
pass
to
your
kafka
app.
A
Let's
try
another
example
in
this.
One
protocol
is
again
just
kafka.
So
again
that
means
no
encryption,
but
this
time
there
is
a
security
scheme.
So
that
means
we
are
using
authentication
and
the
security
scheme
type
tells
us
the
sazil
scrum
mechanism.
We
need
to
use
so
the
security
protocol
we
would
use
in
our
app.
This
time
is
sazzle
plain
text.
A
So
hopefully
you
get
the
idea.
The
server
protocol
and
the
security
scheme
type
tells
you
everything.
You
need
to
be
able
to
configure
a
kafka,
client
application,
everything
except
the
credentials
themselves,
and
to
sum
up
here,
is
the
full
list
of
all
the
possible
server
protocol
and
security
scheme
type
values
together
with
the
corresponding
kafka
config
properties.